diff --git a/.buildinfo b/.buildinfo new file mode 100644 index 00000000..8f6327cd --- /dev/null +++ b/.buildinfo @@ -0,0 +1,4 @@ +# Sphinx build info version 1 +# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. +config: e3082d9788f520782b17d51cc39a3d58 +tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/.doctrees/basic-tutorial.doctree b/.doctrees/basic-tutorial.doctree new file mode 100644 index 00000000..11448421 Binary files /dev/null and b/.doctrees/basic-tutorial.doctree differ diff --git a/.doctrees/credstore.doctree b/.doctrees/credstore.doctree new file mode 100644 index 00000000..9e79e00e Binary files /dev/null and b/.doctrees/credstore.doctree differ diff --git a/.doctrees/environment.pickle b/.doctrees/environment.pickle new file mode 100644 index 00000000..d6b231c1 Binary files /dev/null and b/.doctrees/environment.pickle differ diff --git a/.doctrees/gssapi.doctree b/.doctrees/gssapi.doctree new file mode 100644 index 00000000..d5992f84 Binary files /dev/null and b/.doctrees/gssapi.doctree differ diff --git a/.doctrees/gssapi.raw.doctree b/.doctrees/gssapi.raw.doctree new file mode 100644 index 00000000..d8fe08e7 Binary files /dev/null and b/.doctrees/gssapi.raw.doctree differ diff --git a/.doctrees/index.doctree b/.doctrees/index.doctree new file mode 100644 index 00000000..20f6341b Binary files /dev/null and b/.doctrees/index.doctree differ diff --git a/.doctrees/otherdoc.doctree b/.doctrees/otherdoc.doctree new file mode 100644 index 00000000..d8953d8e Binary files /dev/null and b/.doctrees/otherdoc.doctree differ diff --git a/.doctrees/tutorials.doctree b/.doctrees/tutorials.doctree new file mode 100644 index 00000000..78c8efee Binary files /dev/null and b/.doctrees/tutorials.doctree differ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index ef63ae23..00000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,384 +0,0 @@ -name: Build -on: - push: - branches-ignore: gh-pages - tags: v* - pull_request: null - -jobs: - build_sdist: - name: Build sdist - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Select python - uses: actions/setup-python@v5 - with: - python-version: 3.9 - - - name: Build sdist - run: | - python -m pip install build - python -m build --sdist - env: - GSSAPI_SUPPORT_DETECT: false - GSSAPI_LINKER_ARGS: '' - GSSAPI_COMPILER_ARGS: '' - - - name: Upload sdist - uses: actions/upload-artifact@v4 - with: - name: artifact-sdist - path: ./dist/*.tar.gz - - build_wheels: - name: Build wheels - needs: - - build_sdist - - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - include: - - os: macOS-13 - version: cp313-macosx_x86_64 - - os: macOS-15 - version: cp313-macosx_arm64 - - os: macOS-13 - version: cp312-macosx_x86_64 - - os: macOS-15 - version: cp312-macosx_arm64 - - os: macOS-13 - version: cp311-macosx_x86_64 - - os: macOS-15 - version: cp311-macosx_arm64 - - os: macOS-13 - version: cp310-macosx_x86_64 - - os: macOS-15 - version: cp310-macosx_arm64 - - os: macOS-13 - version: cp39-macosx_x86_64 - - os: macOS-15 - version: cp39-macosx_arm64 - - os: macOS-13 - version: cp38-macosx_x86_64 - - os: macOS-15 - version: cp38-macosx_arm64 - - - os: windows-2022 - version: cp313-win_amd64 - - os: windows-2022 - version: cp313-win32 - - os: windows-2022 - version: cp312-win_amd64 - - os: windows-2022 - version: cp312-win32 - - os: windows-2022 - version: cp311-win_amd64 - - os: windows-2022 - version: cp311-win32 - - os: windows-2022 - version: cp310-win_amd64 - - os: windows-2022 - version: cp310-win32 - - os: windows-2022 - version: cp39-win_amd64 - - os: windows-2022 - version: cp39-win32 - - os: windows-2022 - version: cp38-win_amd64 - - os: windows-2022 - version: cp38-win32 - - steps: - - name: Set up environment - if: startsWith(matrix.os, 'windows-') - shell: bash - run: | - choco.exe install \ - --no-progress \ - --yes \ - --ignore-detected-reboot \ - --allow-downgrade \ - --install-arguments "'ADDLOCAL=ALL'" \ - ${{ endsWith(matrix.version, '-win32') && '--x86' || '' }} mitkerberos || true - - echo "C:\Program Files${{ endsWith(matrix.version, '-win32') && ' (x86)' || '' }}\MIT\Kerberos\bin;$PATH" >> $GITHUB_PATH - - - name: Download gssapi sdist - uses: actions/download-artifact@v4 - with: - name: artifact-sdist - path: ./ - - - name: Extract sdist - shell: bash - run: | - tar xf gssapi-*.tar.gz - mv gssapi-*/* . - rm -r gssapi-*/ - rm gssapi-*.tar.gz - - - name: Build wheel - uses: pypa/cibuildwheel@v2.22.0 - env: - CIBW_BUILD: ${{ matrix.version }} - CIBW_BUILD_VERBOSITY: 1 - - - name: Upload wheel - uses: actions/upload-artifact@v4 - with: - path: ./wheelhouse/*.whl - name: artifact-wheel-${{ matrix.version }} - - # To catch issues like this https://github.com/pythongssapi/python-gssapi/issues/327 - assertion_build: - needs: - - build_sdist - - runs-on: ubuntu-latest - steps: - - name: Download gssapi sdist - uses: actions/download-artifact@v4 - with: - name: artifact-sdist - path: ./dist - - - name: Compile Python with assertions - shell: bash - run: | - PYTHON_VERSION="3.11.5" - wget --quiet "https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tar.xz" - tar xf "Python-${PYTHON_VERSION}.tar.xz" - cd "Python-${PYTHON_VERSION}/" - ./configure --with-assertions --prefix "${PWD}/../Python-${PYTHON_VERSION}-build" - make - make install - cd .. - - sudo apt-get update - DEBIAN_FRONTEND=noninteractive sudo apt-get -y install krb5-user libkrb5-dev - - GSSAPI_VER="$( find ./dist -type f -name 'gssapi-*.tar.gz' -printf "%f\n" | sed -n 's/gssapi-\(.*\)\.tar\.gz/\1/p' )" - - PATH="${PWD}/Python-${PYTHON_VERSION}-build/bin:${PATH}" - python3 -m pip install gssapi=="${GSSAPI_VER}" \ - --find-links "file://${PWD}/dist" \ - --verbose - - python3 -c "import gssapi" - - linux: - needs: - - build_sdist - - build_wheels - - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - name: - - debian-stable - - debian-heimdal - - centos-stream-9 - - fedora-latest - include: - - name: debian-stable - distro: debian:stable - - name: debian-heimdal - distro: debian:stable - krb5_ver: heimdal - - name: centos-stream-9 - distro: quay.io/centos/centos:stream9 - - name: fedora-latest - distro: fedora:latest - flake: 'yes' - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Download built project - uses: actions/download-artifact@v4 - with: - pattern: artifact-* - merge-multiple: true - path: ./dist - - - name: Test gssapi - run: ./ci/run-on-linux.sh ./ci/test.sh - env: - DISTRO: ${{ matrix.distro }} - KRB5_VER: ${{ matrix.krb5_ver }} - FLAKE: ${{ matrix.flake }} - - windows: - needs: - - build_sdist - - build_wheels - - runs-on: windows-latest - strategy: - fail-fast: false - matrix: - name: - - win-py-3.13 - - win-py-3.12 - - win-py-3.11 - - win-py-3.10 - - win-py-3.9 - - win-py-3.8 - arch: - - x64 - - x86 - include: - - name: win-py-3.13 - pyenv: '3.13.0-rc.3' - - name: win-py-3.12 - pyenv: '3.12' - - name: win-py-3.11 - pyenv: '3.11' - - name: win-py-3.10 - pyenv: '3.10' - - name: win-py-3.9 - pyenv: '3.9' - - name: win-py-3.8 - pyenv: '3.8' - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Download built project - uses: actions/download-artifact@v4 - with: - pattern: artifact-* - merge-multiple: true - path: ./dist - - - name: Install the right python - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.pyenv }} - architecture: ${{ matrix.arch }} - - - name: Test gssapi - shell: bash - run: ./ci/test.sh - env: - OS_NAME: windows - - macos: - needs: - - build_sdist - - build_wheels - - runs-on: macos-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Download built project - uses: actions/download-artifact@v4 - with: - pattern: artifact-* - merge-multiple: true - path: ./dist - - - name: Test gssapi - run: ./ci/test.sh - env: - KRB5_VER: heimdal - - publish: - name: publish - - needs: - - assertion_build - - linux - - macos - - windows - - runs-on: ubuntu-latest - permissions: - # Needed for OIDC publishing - id-token: write - # Needed for github-pages-deploy-action and other repo write tasks - contents: write - - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Download built project - uses: actions/download-artifact@v4 - with: - pattern: artifact-* - merge-multiple: true - path: ./dist - - - name: Create GitHub release artifact - run: ./ci/run-on-linux.sh ./ci/create-release-tar.sh - env: - DISTRO: fedora:latest - - - name: Get tarball path - id: tarball - run: echo "tarball=`ls tag_build/*.tar.gz | awk -F/ '{print $2}'`" >> $GITHUB_OUTPUT - - - name: Get release checksum path - id: checksum - run: echo "checksum=`ls tag_build/*.sha512sum | awk -F/ '{print $2}'`" >> $GITHUB_OUTPUT - - - name: Upload tagged build artifact - uses: actions/upload-artifact@v4 - with: - path: tag_build/${{ steps.tarball.outputs.tarball }} - name: release-asset - - - name: Deploy stable docs - if: startsWith(github.ref, 'refs/tags/v') - uses: JamesIves/github-pages-deploy-action@v4 - with: - branch: gh-pages - folder: ci_docs_build - target-folder: stable - - - name: Create release - if: startsWith(github.ref, 'refs/tags/v') - uses: actions/create-release@v1 - id: cr - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ github.ref }} - release_name: ${{ github.ref }} - - - name: Upload release tarball - if: startsWith(github.ref, 'refs/tags/v') - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.cr.outputs.upload_url }} - asset_path: tag_build/${{ steps.tarball.outputs.tarball }} - asset_name: ${{ steps.tarball.outputs.tarball }} - asset_content_type: application/octet-stream - - - name: Upload release checksum - if: startsWith(github.ref, 'refs/tags/v') - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.cr.outputs.upload_url }} - asset_path: tag_build/${{ steps.checksum.outputs.checksum }} - asset_name: ${{ steps.checksum.outputs.checksum }} - asset_content_type: text/plain - - - name: Deploy to PyPI - if: startsWith(github.ref, 'refs/tags/v') - uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml deleted file mode 100644 index 3c6df505..00000000 --- a/.github/workflows/deploy-docs.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Deploy docs -on: - push: - branches: main - -jobs: - update-pages: - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Select python - uses: actions/setup-python@v5 - with: - python-version: 3.9 - - - name: Build sdist - run: | - python -m pip install build - python -m build --sdist - env: - GSSAPI_SUPPORT_DETECT: false - GSSAPI_LINKER_ARGS: '' - GSSAPI_COMPILER_ARGS: '' - - - name: Build docs - run: ./ci/run-on-linux.sh ./ci/before-docs-deploy.sh - env: - DISTRO: fedora:latest - - - name: Deploy latest docs - uses: JamesIves/github-pages-deploy-action@v4 - with: - branch: gh-pages - folder: ci_docs_build - target-folder: latest diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index d55558d0..00000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Stale pull request handler -on: - schedule: - - cron: 0 0 * * * - -permissions: - pull-requests: write - -jobs: - stale: - runs-on: ubuntu-latest - - steps: - - uses: actions/stale@v9.0.0 - id: stale - with: - days-before-stale: -1 - days-before-pr-stale: 28 - days-before-pr-close: 14 - stale-pr-label: stale - stale-pr-message: >- - This pull request is stale because it has been open for 4 weeks with no activity. - Remove stale label or comment or this will be closed in 2 weeks. diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 109636d6..00000000 --- a/.gitignore +++ /dev/null @@ -1,17 +0,0 @@ -.coverage -*.egg-info -*.egg -*~ -*.pyc -/build/ -*.swp -*.swo -*.so -.tox -dist -gssapi/**/*.c -docs/build -__dont_use_cython__.txt -**/__pycache__ -.eggs -.venv diff --git a/docs/source/_static/.keep b/.nojekyll similarity index 100% rename from docs/source/_static/.keep rename to .nojekyll diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index 4191974a..00000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,134 +0,0 @@ - -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, caste, color, religion, or sexual identity -and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -jborean93 AT gmail DOT com. -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within -the community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.1, available at -[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. - -Community Impact Guidelines were inspired by -[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. - -For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][FAQ]. Translations are available -at [https://www.contributor-covenant.org/translations][translations]. - -[homepage]: https://www.contributor-covenant.org -[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html -[Mozilla CoC]: https://github.com/mozilla/diversity -[FAQ]: https://www.contributor-covenant.org/faq -[translations]: https://www.contributor-covenant.org/translations - diff --git a/ISSUE_TEMPLATE b/ISSUE_TEMPLATE deleted file mode 100644 index c51c6d38..00000000 --- a/ISSUE_TEMPLATE +++ /dev/null @@ -1,13 +0,0 @@ -### What went wrong? - - -### How do we reproduce? - -*(Remember to use fenced code blocks and consider placing in a gist if large)* - - -### Component versions (python-gssapi, Kerberos, OS / distro, etc.) - -*(Please include MIT/Heimdal/etc. and how you installed python-gssapi)* - - diff --git a/LICENSE.txt b/LICENSE.txt deleted file mode 100644 index 4799532d..00000000 --- a/LICENSE.txt +++ /dev/null @@ -1,5 +0,0 @@ -Copyright (c) 2014, The Python GSSAPI Team - -Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index c9ba29f4..00000000 --- a/MANIFEST.in +++ /dev/null @@ -1,6 +0,0 @@ -include *.txt -recursive-include docs *.txt -recursive-include gssapi *.pxd -recursive-include gssapi *.pyx -recursive-include gssapi *.h -recursive-exclude gssapi *.c diff --git a/README.rst b/README.rst deleted file mode 120000 index f1bd246a..00000000 --- a/README.rst +++ /dev/null @@ -1 +0,0 @@ -./README.txt \ No newline at end of file diff --git a/README.txt b/README.txt deleted file mode 100644 index f98ca7ec..00000000 --- a/README.txt +++ /dev/null @@ -1,181 +0,0 @@ -============= -Python-GSSAPI -============= - -.. role:: python(code) - :language: python - -.. role:: bash(code) - :language: bash - -.. image:: https://badge.fury.io/gh/pythongssapi%2Fpython-gssapi.svg - :target: http://badge.fury.io/gh/pythongssapi%2Fpython-gssapi - -.. image:: https://badge.fury.io/py/gssapi.svg - :target: http://badge.fury.io/py/gssapi - -Python-GSSAPI provides both low-level and high level wrappers around the GSSAPI -C libraries. While it focuses on the Kerberos mechanism, it should also be -useable with other GSSAPI mechanisms. - -Documentation can be found at -`https://pythongssapi.github.io/python-gssapi/ `_. - -Requirements -============ - -Basic ------ - -* A working implementation of GSSAPI (such as from MIT Kerberos) - which supports delegation and includes header files - -* a C compiler (such as GCC) - -* Python 3.8+ (older releases support older versions, but are unsupported) - -* the `decorator` python package - -Compiling from Scratch ----------------------- - -To compile from scratch, you will need Cython ``>= 3.0.3, < 4.0.0`` which is automatically -installed by pip in an isolated build virtual environment. - -For Running the Tests ---------------------- - -* the `k5test` package - -To install test dependencies using pip: - -.. code-block:: bash - - $ pip install -r test-requirements.txt # Optional, for running test suite - -Installation -============ - -Easy Way --------- - -.. code-block:: bash - - $ pip install gssapi - -From the Git Repo ------------------ - -After being sure to install all the requirements, - -.. code-block:: bash - - $ git clone https://github.com/pythongssapi/python-gssapi.git - $ pip install . - -Tests -===== - -The tests for for Python-GSSAPI live in `gssapi.tests`. In order to -run the tests, you must have an MIT Kerberos installation (including -the KDC). The tests create a self-contained Kerberos setup, so running -the tests will not interfere with any existing Kerberos installations. - -Structure -========= - -Python-GSSAPI is composed of two parts: a low-level C-style API which -thinly wraps the underlying RFC 2744 methods, and a high-level, Pythonic -API (which is itself a wrapper around the low-level API). Examples may -be found in the `examples` directory. - -Low-Level API -------------- - -The low-level API lives in `gssapi.raw`. The methods contained therein -are designed to match closely with the original GSSAPI C methods. All -relevant methods and classes may be imported directly from `gssapi.raw`. -Extension methods will only be imported if they are present. The low-level -API follows the given format: - -* Names match the RFC 2744 specification, with the :python:`gssapi_` - prefix removed - -* Parameters which use C int constants as enums have - :python:`enum.IntEnum` classes defined, and thus may be passed - either the enum members or integers - -* In cases where a specific constant is passed in the C API to represent - a default value, :python:`None` should be passed instead - -* In cases where non-integer constants would be used in the API (i.e. - OIDs), enum-like objects have been defined containing named references - to values specified in RFC 2744. - -* Major and minor error codes are returned by raising - :python:`gssapi.raw.GSSError`. The major error codes have exceptions - defined in in `gssapi.raw.exceptions` to make it easier to catch specific - errors or categories of errors. - -* All other relevant output values are returned via named tuples. - -High-Level API --------------- - -The high-level API lives directly under :python:`gssapi`. The classes -contained in each file are designed to provide a more Pythonic, Object-Oriented -view of GSSAPI. The exceptions from the low-level API, plus several additional -exceptions, live in `gssapi.exceptions`. The rest of the classes may be -imported directly from `gssapi`. Only classes are exported by `gssapi` -- -all functions are methods of classes in the high-level API. - -Please note that QoP is not supported in the high-level API, since it has been -deprecated. - -Extensions ----------- - -In addition to RFC 2743/2744, Python-GSSAPI also has support for: - -* RFC 4178 (GSS-API Negotiation Mechanism) - -* RFC 5587 (Extended GSS Mechanism Inquiry APIs) - -* RFC 5588 (GSS-API Extension for Storing Delegated Credentials) - -* RFC 5801 (GSS-API SASL Extensions) - -* (Additional) Credential Store Extension - -* Services4User - -* Credentials import-export - -* RFC 6680 (GSS-API Naming Extensions) - -* DCE and IOV MIC extensions - -* `acquire_cred_with_password` and `add_cred_with_password` - -* GGF Extensions - -* Kerberos specific extensions - -The Team -======== - -(GitHub usernames in parentheses) - -* Jordan Borean (@jborean93) - current maintainer and developer -* Simo Sorce (@simo5) - developer -* Robbie Harwood (@frozencemetery) - author emeritus -* Solly Ross (@directxman12) - author emeritus -* Hugh Cole-Baker (@sigmaris) - author emeritus - -Get Involved -============ - -We welcome new contributions in the form of Issues and Pull Requests on -Github. If you would like to join our discussions, you can find us on -`libera.chat `_ IRC, channel `#python-gssapi -`_. diff --git a/_modules/gssapi/_utils.html b/_modules/gssapi/_utils.html new file mode 100644 index 00000000..ece47f61 --- /dev/null +++ b/_modules/gssapi/_utils.html @@ -0,0 +1,299 @@ + + + + + + gssapi._utils — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi._utils

+import sys
+import types
+import typing as t
+
+import decorator as deco
+
+from gssapi.raw.misc import GSSError
+
+if t.TYPE_CHECKING:
+    from gssapi.sec_contexts import SecurityContext
+
+
+def import_gssapi_extension(
+    name: str,
+) -> t.Optional[types.ModuleType]:
+    """Import a GSSAPI extension module
+
+    This method imports a GSSAPI extension module based
+    on the name of the extension (not including the
+    'ext_' prefix).  If the extension is not available,
+    the method retuns None.
+
+    Args:
+        name (str): the name of the extension
+
+    Returns:
+        module: Either the extension module or None
+    """
+
+    try:
+        path = 'gssapi.raw.ext_{0}'.format(name)
+        __import__(path)
+        return sys.modules[path]
+    except ImportError:
+        return None
+
+
+def inquire_property(
+    name: str,
+    doc: t.Optional[str] = None
+) -> property:
+    """Creates a property based on an inquire result
+
+    This method creates a property that calls the
+    :python:`_inquire` method, and return the value of the
+    requested information.
+
+    Args:
+        name (str): the name of the 'inquire' result information
+
+    Returns:
+        property: the created property
+    """
+
+    def inquire_property(self: "SecurityContext") -> t.Any:
+        if not self._started:
+            msg = (f"Cannot read {name} from a security context whose "
+                   "establishment has not yet been started.")
+            raise AttributeError(msg)
+
+        return getattr(self._inquire(**{name: True}), name)
+
+    return property(inquire_property, doc=doc)
+
+
+# use UTF-8 as the default encoding, like Python 3
+_ENCODING = 'UTF-8'
+
+
+def _get_encoding() -> str:
+    """Gets the current encoding used for strings.
+
+    This value is used to encode and decode string
+    values like names.
+
+    Returns:
+        str: the current encoding
+    """
+    return _ENCODING
+
+
+
[docs]def set_encoding(
+    enc: str,
+) -> None:
+    """Sets the current encoding used for strings
+
+    This value is used to encode and decode string
+    values like names.
+
+    Args:
+        enc: the encoding to use
+    """
+
+    global _ENCODING
+    _ENCODING = enc

+
+
+def _encode_dict(
+    d: t.Dict[t.Union[bytes, str], t.Union[bytes, str]],
+) -> t.Dict[bytes, bytes]:
+    """Encodes any relevant strings in a dict"""
+    def enc(x: t.Union[bytes, str]) -> bytes:
+        if isinstance(x, str):
+            return x.encode(_ENCODING)
+        else:
+            return x
+
+    return {enc(k): enc(v) for k, v in d.items()}
+
+
+# in case of Python 3, just use exception chaining
+@deco.decorator
+def catch_and_return_token(
+    func: t.Callable,
+    self: "SecurityContext",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Optional[bytes]:
+    """Optionally defer exceptions and return a token instead
+
+    When `__DEFER_STEP_ERRORS__` is set on the implementing class
+    or instance, methods wrapped with this wrapper will
+    catch and save their :python:`GSSError` exceptions and
+    instead return the result token attached to the exception.
+
+    The exception can be later retrived through :python:`_last_err`
+    (and :python:`_last_tb` when Python 2 is in use).
+    """
+
+    try:
+        return func(self, *args, **kwargs)
+    except GSSError as e:
+        defer_step_errors = getattr(self, '__DEFER_STEP_ERRORS__', False)
+        if e.token is not None and defer_step_errors:
+            self._last_err = e
+            # skip the "return func" line above in the traceback
+            tb = e.__traceback__.tb_next  # type: ignore[union-attr]
+            self._last_err.__traceback__ = tb
+
+            return e.token
+        else:
+            raise
+
+
+@deco.decorator
+def check_last_err(
+    func: t.Callable,
+    self: "SecurityContext",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Any:
+    """Check and raise deferred errors before running the function
+
+    This method checks :python:`_last_err` before running the wrapped
+    function.  If present and not None, the exception will be raised
+    with its original traceback.
+    """
+
+    if self._last_err is not None:
+        try:
+            raise self._last_err
+        finally:
+            self._last_err = None
+    else:
+        return func(self, *args, **kwargs)
+
+
+class CheckLastError(type):
+    """Check for a deferred error on all methods
+
+    This metaclass applies the :python:`check_last_err` decorator
+    to all methods not prefixed by '_'.
+
+    Additionally, it enabled `__DEFER_STEP_ERRORS__` by default.
+    """
+
+    def __new__(
+        cls,
+        name: str,
+        parents: t.Tuple[t.Type],
+        attrs: t.Dict[str, t.Any],
+    ) -> "CheckLastError":
+        attrs['__DEFER_STEP_ERRORS__'] = True
+
+        for attr_name in attrs:
+            attr = attrs[attr_name]
+
+            # wrap only methods
+            if not isinstance(attr, types.FunctionType):
+                continue
+
+            if attr_name[0] != '_':
+                attrs[attr_name] = check_last_err(attr)
+
+        return super(CheckLastError, cls).__new__(cls, name, parents, attrs)
+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/creds.html b/_modules/gssapi/creds.html new file mode 100644 index 00000000..af71bc4c --- /dev/null +++ b/_modules/gssapi/creds.html @@ -0,0 +1,580 @@ + + + + + + gssapi.creds — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.creds

+import typing as t
+
+from gssapi.raw import creds as rcreds
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import names as rnames
+from gssapi.raw import oids as roids
+from gssapi._utils import import_gssapi_extension, _encode_dict
+
+from gssapi import names
+
+rcred_imp_exp = import_gssapi_extension('cred_imp_exp')
+rcred_s4u = import_gssapi_extension('s4u')
+rcred_cred_store = import_gssapi_extension('cred_store')
+rcred_rfc5588 = import_gssapi_extension('rfc5588')
+
+
+
[docs]class Credentials(rcreds.Creds):
+    """GSSAPI Credentials
+
+    This class represents a set of GSSAPI credentials which may
+    be used with and/or returned by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI :class:`~gssapi.raw.creds.Creds`
+    class, and thus may used with both low-level and high-level API methods.
+
+    If your implementation of GSSAPI supports the credentials import-export
+    extension, you may pickle and unpickle this object.
+
+    The constructor either acquires or imports a set of GSSAPI
+    credentials.
+
+    If the `base` argument is used, an existing
+    :class:`~gssapi.raw.creds.Creds` object from the low-level API is
+    converted into a high-level object.
+
+    If the `token` argument is used, the credentials
+    are imported using the token, if the credentials import-export
+    extension is supported (:requires-ext:`cred_imp_exp`).
+
+    Otherwise, the credentials are acquired as per the
+    :meth:`acquire` method.
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls,
+        base: t.Optional[rcreds.Creds] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'both',
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> "Credentials":
+        # TODO(directxman12): this is missing support for password
+        #                     (non-RFC method)
+        if base is not None:
+            base_creds = base
+        elif token is not None:
+            if rcred_imp_exp is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for importing and "
+                                          "exporting creditials")
+
+            base_creds = rcred_imp_exp.import_cred(token)
+        else:
+            res = cls.acquire(name, lifetime, mechs, usage,
+                              store=store)
+            base_creds = res.creds
+
+        return t.cast("Credentials",
+                      super(Credentials, cls).__new__(cls, base_creds))
+
+    @property
+    def name(self) -> rnames.Name:
+        """Get the name associated with these credentials"""
+        return t.cast(rnames.Name,
+                      self.inquire(name=True, lifetime=False, usage=False,
+                                   mechs=False).name)
+
+    @property
+    def lifetime(self) -> int:
+        """Get the remaining lifetime of these credentials, in seconds"""
+        return t.cast(int,
+                      self.inquire(name=False, lifetime=True,
+                                   usage=False, mechs=False).lifetime)
+
+    @property
+    def mechs(self) -> t.Set[roids.OID]:
+        """Get the mechanisms for these credentials"""
+        return t.cast(t.Set[roids.OID],
+                      self.inquire(name=False, lifetime=False,
+                                   usage=False, mechs=True).mechs)
+
+    @property
+    def usage(self) -> str:
+        """Get the usage (initiate, accept, or both) of these credentials"""
+        return t.cast(str,
+                      self.inquire(name=False, lifetime=False,
+                                   usage=True, mechs=False).usage)
+
+
[docs]    @classmethod
+    def acquire(
+        cls,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'both',
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> tuples.AcquireCredResult:
+        """Acquire GSSAPI credentials
+
+        This method acquires credentials.  If the `store` argument is
+        used, the credentials will be acquired from the given
+        credential store (if supported).  Otherwise, the credentials are
+        acquired from the default store.
+
+        The credential store information is a dictionary containing
+        mechanisms-specific keys and values pointing to a credential store
+        or stores.
+
+        Using a non-default store requires support for the credentials store
+        extension.
+
+        Args:
+            name (~gssapi.names.Name): the name associated with the
+                credentials, or None for the default name
+            lifetime (int): the desired lifetime of the credentials in seconds,
+                or None for indefinite
+            mechs (list): the desired :class:`MechType` OIDs to be used
+                with the credentials, or None for the default set
+            usage (str): the usage for the credentials -- either 'both',
+                'initiate', or 'accept'
+            store (dict): the credential store information pointing to the
+                credential store from which to acquire the credentials,
+                or None for the default store (:requires-ext:`cred_store`)
+
+        Returns:
+            AcquireCredResult: the acquired credentials and information about
+            them
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+        """
+
+        if store is None:
+            res = rcreds.acquire_cred(name, lifetime,
+                                      mechs, usage)
+        else:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores")
+
+            b_store = _encode_dict(store)
+
+            res = rcred_cred_store.acquire_cred_from(b_store, name,
+                                                     lifetime, mechs,
+                                                     usage)
+
+        return tuples.AcquireCredResult(cls(base=res.creds), res.mechs,
+                                        res.lifetime)

+
+
[docs]    def store(
+        self,
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+        usage: str = 'both',
+        mech: t.Optional[roids.OID] = None,
+        overwrite: bool = False,
+        set_default: bool = False,
+    ) -> tuples.StoreCredResult:
+        """Store these credentials into the given store
+
+        This method stores the current credentials into the specified
+        credentials store.  If the default store is used, support for
+        :rfc:`5588` is required.  Otherwise, support for the credentials
+        store extension is required.
+
+        :requires-ext:`rfc5588` or :requires-ext:`cred_store`
+
+        Args:
+            store (dict): the store into which to store the credentials,
+                or None for the default store.
+            usage (str): the usage to store the credentials with -- either
+                'both', 'initiate', or 'accept'
+            mech (~gssapi.OID): the :class:`MechType` to associate with the
+                stored credentials
+            overwrite (bool): whether or not to overwrite existing credentials
+                stored with the same name, etc
+            set_default (bool): whether or not to set these credentials as
+                the default credentials for the given store.
+
+        Returns:
+            StoreCredResult: the results of the credential storing operation
+
+        Raises:
+            ~gssapi.exceptions.GSSError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.OperationUnavailableError
+            ~gssapi.exceptions.DuplicateCredentialsElementError
+        """
+
+        if store is None:
+            if rcred_rfc5588 is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for RFC 5588")
+
+            return rcred_rfc5588.store_cred(self, usage, mech,
+                                            overwrite, set_default)
+        else:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores directly")
+
+            b_store = _encode_dict(store)
+
+            return rcred_cred_store.store_cred_into(b_store, self, usage, mech,
+                                                    overwrite, set_default)

+
+
[docs]    def impersonate(
+        self,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'initiate',
+    ) -> "Credentials":
+        """Impersonate a name using the current credentials
+
+        This method acquires credentials by impersonating another
+        name using the current credentials.
+
+        :requires-ext:`s4u`
+
+        Args:
+            name (~gssapi.names.Name): the name to impersonate
+            lifetime (int): the desired lifetime of the new credentials in
+                seconds, or None for indefinite
+            mechs (list): the desired :class:`MechType` OIDs for the new
+                credentials
+            usage (str): the desired usage for the new credentials -- either
+                'both', 'initiate', or 'accept'.  Note that some mechanisms
+                may only support 'initiate'.
+
+        Returns:
+            Credentials: the new credentials impersonating the given name
+        """
+
+        if rcred_s4u is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "have support for S4U")
+
+        res = rcred_s4u.acquire_cred_impersonate_name(self, name,
+                                                      lifetime, mechs,
+                                                      usage)
+
+        return type(self)(base=res.creds)

+
+
[docs]    def inquire(
+        self,
+        name: bool = True,
+        lifetime: bool = True,
+        usage: bool = True,
+        mechs: bool = True,
+    ) -> tuples.InquireCredResult:
+        """Inspect these credentials for information
+
+        This method inspects these credentials for information about them.
+
+        Args:
+            name (bool): get the name associated with the credentials
+            lifetime (bool): get the remaining lifetime for the credentials
+            usage (bool): get the usage for the credentials
+            mechs (bool): get the mechanisms associated with the credentials
+
+        Returns:
+            InquireCredResult: the information about the credentials,
+            with None used when the corresponding argument was False
+
+        Raises:
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.InvalidCredentialsError
+            ~gssapi.exceptions.ExpiredCredentialsError
+        """
+
+        res = rcreds.inquire_cred(self, name, lifetime, usage, mechs)
+
+        if res.name is not None:
+            res_name = names.Name(res.name)
+        else:
+            res_name = None
+
+        return tuples.InquireCredResult(res_name, res.lifetime,
+                                        res.usage, res.mechs)

+
+
[docs]    def inquire_by_mech(
+        self,
+        mech: roids.OID,
+        name: bool = True,
+        init_lifetime: bool = True,
+        accept_lifetime: bool = True,
+        usage: bool = True,
+    ) -> tuples.InquireCredByMechResult:
+        """Inspect these credentials for per-mechanism information
+
+        This method inspects these credentials for per-mechanism information
+        about them.
+
+        Args:
+            mech (~gssapi.OID): the mechanism for which to retrieve the
+                information
+            name (bool): get the name associated with the credentials
+            init_lifetime (bool): get the remaining initiate lifetime for
+                the credentials in seconds
+            accept_lifetime (bool): get the remaining accept lifetime for
+                the credentials in seconds
+            usage (bool): get the usage for the credentials
+
+        Returns:
+            InquireCredByMechResult: the information about the credentials,
+            with None used when the corresponding argument was False
+        """
+
+        res = rcreds.inquire_cred_by_mech(self, mech, name, init_lifetime,
+                                          accept_lifetime, usage)
+
+        if res.name is not None:
+            res_name = names.Name(res.name)
+        else:
+            res_name = None
+
+        return tuples.InquireCredByMechResult(res_name,
+                                              res.init_lifetime,
+                                              res.accept_lifetime,
+                                              res.usage)

+
+
[docs]    def add(
+        self,
+        name: rnames.Name,
+        mech: roids.OID,
+        usage: str = 'both',
+        init_lifetime: t.Optional[int] = None,
+        accept_lifetime: t.Optional[int] = None,
+        impersonator: t.Optional[rcreds.Creds] = None,
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> "Credentials":
+        """Acquire more credentials to add to the current set
+
+        This method works like :meth:`acquire`, except that it adds the
+        acquired credentials for a single mechanism to a copy of the current
+        set, instead of creating a new set for multiple mechanisms.
+        Unlike :meth:`acquire`, you cannot pass None desired name or
+        mechanism.
+
+        If the `impersonator` argument is used, the credentials will
+        impersonate the given name using the impersonator credentials
+        (:requires-ext:`s4u`).
+
+        If the `store` argument is used, the credentials will be acquired
+        from the given credential store (:requires-ext:`cred_store`).
+        Otherwise, the credentials are acquired from the default store.
+
+        The credential store information is a dictionary containing
+        mechanisms-specific keys and values pointing to a credential store
+        or stores.
+
+        Note that the `store` argument is not compatible with the
+        `impersonator` argument.
+
+        Args:
+            name (~gssapi.names.Name): the name associated with the
+                credentials
+            mech (~gssapi.OID): the desired :class:`MechType` to be used with
+                the credentials
+            usage (str): the usage for the credentials -- either 'both',
+                'initiate', or 'accept'
+            init_lifetime (int): the desired initiate lifetime of the
+                credentials in seconds, or None for indefinite
+            accept_lifetime (int): the desired accept lifetime of the
+                credentials in seconds, or None for indefinite
+            impersonator (Credentials): the credentials to use to impersonate
+                the given name, or None to not acquire normally
+                (:requires-ext:`s4u`)
+            store (dict): the credential store information pointing to the
+                credential store from which to acquire the credentials,
+                or None for the default store (:requires-ext:`cred_store`)
+
+        Returns:
+            Credentials: the credentials set containing the current credentials
+            and the newly acquired ones.
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.DuplicateCredentialsElementError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+        """
+
+        if store is not None and impersonator is not None:
+            raise ValueError('You cannot use both the `impersonator` and '
+                             '`store` arguments at the same time')
+
+        if store is not None:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores")
+            b_store = _encode_dict(store)
+
+            res = rcred_cred_store.add_cred_from(b_store, self, name, mech,
+                                                 usage, init_lifetime,
+                                                 accept_lifetime)
+        elif impersonator is not None:
+            if rcred_s4u is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for S4U")
+            res = rcred_s4u.add_cred_impersonate_name(self, impersonator,
+                                                      name, mech, usage,
+                                                      init_lifetime,
+                                                      accept_lifetime)
+        else:
+            res = rcreds.add_cred(self, name, mech, usage, init_lifetime,
+                                  accept_lifetime)
+
+        return Credentials(res.creds)

+
+
[docs]    def export(self) -> bytes:
+        """Export these credentials into a token
+
+        This method exports the current credentials to a token that can
+        then be imported by passing the `token` argument to the constructor.
+
+        This is often used to pass credentials between processes.
+
+        :requires-ext:`cred_imp_exp`
+
+        Returns:
+            bytes: the exported credentials in token form
+        """
+
+        if rcred_imp_exp is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "have support for importing and "
+                                      "exporting creditials")
+
+        return rcred_imp_exp.export_cred(self)

+
+    # pickle protocol support
+    def __reduce__(
+        self,
+    ) -> t.Tuple[t.Type["Credentials"], t.Tuple[None, bytes]]:
+        # the unpickle arguments to new are (base=None, token=self.export())
+        return (type(self), (None, self.export()))

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/exceptions.html b/_modules/gssapi/exceptions.html new file mode 100644 index 00000000..7a246e2f --- /dev/null +++ b/_modules/gssapi/exceptions.html @@ -0,0 +1,151 @@ + + + + + + gssapi.exceptions — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.exceptions

+import typing as t
+
+from gssapi.raw.exceptions import *  # noqa
+from gssapi.raw.misc import GSSError  # noqa
+
+"""High-Level API Errors
+
+This module includes several high-level exceptions,
+in addition to GSSError and exceptions from
+:mod:`gssapi.raw.exceptions`.
+"""
+
+
+# non-GSS exceptions
+
[docs]class GeneralError(Exception):
+    """A General High-Level API Error"""
+    MAJOR_MESSAGE = "General error"
+    FMT_STR = "{maj}: {min}."
+
+    def __init__(
+        self,
+        minor_message: str,
+        **kwargs: str,
+    ) -> None:
+        maj_str = self.MAJOR_MESSAGE.format(**kwargs)
+        err_str = self.FMT_STR.format(maj=maj_str, min=minor_message)
+        super(GeneralError, self).__init__(err_str)

+
+
+
[docs]class UnknownUsageError(GeneralError):
+    """An Error indicating an unknown usage type"""
+    MAJOR_MESSAGE = "Unable to determine {obj} usage"

+
+
+
[docs]class EncryptionNotUsed(GeneralError):
+    """An Error indicating that encryption was requested, but not used"""
+    MAJOR_MESSAGE = "Confidentiality was requested, but not used"
+
+    def __init__(
+        self,
+        minor_message: str,
+        unwrapped_message: t.Optional[bytes] = None,
+        **kwargs: str,
+    ) -> None:
+        super(EncryptionNotUsed, self).__init__(minor_message, **kwargs)
+
+        self.unwrapped_message = unwrapped_message

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/names.html b/_modules/gssapi/names.html new file mode 100644 index 00000000..b343e745 --- /dev/null +++ b/_modules/gssapi/names.html @@ -0,0 +1,525 @@ + + + + + + gssapi.names — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.names

+
+import typing as t
+
+from gssapi.raw import names as rname
+from gssapi.raw import NameType
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import oids as roids
+from gssapi import _utils
+
+from collections.abc import MutableMapping, Iterable
+
+rname_rfc6680 = _utils.import_gssapi_extension('rfc6680')
+rname_rfc6680_comp_oid = _utils.import_gssapi_extension('rfc6680_comp_oid')
+
+
+
[docs]class Name(rname.Name):
+    """A GSSAPI Name
+
+    This class represents a GSSAPI name which may be used with and/or returned
+    by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI :class:`~gssapi.raw.names.Name`
+    class, and thus may used with both low-level and high-level API methods.
+
+    This class may be pickled and unpickled, as well as copied.
+
+    The :class:`str` and :class:`bytes` methods may be used to retrieve the
+    text of the name.
+
+    Note:
+        Name strings will be automatically converted to and from unicode
+        strings as appropriate.  If a method is listed as returning a
+        :class:`str` object, it will return a unicode string.
+
+        The encoding used will be python-gssapi's current encoding, which
+        defaults to UTF-8.
+    """
+
+    __slots__ = ('_attr_obj')
+
+    def __new__(
+        cls,
+        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
+        name_type: t.Optional[roids.OID] = None,
+        token: t.Optional[bytes] = None,
+        composite: bool = False,
+    ) -> "Name":
+        if token is not None:
+            if composite:
+                if rname_rfc6680 is None:
+                    raise NotImplementedError(
+                        "Your GSSAPI implementation does not support RFC 6680 "
+                        "(the GSSAPI naming extensions)")
+
+                if rname_rfc6680_comp_oid is not None:
+                    base_name = rname.import_name(token,
+                                                  NameType.composite_export)
+                    displ_name = rname.display_name(base_name, name_type=True)
+                    if displ_name.name_type == NameType.composite_export:
+                        # NB(directxman12): there's a bug in MIT krb5 <= 1.13
+                        # where GSS_C_NT_COMPOSITE_EXPORT doesn't trigger
+                        # immediate import logic.  However, we can just use
+                        # the normal GSS_C_NT_EXPORT_NAME in this case.
+                        base_name = rname.import_name(token, NameType.export)
+                else:
+                    # NB(directxman12): some older versions of MIT krb5 don't
+                    # have support for the GSS_C_NT_COMPOSITE_EXPORT, but do
+                    # support composite tokens via GSS_C_NT_EXPORT_NAME.
+                    base_name = rname.import_name(token, NameType.export)
+            else:
+                base_name = rname.import_name(token, NameType.export)
+        elif isinstance(base, rname.Name):
+            base_name = base
+        else:
+            if isinstance(base, str):
+                base = base.encode(_utils._get_encoding())
+
+            base_name = rname.import_name(
+                base,  # type: ignore[arg-type]
+                name_type)
+
+        return t.cast("Name", super(Name, cls).__new__(cls, base_name))
+
+    def __init__(
+        self,
+        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
+        name_type: t.Optional[roids.OID] = None,
+        token: t.Optional[bytes] = None,
+        composite: bool = False,
+    ) -> None:
+        """
+        The constructor can be used to "import" a name from a human readable
+        representation, or from a token, and can also be used to convert a
+        low-level :class:`gssapi.raw.names.Name` object into a high-level
+        object.
+
+        If a :class:`~gssapi.raw.names.Name` object from the low-level API
+        is passed as the `base` argument, it will be converted into a
+        high-level object.
+
+        If the `token` argument is used, the name will be imported using
+        the token.  If the token was exported as a composite token,
+        pass `composite=True`.
+
+        Otherwise, a new name will be created, using the `base` argument as
+        the human-readable string and the `name_type` argument to denote the
+        name type.
+
+        Raises:
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.BadMechanismError
+        """
+
+        self._attr_obj: t.Optional[_NameAttributeMapping]
+
+        if rname_rfc6680 is not None:
+            self._attr_obj = _NameAttributeMapping(self)
+        else:
+            self._attr_obj = None
+
+    def __str__(self) -> str:
+        return bytes(self).decode(_utils._get_encoding())
+
+    def __unicode__(self) -> str:
+        # Python 2 -- someone asked for unicode
+        return self.__bytes__().decode(_utils._get_encoding())
+
+    def __bytes__(self) -> bytes:
+        # Python 3 -- someone asked for bytes
+        return rname.display_name(self, name_type=False).name
+
+
[docs]    def display_as(
+        self,
+        name_type: roids.OID,
+    ) -> str:
+        """
+        Display this name as the given name type.
+
+        This method attempts to display the current :class:`Name`
+        using the syntax of the given :class:`~gssapi.raw.types.NameType`, if
+        possible.
+
+        Warning:
+
+            In MIT krb5 versions below 1.13.3, this method can segfault if
+            the name was not *originally* created with a `name_type` that was
+            not ``None`` (even in cases when a ``name_type``
+            is later "added", such as via :meth:`canonicalize`).
+            **Do not use this method unless you are sure the above
+            conditions can never happen in your code.**
+
+        Warning:
+
+            In addition to the above warning, current versions of MIT krb5 do
+            not actually fully implement this method, and it may return
+            incorrect results in the case of canonicalized names.
+
+        :requires-ext:`rfc6680`
+
+        Args:
+            name_type (~gssapi.OID): the :class:`~gssapi.raw.types.NameType` to
+                use to display the given name
+
+        Returns:
+            str: the displayed name
+
+        Raises:
+            ~gssapi.exceptions.OperationUnavailableError
+        """
+
+        if rname_rfc6680 is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+        return rname_rfc6680.display_name_ext(self, name_type).decode(
+            _utils._get_encoding())

+
+    @property
+    def name_type(self) -> t.Optional[roids.OID]:
+        """The :class:`~gssapi.raw.types.NameType` of this name"""
+        return rname.display_name(self, name_type=True).name_type
+
+    def __eq__(
+        self,
+        other: object,
+    ) -> bool:
+        if not isinstance(other, rname.Name):
+            # maybe something else can compare this
+            # to other classes, but we certainly can't
+            return NotImplemented
+        else:
+            return rname.compare_name(self, other)
+
+    def __ne__(
+        self,
+        other: object,
+    ) -> bool:
+        return not self.__eq__(other)
+
+    def __repr__(self) -> str:
+        disp_res = rname.display_name(self, name_type=True)
+        return "Name({name!r}, {name_type})".format(
+            name=disp_res.name, name_type=disp_res.name_type)
+
+
[docs]    def export(
+        self,
+        composite: bool = False,
+    ) -> bytes:
+        """Export this name as a token.
+
+        This method exports the name into a byte string which can then be
+        imported by using the `token` argument of the constructor.
+
+        Args:
+            composite (bool): whether or not use to a composite token --
+                :requires-ext:`rfc6680`
+
+        Returns:
+            bytes: the exported name in token form
+
+        Raises:
+            ~gssapi.exceptions.MechanismNameRequiredError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+        """
+
+        if composite:
+            if rname_rfc6680 is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not support RFC 6680 (the GSSAPI "
+                                          "naming extensions)")
+
+            return rname_rfc6680.export_name_composite(self)
+        else:
+            return rname.export_name(self)

+
+
[docs]    def canonicalize(
+        self,
+        mech: roids.OID
+    ) -> "Name":
+        """Canonicalize a name with respect to a mechanism.
+
+        This method returns a new :class:`Name` that is canonicalized according
+        to the given mechanism.
+
+        Args:
+            mech (~gssapi.OID): the :class:`MechType` to use
+
+        Returns:
+            Name: the canonicalized name
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+        """
+
+        return type(self)(rname.canonicalize_name(self, mech))

+
+    def __copy__(self) -> "Name":
+        return type(self)(rname.duplicate_name(self))
+
+    def __deepcopy__(
+        self,
+        memo: t.Dict,
+    ) -> "Name":
+        return type(self)(rname.duplicate_name(self))
+
+    def _inquire(
+        self,
+        **kwargs: t.Any,
+    ) -> tuples.InquireNameResult:
+        """Inspect this name for information.
+
+        This method inspects the name for information.
+
+        If no keyword arguments are passed, all available information
+        is returned.  Otherwise, only the keyword arguments that
+        are passed and set to `True` are returned.
+
+        Args:
+            mech_name (bool): get whether this is a mechanism name,
+                and, if so, the associated mechanism
+            attrs (bool): get the attributes names for this name
+
+        Returns:
+            InquireNameResult: the results of the inquiry, with unused
+                fields set to None
+
+        Raises:
+            ~gssapi.exceptions.GSSError
+        """
+
+        if rname_rfc6680 is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+
+        if not kwargs:
+            default_val = True
+        else:
+            default_val = False
+
+        attrs = kwargs.get('attrs', default_val)
+        mech_name = kwargs.get('mech_name', default_val)
+
+        return rname_rfc6680.inquire_name(self, mech_name=mech_name,
+                                          attrs=attrs)
+
+    @property
+    def is_mech_name(self) -> bool:
+        """Whether or not this name is a mechanism name
+        (:requires-ext:`rfc6680`)
+        """
+        return self._inquire(mech_name=True).is_mech_name
+
+    @property
+    def mech(self) -> roids.OID:
+        """The mechanism associated with this name (:requires-ext:`rfc6680`)
+        """
+        return self._inquire(mech_name=True).mech
+
+    @property
+    def attributes(self) -> t.Optional[MutableMapping]:
+        """The attributes of this name (:requires-ext:`rfc6680`)
+
+        The attributes are presenting in the form of a
+        :class:`~collections.abc.MutableMapping` (a dict-like object).
+
+        Retrieved values will always be in the form of :class:`frozenset`.
+
+        When assigning values, if iterables are used, they be considered to be
+        the set of values for the given attribute.  If a non-iterable is used,
+        it will be considered a single value, and automatically wrapped in an
+        iterable.
+
+        Note:
+            String types (includes :class:`bytes`) are not considered to
+            be iterables in this case.
+        """
+        if self._attr_obj is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+
+        return self._attr_obj

+
+
+class _NameAttributeMapping(MutableMapping):
+
+    """Provides dict-like access to RFC 6680 Name attributes."""
+    def __init__(
+        self,
+        name: Name,
+    ) -> None:
+        self._name = name
+
+    def __getitem__(
+        self,
+        key: t.Union[bytes, str],
+    ) -> tuples.GetNameAttributeResult:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        res = rname_rfc6680.get_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+        res = t.cast(tuples.GetNameAttributeResult, res)
+
+        return tuples.GetNameAttributeResult(list(res.values),
+                                             list(res.display_values),
+                                             res.authenticated,
+                                             res.complete)
+
+    def __setitem__(
+        self,
+        key: t.Union[bytes, str],
+        value: t.Union[
+            tuples.GetNameAttributeResult, t.Tuple[bytes, bool], bytes
+        ],
+    ) -> None:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+
+        attr_value: t.List[bytes]
+        if isinstance(value, tuples.GetNameAttributeResult):
+            complete = value.complete
+            attr_value = value.values
+        elif isinstance(value, tuple) and len(value) == 2:
+            complete = t.cast(bool, value[1])
+            attr_value = [t.cast(bytes, value[0])]
+        else:
+            complete = False
+
+        if (isinstance(value, (str, bytes)) or
+                not isinstance(value, Iterable)):
+            # NB(directxman12): this allows us to easily assign a single
+            # value, since that's a common case
+            attr_value = [value]
+
+        rname_rfc6680.set_name_attribute(  # type: ignore[union-attr]
+            self._name, key, attr_value, complete=complete)
+
+    def __delitem__(
+        self,
+        key: t.Union[bytes, str],
+    ) -> None:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._name._inquire(attrs=True).attrs)
+
+    def __len__(self) -> int:
+        return len(self._name._inquire(attrs=True).attrs)
+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/chan_bindings.html b/_modules/gssapi/raw/chan_bindings.html new file mode 100644 index 00000000..0a9c118b --- /dev/null +++ b/_modules/gssapi/raw/chan_bindings.html @@ -0,0 +1,134 @@ + + + + + + gssapi.raw.chan_bindings — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.chan_bindings

+import typing as t
+
+
+
[docs]class ChannelBindings:
+    """GSSAPI Channel Bindings
+
+    This class represents a set of GSSAPI channel bindings.
+
+    Args:
+        initiator_address_type: the initiator address type
+        initiator_address: the initiator address
+        acceptor_address_type:  the acceptor address type
+        acceptor_address: the acceptor address
+        application_data: additional application-specific data
+    """
+
+
[docs]    initiator_address_type: t.Optional[int]

+
[docs]    initiator_address: t.Optional[bytes]

+
[docs]    acceptor_address_type: t.Optional[int]

+
[docs]    acceptor_address: t.Optional[bytes]

+
[docs]    application_data: t.Optional[bytes]

+
+    def __init__(
+        self,
+        initiator_address_type: t.Optional[int] = None,
+        initiator_address: t.Optional[bytes] = None,
+        acceptor_address_type: t.Optional[int] = None,
+        acceptor_address: t.Optional[bytes] = None,
+        application_data: t.Optional[bytes] = None,
+    ) -> None: ...

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/creds.html b/_modules/gssapi/raw/creds.html new file mode 100644 index 00000000..c12bb399 --- /dev/null +++ b/_modules/gssapi/raw/creds.html @@ -0,0 +1,292 @@ + + + + + + gssapi.raw.creds — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.creds

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+    from gssapi.raw.named_tuples import (
+        AcquireCredResult,
+        AddCredResult,
+        InquireCredResult,
+        InquireCredByMechResult,
+    )
+
+
+
[docs]class Creds:
+    """
+    GSSAPI Credentials
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["Creds"] = None,
+    ) -> "Creds": ...

+
+
+
[docs]def acquire_cred(
+    name: t.Optional["Name"],
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'both',
+) -> "AcquireCredResult":
+    """Get GSSAPI credentials for the given name and mechanisms.
+
+    This method gets GSSAPI credentials corresponding to the given name
+    and mechanims.  The desired TTL and usage for the the credential may also
+    be specified.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name for which to acquire the
+            credentials (or None for the "no name" functionality)
+        lifetime (int): the lifetime in seconds for the credentials (or None
+            for indefinite)
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work, or None for the default set
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
[docs]def release_cred(
+    creds: Creds,
+) -> None:
+    """
+    release_cred(creds)
+    Release GSSAPI Credentials.
+
+    This method releases GSSAPI credentials.
+
+    Warning:
+        This method is deprecated.  Credentials are
+        automatically freed by Python.
+
+    Args:
+        creds (Creds): the credentials in question
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
[docs]def add_cred(
+    input_cred: Creds,
+    name: "Name",
+    mech: "OID",
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+    mutate_input: bool = False,
+) -> "AddCredResult":
+    """Add a credential element to a credential.
+
+    This method can be used to either compose two credentials (i.e., original
+    and new credential), or to add a new element to an existing credential.
+
+    Args:
+        input_cred (Creds): the set of credentials to which to add the new
+            credentials
+        name (~gssapi.raw.names.Name): name of principal to acquire a
+            credential for
+        mech (~gssapi.raw.types.MechType): the desired security mechanism
+            (required).
+        usage (str): usage type for credentials.  Possible values:
+            'initiate' (default), 'accept', 'both' (failsafe).
+        init_lifetime (int): lifetime of credentials for use in initiating
+            security contexts in seconds (None for indefinite)
+        accept_lifetime (int): lifetime of credentials for use in accepting
+            security contexts in seconds (None for indefinite)
+        mutate_input (bool): whether to mutate the input credentials (True)
+            or produce a new set of credentials (False).  Defaults to False
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL, and the actual acceptor TTL (None for
+        either indefinite or not supported).  Note that the credentials may
+        be set to None if mutate_input is set to True.
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.DuplicateCredentialsElementError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
[docs]def inquire_cred(
+    creds: Creds,
+    name: bool = True,
+    lifetime: bool = True,
+    usage: bool = True,
+    mechs: bool = True,
+) -> "InquireCredResult":
+    """Inspect credentials for information.
+
+    This method inspects a :class:`Creds` object for information.
+
+    Args:
+        creds (Creds): the credentials to inspect
+        name (bool): get the Name associated with the credentials
+        lifetime (bool): get the TTL for the credentials
+        usage (bool): get the usage type of the credentials
+        mechs (bool): the mechanims used with the credentials
+
+    Returns:
+        InquireCredResult: the information about the credentials,
+        with unused fields set to None
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+    """

+
+
+
[docs]def inquire_cred_by_mech(
+    creds: Creds,
+    mech: "OID",
+    name: bool = True,
+    init_lifetime: bool = True,
+    accept_lifetime: bool = True,
+    usage: bool = True,
+) -> "InquireCredByMechResult":
+    """Inspect credentials for mechanism-specific information.
+
+    This method inspects a :class:`Creds` object for information
+    specific to a particular mechanism.  It functions similarly
+    to :func:`inquire_cred`.
+
+    Args:
+        creds (Creds): the credentials to inspect
+        mech (~gssapi.OID): the desired mechanism
+        name (bool): get the Name associated with the credentials
+        init_lifetime (bool): get the initiator TTL for the credentials (in
+            seconds)
+        accept_lifetime (bool): get the acceptor TTL for the credentials (in
+            seconds)
+        usage (bool): get the usage type of the credentials
+
+    Returns:
+        InquireCredByMechResult: the information about the credentials,
+        with unused fields set to None
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.InvalidCredentialsError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/exceptions.html b/_modules/gssapi/raw/exceptions.html new file mode 100644 index 00000000..1ee24974 --- /dev/null +++ b/_modules/gssapi/raw/exceptions.html @@ -0,0 +1,171 @@ + + + + + + gssapi.raw.exceptions — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.exceptions

+from gssapi.raw.misc import GSSError
+
+
[docs]class ParameterReadError(GSSError): ...

+
+
[docs]class ParameterWriteError(GSSError): ...

+
+
[docs]class MalformedParameterError(GSSError): ...

+
+
[docs]class BadMechanismError(GSSError): ...

+
+
[docs]class BadNameError(GSSError): ...

+
+
[docs]class BadNameTypeError(GSSError): ...

+
+
[docs]class BadChannelBindingsError(GSSError): ...

+
+
[docs]class BadStatusError(GSSError): ...

+
+
[docs]class BadMICError(GSSError): ...

+
+
[docs]class MissingCredentialsError(GSSError): ...

+
+
[docs]class MissingContextError(GSSError): ...

+
+
[docs]class InvalidTokenError(GSSError): ...

+
+
[docs]class InvalidCredentialsError(GSSError): ...

+
+
[docs]class ExpiredCredentialsError(GSSError): ...

+
+
[docs]class ExpiredContextError(GSSError): ...

+
+
[docs]class BadQoPError(GSSError): ...

+
+
[docs]class UnauthorizedError(GSSError): ...

+
+
[docs]class OperationUnavailableError(GSSError): ...

+
+
[docs]class DuplicateCredentialsElementError(GSSError): ...

+
+
[docs]class MechanismNameRequiredError(GSSError): ...

+
+
[docs]class NameReadError(ParameterReadError, BadNameError): ...

+
+
[docs]class NameTypeReadError(ParameterReadError, BadNameTypeError): ...

+
+
[docs]class TokenReadError(ParameterReadError, InvalidTokenError): ...

+
+
[docs]class ContextReadError(ParameterReadError, MissingContextError): ...

+
+
[docs]class CredentialsReadError(ParameterReadError, MissingCredentialsError): ...

+
+
[docs]class ContextWriteError(ParameterWriteError, MissingContextError): ...

+
+
[docs]class CredentialsWriteError(ParameterWriteError, MissingCredentialsError): ...

+
+
[docs]class SupplementaryError(GSSError): ...

+
+
[docs]class DuplicateTokenError(SupplementaryError): ...

+
+
[docs]class ExpiredTokenError(SupplementaryError): ...

+
+
[docs]class TokenOutOfSequenceError(SupplementaryError): ...

+
+
[docs]class TokenTooLateError(TokenOutOfSequenceError): ...

+
+
[docs]class TokenTooEarlyError(TokenOutOfSequenceError): ...

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_cred_imp_exp.html b/_modules/gssapi/raw/ext_cred_imp_exp.html new file mode 100644 index 00000000..341682fd --- /dev/null +++ b/_modules/gssapi/raw/ext_cred_imp_exp.html @@ -0,0 +1,148 @@ + + + + + + gssapi.raw.ext_cred_imp_exp — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_cred_imp_exp

+"""Credentials Import/Export Extension"""
+
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+
+
+
[docs]def export_cred(
+    creds: "Creds",
+) -> bytes:
+    """Export GSSAPI credentials.
+
+    This method exports GSSSAPI credentials into a token
+    which may be transmitted between different processes.
+
+    Args:
+        creds (Creds): the credentials object to be exported
+
+    Returns:
+        bytes: the exported token representing the given credentials object
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def import_cred(
+    token: bytes,
+) -> "Creds":
+    """Import GSSAPI credentials from a token.
+
+    This method imports a credentials object from a token
+    previously exported by :func:`export_cred`.
+
+    Args:
+        token (bytes): the token to import
+
+    Returns:
+        Creds: the imported credentials object
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_cred_store.html b/_modules/gssapi/raw/ext_cred_store.html new file mode 100644 index 00000000..ec343d21 --- /dev/null +++ b/_modules/gssapi/raw/ext_cred_store.html @@ -0,0 +1,240 @@ + + + + + + gssapi.raw.ext_cred_store — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_cred_store

+"""Credential Store Extension"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AcquireCredResult, StoreCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+
[docs]def acquire_cred_from(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ] = None,
+    name: t.Optional["Name"] = None,
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'both',
+) -> "AcquireCredResult":
+    """Acquire credentials from the given store.
+
+    This method acquires credentials from the store specified by the
+    given credential store information.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the credential store information pointing to the
+            credential store from which to acquire the credentials.
+            See :doc:`credstore` for valid values
+        name (~gssapi.raw.names.Name): the name associated with the
+            credentials, or None for the default name
+        lifetime (int): the desired lifetime of the credentials in seconds, or
+            None for indefinite
+        mechs (list): the desired mechanisms to be used with these
+            credentials, or None for the default set
+        usage (str): the usage for these credentials -- either 'both',
+            'initiate', or 'accept'
+
+    Returns:
+        AcquireCredResult: the acquired credentials and information about
+        them
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def add_cred_from(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ],
+    input_creds: "Creds",
+    name: "Name",
+    mech: "OID",
+    usage: str = 'both',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AcquireCredResult":
+    """Acquire credentials to add to the current set from the given store.
+
+    This method works like :func:`acquire_cred_from`, except that it
+    adds the acquired credentials for a single mechanism to a copy of
+    the current set, instead of creating a new set for multiple mechanisms.
+    Unlike :func:`~gssapi.raw.creds.acquire_cred`, you cannot pass None for the
+    desired name or mechanism.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the store into which to store the credentials,
+            or None for the default store.
+            See :doc:`credstore` for valid values
+        name (~gssapi.raw.names.Name): the name associated with the credentials
+        mech (~gssapi.OID): the desired mechanism to be used with these
+            credentials
+        usage (str): the usage for these credentials -- either 'both',
+            'initiate', or 'accept'
+        init_lifetime (int): the desired initiate lifetime of the credentials
+            in seconds, or None for indefinite
+        accept_lifetime (int): the desired accept lifetime of the credentials
+            in seconds, or None for indefinite
+
+    Returns:
+        AcquireCredResult: the new credentials set and information about
+        it
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def store_cred_into(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ],
+    creds: "Creds",
+    usage: str = 'both',
+    mech: t.Optional["OID"] = None,
+    overwrite: bool = False,
+    set_default: bool = False,
+) -> "StoreCredResult":
+    """Store credentials into the given store.
+
+    This method stores the given credentials into the store specified
+    by the given store information.  They may then be retrieved later using
+    :func:`acquire_cred_from` or :func:`add_cred_from`.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the store into which to store the credentials,
+            or None for the default store.
+            See :doc:`credstore` for valid values
+        creds (Creds): the credentials to store
+        usage (str): the usage to store the credentials with -- either
+            'both', 'initiate', or 'accept'
+        mech (~gssapi.OID): the mechansim to associate with the stored
+            credentials
+        overwrite (bool): whether or not to overwrite existing credentials
+            stored with the same name, etc
+        set_default (bool): whether or not to set these credentials as
+            the default credentials for the given store.
+
+    Returns:
+        StoreCredResult: the results of the credential storing operation
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_dce.html b/_modules/gssapi/raw/ext_dce.html new file mode 100644 index 00000000..ef767aab --- /dev/null +++ b/_modules/gssapi/raw/ext_dce.html @@ -0,0 +1,291 @@ + + + + + + gssapi.raw.ext_dce — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_dce

+import typing as t
+
+from enum import IntEnum
+
+from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import IOVUnwrapResult, WrapResult
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+
[docs]class IOVBufferType(IntEnum):
+    """
+    IOV Buffer Types
+
+    This IntEnum represent GSSAPI IOV buffer
+    types to be used with the IOV methods.
+
+    The numbers behind the values correspond directly
+    to their C counterparts.
+    """
+
+
[docs]    empty = 0 #: GSS_IOV_BUFFER_TYPE_EMPTY

+
[docs]    data = 1 #: GSS_IOV_BUFFER_TYPE_DATA

+
[docs]    header = 2 #: GSS_IOV_BUFFER_TYPE_HEADER

+
[docs]    mech_params = 3 #: GSS_IOV_BUFFER_TYPE_MECH_PARAMS

+
[docs]    trailer = 7 #: GSS_IOV_BUFFER_TYPE_TRAILER

+
[docs]    padding = 9 #: GSS_IOV_BUFFER_TYPE_PADDING

+
[docs]    stream = 10 #: GSS_IOV_BUFFER_TYPE_STREAM

+
[docs]    sign_only = 11 #: GSS_IOV_BUFFER_TYPE_SIGN_ONLY

+
[docs]    mic_token = 12 #: GSS_IOV_BUFFER_TYPE_MIC_TOKEN

+
+
+
[docs]class IOVBuffer(t.NamedTuple):
+
[docs]    type: IOVBufferType

+
[docs]    allocate: t.Optional[bool]

+
[docs]    value: t.Optional[bytes]

+
+
+
[docs]class IOV:
+    """A GSSAPI IOV"""
+
+    def __init__(
+        self,
+        *args: t.Union[
+            IOVBuffer,
+            t.Tuple[
+                t.Union[IOVBufferType, int],
+                t.Optional[bool],
+                t.Optional[bytes]],
+            t.Tuple[
+                t.Union[IOVBufferType, int],
+                t.Optional[t.Union[bool, bytes]],
+            ],
+            bytes,
+            t.Union[IOVBufferType, int],
+        ],
+        std_layout: bool = True,
+        auto_alloc: bool = True,
+    ) -> None: ...
+
+    def __getitem__(
+        self,
+        ind: int,
+    ) -> IOVBuffer: ...
+
+    def __len__(self) -> int: ...
+
+    def __iter__(self) -> t.Iterator[IOVBuffer]: ...
+
+    def __contains__(
+        self,
+        item: IOVBuffer,
+    ) -> bool: ...
+
+    def __reversed__(self) -> t.Iterator[IOVBuffer]: ...
+
+
[docs]    def index(
+        self,
+        value: t.Any,
+    ) -> int: ...

+
+
[docs]    def count(
+        self,
+        value: t.Any,
+    ) -> int: ...

+
+
+
[docs]def wrap_iov(
+    context: "SecurityContext",
+    message: IOV,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> bool:
+    """Wrap/Encrypt an IOV message.
+
+    This method wraps or encrypts an IOV message.  The allocate
+    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
+    indicates whether or not that particular buffer should be
+    automatically allocated (for use with padding, header, and
+    trailer buffers).
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+        confidential (bool): whether or not to encrypt the miovessage (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        bool: whether or not confidentiality was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def unwrap_iov(
+    context: "SecurityContext",
+    message: IOV,
+) -> "IOVUnwrapResult":
+    """Unwrap/Decrypt an IOV message.
+
+    This method uwraps or decrypts an IOV message.  The allocate
+    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
+    indicates whether or not that particular buffer should be
+    automatically allocated (for use with padding, header, and
+    trailer buffers).
+
+    As a special case, you may pass an entire IOV message
+    as a single 'stream'.  In this case, pass a buffer type
+    of :attr:`IOVBufferType.stream` followed by a buffer type of
+    :attr:`IOVBufferType.data`.  The former should contain the
+    entire IOV message, while the latter should be empty.
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+
+    Returns:
+        IOVUnwrapResult: whether or not confidentiality was used,
+        and the QoP used.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def wrap_iov_length(
+    context: "SecurityContext",
+    message: IOV,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Appropriately size padding, trailer, and header IOV buffers.
+
+    This method sets the length values on the IOV buffers.  You
+    should already have data provided for the data (and sign-only)
+    buffer(s) so that padding lengths can be appropriately computed.
+
+    In Python terms, this will result in an appropriately sized
+    `bytes` object consisting of all zeros.
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+
+    Returns:
+        WrapResult: a list of :class:IOVBuffer` objects, and whether or not
+        encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_dce_aead.html b/_modules/gssapi/raw/ext_dce_aead.html new file mode 100644 index 00000000..0d91141a --- /dev/null +++ b/_modules/gssapi/raw/ext_dce_aead.html @@ -0,0 +1,165 @@ + + + + + + gssapi.raw.ext_dce_aead — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_dce_aead

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+
[docs]def wrap_aead(
+    context: "SecurityContext",
+    message: bytes,
+    associated: t.Optional[bytes] = None,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Wrap/Encrypt an AEAD message.
+
+    This method takes an input message and associated data,
+    and outputs and AEAD message.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to wrap or encrypt
+        associated (bytes): associated data to go with the message
+        confidential (bool): whether or not to encrypt the message (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        WrapResult: the wrapped/encrypted total message, and whether or not
+        encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def unwrap_aead(
+    context: "SecurityContext",
+    message: bytes,
+    associated: t.Optional[bytes] = None,
+) -> "UnwrapResult":
+    """Unwrap/Decrypt an AEAD message.
+
+    This method takes an encrpyted/wrapped AEAD message and some associated
+    data, and returns an unwrapped/decrypted message.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the AEAD message to unwrap or decrypt
+        associated (bytes): associated data that goes with the message
+
+    Returns:
+        UnwrapResult: the unwrapped/decrypted message, whether or on
+        encryption was used, and the QoP used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_ggf.html b/_modules/gssapi/raw/ext_ggf.html new file mode 100644 index 00000000..dfbc8adf --- /dev/null +++ b/_modules/gssapi/raw/ext_ggf.html @@ -0,0 +1,201 @@ + + + + + + gssapi.raw.ext_ggf — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_ggf

+"""
+GGF Extensions
+
+GGF provides extended credential and security context inquiry that allows
+application to retrieve more information about the client's credentials and
+security context. One common use case is to use
+:meth:`inquire_sec_context_by_oid` to retrieve the "session" key that is
+required by the SMB protocol for signing and encrypting a message.
+
+Draft IETF document for these extensions can be found at
+https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00
+"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+
[docs]def inquire_cred_by_oid(
+    cred_handle: "Creds",
+    desired_aspect: "OID",
+) -> t.List[bytes]:
+    """
+    This method inspects a :class:`~gssapi.raw.creds.Creds` object for
+    information specific to a particular desired aspect as an OID.
+
+    Args:
+        cred_handle (Creds): the Credentials to query
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Credentials to inquire about.
+
+    Returns:
+        list: A list of zero or more pieces of data (as bytes objects)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def inquire_sec_context_by_oid(
+    context: "SecurityContext",
+    desired_aspect: "OID",
+) -> t.List[bytes]:
+    """
+    This method inspects a :class:`~gssapi.raw.sec_contexts.SecurityContext`
+    object for information specific to a particular desired aspect as an OID.
+
+    This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
+    retrieve the required key that is used to derive the SMB/SAMBA signing and
+    encryption keys.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
+            Context to query
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Security Context to inquire about.
+
+    Returns:
+        list: A list of zero or more pieces of data (as bytes objects)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def set_sec_context_option(
+    desired_aspect: "OID",
+    context: "SecurityContext",
+    value: t.Optional[bytes] = None,
+) -> None:
+    """
+    This method is used to set a value for a specific OID of a
+    :class:`~gssapi.raw.sec_contexts.SecurityContext` object. The OID and value
+    to pass in depends on the mech the SecurityContext backs.
+
+    An example of how this can be used would be to reset the NTLM crypto engine
+    used in gss-ntlmssp. The OID that controls this value is
+    '1.3.6.1.4.1.7165.655.1.3' and it takes it a byte value that represents
+    an int32 where 1 resets the verifier handle and any other int resets the
+    sender handle.
+
+    Args:
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Security Context to set the value for.
+        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
+            Context to set, or None to create a new context.
+        value (bytes): the value to set on the desired aspect of the Security
+            Context or None to send GSS_C_EMPTY_BUFFER.
+
+    Returns:
+        ~gssapi.raw.sec_contexts.SecurityContext: The output security context.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_iov_mic.html b/_modules/gssapi/raw/ext_iov_mic.html new file mode 100644 index 00000000..8670247d --- /dev/null +++ b/_modules/gssapi/raw/ext_iov_mic.html @@ -0,0 +1,194 @@ + + + + + + gssapi.raw.ext_iov_mic — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_iov_mic

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.ext_dce import IOV
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+
[docs]def get_mic_iov(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> None:
+    """Generate MIC tokens for the given IOV message.
+
+    This method generates a MIC token for the given IOV message, and places it
+    in the :attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token` buffer in the
+    IOV. This method operates entirely in-place, and returns nothing.
+
+    Warning:
+        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def get_mic_iov_length(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> None:
+    """Allocate space for the MIC buffer in the given IOV message.
+
+    This method allocates space for the MIC token buffer
+    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) in the given IOV
+    message.
+
+    Warning:
+        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def verify_mic_iov(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> int:
+    """Verify that the MIC matches the data in the given IOV message.
+
+    This method verifies that the MIC token in the MIC buffer
+    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) match the data
+    buffer(s) in the given IOV method.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+
+    Returns:
+        int: the QoP used to generate the MIC token
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_krb5.html b/_modules/gssapi/raw/ext_krb5.html new file mode 100644 index 00000000..a5420188 --- /dev/null +++ b/_modules/gssapi/raw/ext_krb5.html @@ -0,0 +1,384 @@ + + + + + + gssapi.raw.ext_krb5 — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_krb5

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import CfxKeyData, Rfc1964KeyData
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+
[docs]class Krb5LucidContext:
+    """
+    The base container returned by :meth:`krb5_export_lucid_sec_context` when
+    an unknown version was requested.
+    """

+
+
+
[docs]class Krb5LucidContextV1(Krb5LucidContext):
+    """
+    Kerberos context data returned by :meth:`krb5_export_lucid_sec_context`
+    when version 1 was requested.
+    """
+
+    @property
+
[docs]    def version(self) -> t.Optional[int]:
+        """The structure version number
+
+        Returns:
+            Optional[int]: the structure version number
+        """

+
+    @property
+
[docs]    def is_initiator(self) -> t.Optional[bool]:
+        """Whether the context was the initiator
+
+        Returns:
+            Optional[bool]: ``True`` when the exported context was the
+            initiator
+        """

+
+    @property
+
[docs]    def endtime(self) -> t.Optional[int]:
+        """Expiration time of the context
+
+        Returns:
+            Optional[int]: the expiration time of the context
+        """

+
+    @property
+
[docs]    def send_seq(self) -> t.Optional[int]:
+        """Sender sequence number
+
+        Returns:
+            Optional[int]: the sender sequence number
+        """

+
+    @property
+
[docs]    def recv_seq(self) -> t.Optional[int]:
+        """Receiver sequence number
+
+        Returns:
+            Optional[int]: the receiver sequence number
+        """

+
+    @property
+
[docs]    def protocol(self) -> t.Optional[int]:
+        """The protocol number
+
+        If the protocol number is 0 then :attr:`rfc1964_kd` is set and
+        :attr:`cfx_kd` is `None`. If the protocol number is 1 then the opposite
+        is true.
+
+        Protocol 0 refers to RFC1964 and 1 refers to RFC4121.
+
+        Returns:
+            Optional[int]: the protocol number
+        """

+
+    @property
+
[docs]    def rfc1964_kd(self) -> t.Optional["Rfc1964KeyData"]:
+        """Keydata for protocol 0 (RFC1964)
+
+        This will be set when :attr:`protocol` is ``0``.
+
+        Returns:
+            Optional[Rfc1964KeyData]: the RFC1964 key data
+        """

+
+    @property
+
[docs]    def cfx_kd(self) -> t.Optional["CfxKeyData"]:
+        """Key data for protocol 1 (RFC4121)
+
+        This will be set when :attr:`protocol` is ``1``.
+
+        Returns:
+            Optional[CfxKeyData]: the RFC4121 key data
+        """

+
+
+
[docs]def krb5_ccache_name(
+    name: t.Optional[bytes],
+) -> bytes:
+    """Set the default Kerberos Protocol credentials cache name.
+
+    This method sets the default credentials cache name for use by he Kerberos
+    mechanism. The default credentials cache is used by
+    :meth:`~gssapi.raw.creds.acquire_cred` to create a GSS-API credential. It
+    is also used by :meth:`~gssapi.raw.sec_contexts.init_sec_context` when
+    `GSS_C_NO_CREDENTIAL` is specified.
+
+    Note:
+        Heimdal does not return the old name when called. It also does not
+        reset the ccache lookup behaviour when setting to ``None``.
+
+    Note:
+        The return value may not be thread safe.
+
+    Args:
+        name (Optional[bytes]): the name to set as the new thread specific
+            ccache name. Set to ``None`` to revert back to getting the ccache
+            from the config/environment settings.
+
+    Returns:
+        bytes: the old name that was previously set
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def krb5_export_lucid_sec_context(
+    context: "SecurityContext",
+    version: int,
+) -> Krb5LucidContext:
+    """Returns a non-opaque version of the internal context info.
+
+    Gets information about the Kerberos security context passed in. Currently
+    only version 1 is known and supported by this library.
+
+    Note:
+        The context handle must not be used again by the caller after this
+        call.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        version (int): the output structure version to export.  Currently
+            only 1 is supported.
+
+    Returns:
+        Krb5LucidContext: the non-opaque version context info
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def krb5_extract_authtime_from_sec_context(
+    context: "SecurityContext",
+) -> int:
+    """Get the auth time for the security context.
+
+    Gets the auth time for the established security context.
+
+    Note:
+        Heimdal can only get the authtime on the acceptor security context.
+        MIT is able to get the authtime on both initiators and acceptors.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+
+    Returns:
+        int: the authtime
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def krb5_extract_authz_data_from_sec_context(
+    context: "SecurityContext",
+    ad_type: int,
+) -> bytes:
+    """Extracts Kerberos authorization data.
+
+    Extracts authorization data that may be stored within the context.
+
+    Note:
+        Only operates on acceptor contexts.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        ad_type (int): the type of data to extract
+
+    Returns:
+        bytes: the raw authz data from the sec context
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def krb5_import_cred(
+    cred_handle: "Creds",
+    cache: t.Optional[int] = None,
+    keytab_principal: t.Optional[int] = None,
+    keytab: t.Optional[int] = None,
+) -> None:
+    """Import Krb5 credentials into GSSAPI credential.
+
+    Imports the krb5 credentials (either or both of the keytab and cache) into
+    the GSSAPI credential so it can be used within GSSAPI. The ccache is
+    copied by reference and thus shared, so if the credential is destroyed,
+    all users of cred_handle will fail.
+
+    Args:
+        cred_handle (Creds): the credential handle to import into
+        cache (int): the krb5_ccache address pointer, as an int, to import
+            from
+        keytab_principal (int): the krb5_principal address pointer, as an int,
+            of the credential to import
+        keytab (int): the krb5_keytab address pointer, as an int, of the
+            keytab to import
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def krb5_get_tkt_flags(
+    context: "SecurityContext",
+) -> int:
+    """Return ticket flags for the kerberos ticket.
+
+    Return the ticket flags for the kerberos ticket received when
+    authenticating the initiator.
+
+    Note:
+        Heimdal can only get the tkt flags on the acceptor security context.
+        MIT is able to get the tkt flags on initiators and acceptors.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context
+
+    Returns:
+        int: the ticket flags for the received kerberos ticket
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def krb5_set_allowable_enctypes(
+    cred_handle: "Creds",
+    ktypes: t.Iterable[int],
+) -> None:
+    """Limits the keys that can be exported.
+
+    Called by a context initiator after acquiring the creds but before calling
+    :meth:`~gssapi.raw.sec_contexts.init_sec_context` to restrict the set of
+    enctypes which will be negotiated during context establisment to those in
+    the provided list.
+
+    Warning:
+        The cred_handle should not be ``GSS_C_NO_CREDENTIAL``.
+
+    Args:
+        cred_hande (Creds): the credential handle
+        ktypes (List[int]): list of enctypes allowed
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_password.html b/_modules/gssapi/raw/ext_password.html new file mode 100644 index 00000000..75e8049a --- /dev/null +++ b/_modules/gssapi/raw/ext_password.html @@ -0,0 +1,145 @@ + + + + + + gssapi.raw.ext_password — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_password

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import AcquireCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+
[docs]def acquire_cred_with_password(
+    name: "Name",
+    password: bytes,
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'initiate',
+) -> "AcquireCredResult":
+    """Acquire credentials through provided password.
+
+    This function is originally from Solaris and is not documented by either
+    MIT or Heimdal.
+
+    In general, it functions similarly to
+    :func:`~gssapi.raw.creds.acquire_cred`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to acquire credentials for
+        password (bytes): the password used to acquire credentialss with
+        lifetime (int): the lifetime for the credentials in seconds (or None
+            for indefinite)
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work (or None for the default set)
+        usage (str): usage type for credentials.  Possible values:
+            'initiate' (default), 'accept', 'both' (failsafe).
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_password_add.html b/_modules/gssapi/raw/ext_password_add.html new file mode 100644 index 00000000..a23a5791 --- /dev/null +++ b/_modules/gssapi/raw/ext_password_add.html @@ -0,0 +1,152 @@ + + + + + + gssapi.raw.ext_password_add — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_password_add

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AddCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+
[docs]def add_cred_with_password(
+    input_cred: "Creds",
+    name: "Name",
+    mech: "OID",
+    password: bytes,
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AddCredResult":
+    """Add a credential-element to a credential using provided password.
+
+    This function is originally from Solaris and is not documented by either
+    MIT or Heimdal.
+
+    In general, it functions similarly to :func:`~gssapi.raw.creds.add_cred`.
+
+    Args:
+        input_cred (~gssapi.raw.creds.Creds): the credentials to add to
+        name (~gssapi.raw.names.Name): the name to acquire credentials for
+        mech (~gssapi.raw.types.MechType): the desired mechanism.  Note that
+            this is both singular and required
+        password (bytes): the password used to acquire credentialss with
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+        init_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to initiate security contexts (or None
+            for indefinite)
+        accept_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to accept security contexts (or None
+            for indefinite)
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL in seconds, and the actual acceptor TTL
+        in seconds (the TTLs may be None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_rfc4178.html b/_modules/gssapi/raw/ext_rfc4178.html new file mode 100644 index 00000000..03da84e5 --- /dev/null +++ b/_modules/gssapi/raw/ext_rfc4178.html @@ -0,0 +1,131 @@ + + + + + + gssapi.raw.ext_rfc4178 — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_rfc4178

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+
+
+
[docs]def set_neg_mechs(
+    cred_handle: "Creds",
+    mech_set: t.Iterable["OID"],
+) -> None:
+    """
+    Specify the set of security mechanisms that may be negotiated with
+    the credential identified by cred_handle.
+    If more than one mechanism is specified in mech_set, the order in
+    which those mechanisms are specified implies a relative preference.
+
+    Args:
+        cred_handle (Creds): credentials to set negotiable mechanisms for
+        mech_set (~gssapi.raw.types.MechType): negotiable mechanisms to be set
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_rfc5587.html b/_modules/gssapi/raw/ext_rfc5587.html new file mode 100644 index 00000000..e04297b3 --- /dev/null +++ b/_modules/gssapi/raw/ext_rfc5587.html @@ -0,0 +1,167 @@ + + + + + + gssapi.raw.ext_rfc5587 — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_rfc5587

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import InquireAttrsResult, DisplayAttrResult
+    from gssapi.raw.oids import OID
+
+
+
[docs]def indicate_mechs_by_attrs(
+    desired_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+    except_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+    critical_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+) -> t.Set["OID"]:
+    """Get a set of mechanisms that have the specified attributes.
+
+    Args:
+        desired_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
+            offer
+        except_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
+            NOT offer
+        critical_mech_attrs (~gssapi.OID): Attributes that the output mechs
+            MUST understand and offer
+
+    Returns:
+        ~gssapi.MechType: a set of mechs which satisfy the given criteria
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def inquire_attrs_for_mech(
+    mech: "OID",
+) -> "InquireAttrsResult":
+    """Gets the set of attrs supported and known by a mechanism.
+
+    Args:
+        mech (~gssapi.raw.types.MechType): Mechanism to inquire about
+
+    Returns:
+        InquireAttrsResult: the results of inquiry; a mech's attributes and
+        known attributes
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def display_mech_attr(
+    attr: "OID",
+) -> "DisplayAttrResult":
+    """Returns information about attributes in human readable form.
+
+    Args:
+        attr (~gssapi.OID): Mechanism attribute to retrieve names and
+            descriptions of
+
+    Returns:
+        DisplayAttrResult: the results of displaying the attribute; mech name,
+        short description, and long description.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_rfc5588.html b/_modules/gssapi/raw/ext_rfc5588.html new file mode 100644 index 00000000..b05e366e --- /dev/null +++ b/_modules/gssapi/raw/ext_rfc5588.html @@ -0,0 +1,146 @@ + + + + + + gssapi.raw.ext_rfc5588 — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_rfc5588

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import StoreCredResult
+    from gssapi.raw.oids import OID
+
+
+
[docs]def store_cred(
+    creds: "Creds",
+    usage: str = 'both',
+    mech: t.Optional["OID"] = None,
+    overwrite: bool = False,
+    set_default: bool = False,
+) -> "StoreCredResult":
+    """Store credentials into the default store.
+
+    This method stores the given credentials into the default store.
+    They may then be retrieved later using
+    :func:`~gssapi.raw.creds.acquire_cred`.
+
+    Args:
+        creds (Creds): the credentials to store
+        usage (str): the usage to store the credentials with -- either
+            'both', 'initiate', or 'accept'
+        mech (~gssapi.OID): the mechansim to associate with the stored
+            credentials
+        overwrite (bool): whether or not to overwrite existing credentials
+            stored with the same name, etc
+        set_default (bool): whether or not to set these credentials as
+            the default credentials for the given store.
+
+    Returns:
+        StoreCredResult: the results of the credential storing operation
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.DuplicateCredentialsElementError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_rfc5801.html b/_modules/gssapi/raw/ext_rfc5801.html new file mode 100644 index 00000000..070728b2 --- /dev/null +++ b/_modules/gssapi/raw/ext_rfc5801.html @@ -0,0 +1,143 @@ + + + + + + gssapi.raw.ext_rfc5801 — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_rfc5801

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import InquireSASLNameResult
+    from gssapi.raw.oids import OID
+
+
+
[docs]def inquire_saslname_for_mech(
+    mech: "OID",
+) -> "InquireSASLNameResult":
+    """Gets information about a specified mech, including the SASL name,
+    the mech name, and the mech description.
+
+    Args:
+        mech (~gssapi.OID): Mechanism to inquire about
+
+    Returns:
+        InquireSASLNameResult: the results of inquiry; a mech's SASL name,
+        name, and description.
+
+    Raises:
+        ~gssapi.exceptions.GSSError: an unknown failure occurred
+    """

+
+
+
[docs]def inquire_mech_for_saslname(
+    sasl_name: bytes,
+) -> "OID":
+    """Gets the OID for the mech specified by SASL name.
+
+    Args:
+        sasl_name (bytes): SASL name of the mechanism
+
+    Returns:
+        ~gssapi.OID: the mechanism with corresponding SASL name.
+
+    Raises:
+        ~gssapi.exceptions.GSSError: An unknown failure occurred
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_rfc6680.html b/_modules/gssapi/raw/ext_rfc6680.html new file mode 100644 index 00000000..0f859187 --- /dev/null +++ b/_modules/gssapi/raw/ext_rfc6680.html @@ -0,0 +1,273 @@ + + + + + + gssapi.raw.ext_rfc6680 — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_rfc6680

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import (
+        GetNameAttributeResult,
+        InquireNameResult,
+    )
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+
[docs]def display_name_ext(
+    name: "Name",
+    name_type: "OID",
+) -> bytes:
+    """Display the given Name using the given name type.
+
+    This method attempts to display the given Name using the syntax of
+    the given name type.  If this is not possible, an appropriate error
+    will be raised.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to display
+        name_type (~gssapi.OID): the name type (see NameType) to use to
+            display the given name
+
+    Returns:
+        bytes: the displayed name
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given name could not
+            be displayed using the given name type
+    """

+
+
+
[docs]def inquire_name(
+    name: "Name",
+    mech_name: bool = True,
+    attrs: bool = True,
+) -> "InquireNameResult":
+    """Get information about a Name.
+
+    This method retrieves information about the given name, including
+    the set of attribute names for the given name, as well as whether or
+    not the name is a mechanism name.  Additionally, if the given name is
+    a mechanism name, the associated mechansim is returned as well.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name about which to inquire
+        mech_name (bool): whether or not to retrieve if this name
+            is a mech_name (and the associate mechanism)
+        attrs (bool): whether or not to retrieve the attribute name list
+
+    Returns:
+        InquireNameResult: the set of attribute names for the given name,
+        whether or not the name is a Mechanism Name, and potentially
+        the associated mechanism if it is a Mechanism Name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def set_name_attribute(
+    name: "Name",
+    attr: bytes,
+    value: t.Iterable[bytes],
+    complete: bool = False,
+) -> None:
+    """Set the value(s) of a name attribute.
+
+    This method sets the value(s) of the given attribute on the given name.
+
+    Note that this functionality more closely matches the pseudo-API
+    presented in RFC 6680, not the C API (which uses multiple calls to
+    add multiple values).  However, multiple calls to this method will
+    continue adding values, so :func:`delete_name_attribute` must be
+    used in between calls to "clear" the values.
+
+    Args:
+        name (~gssapi.raw.names.Name): the Name on which to set the attribute
+        attr (bytes): the name of the attribute
+        value (list): a list of bytes objects to use as the value(s)
+        complete (bool): whether or not to mark this attribute's value
+            set as being "complete"
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given attribute name
+            is unknown or could not be set
+    """

+
+
+
[docs]def get_name_attribute(
+    name: "Name",
+    attr: bytes,
+    more: t.Optional[int] = None,
+) -> "GetNameAttributeResult":
+    """Get the value(s) of a name attribute.
+
+    This method retrieves the value(s) of the given attribute
+    for the given Name.
+
+    Note that this functionality matches pseudo-API presented
+    in RFC 6680, not the C API (which uses a state variable and
+    multiple calls to retrieve multiple values).
+
+    Args:
+        name (~gssapi.raw.names.Name): the Name from which to get the attribute
+        attr (bytes): the name of the attribute
+
+    Returns:
+        GetNameAttributeResult: the raw version of the value(s),
+        the human-readable version of the value(s), whether
+        or not the attribute was authenticated, and whether or
+        not the attribute's value set was marked as complete
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given attribute is
+            unknown or unset
+    """

+
+
+
[docs]def delete_name_attribute(
+    name: "Name",
+    attr: bytes,
+) -> None:
+    """Remove an attribute from a name.
+
+    This method removes an attribute from a Name.  This method may be
+    used before :func:`set_name_attribute` clear the values of an attribute
+    before setting a new value (making the latter method work like a 'set'
+    operation instead of an 'add' operation).
+
+    Note that the removal of certain attributes may not be allowed.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to remove the attribute from
+        attr (bytes): the name of the attribute
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.UnauthorizedError
+    """

+
+
+
[docs]def export_name_composite(
+    name: "Name",
+) -> bytes:
+    """Export a name, preserving attribute information.
+
+    This method functions similarly to :func:`~gssapi.raw.names.export_name`,
+    except that it preserves attribute information.  The resulting bytes may be
+    imported using :func:`~gssapi.raw.names.import_name` with the
+    :attr:`~gssapi.raw.types.NameType.composite_export` name type.
+
+    Note:
+        Some versions of MIT Kerberos require you to either canonicalize a name
+        once it has been imported with composite-export name type, or to import
+        using the normal export name type.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to export
+
+    Returns:
+        bytes: the exported composite name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_s4u.html b/_modules/gssapi/raw/ext_s4u.html new file mode 100644 index 00000000..49af9809 --- /dev/null +++ b/_modules/gssapi/raw/ext_s4u.html @@ -0,0 +1,190 @@ + + + + + + gssapi.raw.ext_s4u — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_s4u

+"""Service4User Extension"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+
[docs]def acquire_cred_impersonate_name(
+    impersonator_cred: "Creds",
+    name: "Name",
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'initiate',
+) -> "AcquireCredResult":
+    """Acquire credentials by impersonating another name.
+
+    This method is one of the ways to use S4U2Self.  It acquires credentials
+    by impersonating another name using a set of proxy credentials.  The
+    impersonator credentials must have a usage of 'both' or 'initiate'.
+
+    Args:
+        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
+            permissions to impersonate the target name
+        name (~gssapi.raw.names.Name): the name to impersonate
+        lifetime (int): the lifetime for the credentials (or None for
+            indefinite) in seconds
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work (or None for the default set)
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not support)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def add_cred_impersonate_name(
+    input_cred: "Creds",
+    impersonator_cred: "Creds",
+    name: "Name",
+    mech: "OID",
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AddCredResult":
+    """Add a credentials element to a credential by impersonating another name.
+
+    This method is one of the ways to use S4U2Self.  It adds credentials
+    to the input credentials by impersonating another name using a set of
+    proxy credentials.  The impersonator credentials must have a usage of
+    'both' or 'initiate'.
+
+    Args:
+        input_cred (~gssapi.raw.creds.Creds): the set of credentials to which
+            to add the new credentials
+        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
+            permissions to impersonate the target name
+        name (~gssapi.raw.names.Name): the name to impersonate
+        mech (~gssapi.raw.types.MechType): the desired mechanism. Note that
+            this is both
+            singular and required, unlike acquireCredImpersonateName
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+        init_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to initiate security contexts (or None
+            for indefinite)
+        accept_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to accept security contexts (or None
+            for indefinite)
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL in seconds, and the actual acceptor TTL
+        in seconds (the TTLs may be None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/ext_set_cred_opt.html b/_modules/gssapi/raw/ext_set_cred_opt.html new file mode 100644 index 00000000..53952e67 --- /dev/null +++ b/_modules/gssapi/raw/ext_set_cred_opt.html @@ -0,0 +1,154 @@ + + + + + + gssapi.raw.ext_set_cred_opt — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.ext_set_cred_opt

+"""
+gss_set_cred_option
+
+Provides a way to set options on a credential based on the OID specified. A
+common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
+credential. This is used for interoperability with Microsoft's SSPI.
+
+Note this function is commonly lumped with the GGF extensions but they are not
+part of the GGF IETF draft so it's separated into it's own file.
+
+Closest draft IETF document for the gss_set_cred_option can be found at
+https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01
+"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+
+
+
[docs]def set_cred_option(
+    desired_aspect: "OID",
+    creds: t.Optional["Creds"] = None,
+    value: t.Optional[bytes] = None,
+) -> "Creds":
+    """
+    This method is used to set options of a :class:`~gssapi.raw.creds.Creds`
+    object based on an OID key. The options that can be set depends on the mech
+    the credentials were created with.
+
+    An example of how this can be used would be to set the
+    GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
+    this flag is '1.2.752.43.13.29' and it requires no value to be set. This
+    must be set before the SecurityContext was initialised with the
+    credentials.
+
+    Args:
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Credential to set.
+        cred_handle (~gssapi.raw.creds.Creds): the Credentials to set, or None
+            to create a new credential.
+        value (bytes): the value to set on the desired aspect of the Credential
+            or None to send GSS_C_EMPTY_BUFFER.
+
+    Returns:
+        Creds: The output credential.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/message.html b/_modules/gssapi/raw/message.html new file mode 100644 index 00000000..bf832702 --- /dev/null +++ b/_modules/gssapi/raw/message.html @@ -0,0 +1,260 @@ + + + + + + gssapi.raw.message — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.message

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
+    from gssapi.sec_contexts import SecurityContext
+
+
+
[docs]def get_mic(
+    context: "SecurityContext",
+    message: bytes,
+    qop: t.Optional[int] = None,
+) -> bytes:
+    """Generate a MIC for a message.
+
+    This method generates a Message Integrity Check token for the
+    given message.  This can be separately trasmitted to the other
+    entity, unlike wrap, which bundles the MIC and the message
+    together.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message for which to generate the MIC
+        qop (int): the requested Quality of Protection
+            (or None to use the default)
+
+    Returns:
+        bytes: the generated MIC token
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
[docs]def verify_mic(
+    context: "SecurityContext",
+    message: bytes,
+    token: bytes,
+) -> int:
+    """Verify that a MIC matches a message.
+
+    This method verifies that the given MIC matches the given message.
+    If the MIC does not match the given message, an exception will
+    be raised.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message in question
+        token (bytes): the MIC token in question
+
+    Returns:
+        int: the QoP used.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.TokenTooLateError
+        ~gssapi.exceptions.TokenTooEarlyError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
[docs]def wrap_size_limit(
+    context: "SecurityContext",
+    output_size: int,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> int:
+    """Calculate the max message size.
+
+    This method calculates the unwrapped/unencrypted message size for
+    the given maximum wrapped/encrypted message size.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        output_size (int): the maximum desired wrapped/encrypted message size
+        confidential (bool): whether or not confidentiality is being used
+        qop (int): the QoP that will be when you actually call wrap
+            (or None for the default QoP)
+
+    Returns:
+        int: the maximum unencrypted/unwrapped message size
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
[docs]def wrap(
+    context: "SecurityContext",
+    message: bytes,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Wrap/Encrypt a message.
+
+    This method wraps or encrypts a message (depending on the value
+    of confidential) with the given Quality of Protection.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to wrap or encrypt
+        confidential (bool): whether or not to encrypt the message (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        WrapResult: the wrapped/encrypted message, and whether or not
+            encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
[docs]def unwrap(
+    context: "SecurityContext",
+    message: bytes,
+) -> "UnwrapResult":
+    """Unwrap/Decrypt a message.
+
+    This method unwraps or decrypts a message, depending
+    on whether the sender used confidentiality.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to unwrap/decrypt
+
+    Returns:
+        UnwrapResult: the unwrapped/decrypted message, whether or on
+            encryption was used, and the QoP used
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.TokenTooLateError
+        ~gssapi.exceptions.TokenTooEarlyError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/misc.html b/_modules/gssapi/raw/misc.html new file mode 100644 index 00000000..fb7fc4d5 --- /dev/null +++ b/_modules/gssapi/raw/misc.html @@ -0,0 +1,270 @@ + + + + + + gssapi.raw.misc — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.misc

+import typing as t
+
+from gssapi.raw.names import Name
+from gssapi.raw.oids import OID
+from gssapi.raw.types import MechType
+
+
+
[docs]def indicate_mechs() -> t.Set[OID]:
+    """Get the currently supported mechanisms.
+
+    This method retrieves the currently supported GSSAPI mechanisms.
+    Note that if unknown mechanims are found, those will be skipped.
+    """

+
+
+
[docs]def inquire_names_for_mech(
+    mech: OID,
+) -> t.Set[OID]:
+    """
+    inquire_names_for_mech(mech)
+    Get the name types supported by a mechanism.
+
+    This method retrieves the different name types supported by
+    the given mechanism.
+
+    Args:
+        mech (~gssapi.OID): the mechanism in question
+
+    Returns:
+        list: the name type OIDs supported by the given mechanism
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
[docs]def inquire_mechs_for_name(
+    name: Name,
+) -> t.Set[OID]:
+    """
+    inquire_mechs_for_name(name)
+    List the mechanisms which can process a name.
+
+    This method lists the mechanisms which may be able to
+    process the given name.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+
+    Returns:
+        The mechanism OIDs able to process the given name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+def _display_status(
+    error_code: int,
+    is_major_code: bool,
+    mech: t.Optional[MechType] = None,
+    message_context: int = 0,
+) -> t.Tuple[bytes, int, bool]:
+    """
+    Display a string message for a GSSAPI error code.
+
+    This method displays a message for a corresponding GSSAPI error code.
+    Since some error codes might have multiple messages, a context parameter
+    may be passed to indicate where in the series of messages we currently are
+    (this is the second item in the return value tuple).  Additionally, the
+    third item in the return value tuple indicates whether or not more
+    messages are available.
+
+    Args:
+        error_code (int): The error code in question
+        is_major_code (bool): is this a major code (True) or a
+            minor code (False)
+        mech (~gssapi.raw.types.MechType): The mechanism type that returned
+            this error code (defaults to None, for the default mechanism)
+        message_context (int): The context for this call -- this is used when
+            multiple messages are available (defaults to 0)
+
+    Returns:
+        (bytes, int, bool): the message, the new message context, and
+            whether or not to call again for further messages
+
+    Raises:
+       ValueError
+    """
+
+
+
[docs]class GSSError(Exception):
+    """
+    A GSSAPI Error
+
+    This Exception represents an error returned from the GSSAPI
+    C bindings.  It contains the major and minor status codes
+    returned by the method which caused the error, and can
+    generate human-readable string messages from the error
+    codes
+    """
+
+
[docs]    maj_code: int

+
[docs]    min_code: int

+
[docs]    token: t.Optional[bytes]

+
[docs]    calling_code: int

+
[docs]    routine_code: int

+
[docs]    supplementary_code: int

+
+    @classmethod
+    def _parse_major_code(
+        cls,
+        maj_code: int
+    ) -> t.Tuple[int, int, int]: ...
+
+    def __init__(
+        self,
+        maj_code: int,
+        min_code: int,
+        token: t.Optional[bytes] = None,
+    ) -> None:
+        """
+        Create a new GSSError.
+
+        This method creates a new GSSError,
+        retrieves the related human-readable
+        string messages, and uses the results to construct an
+        exception message
+
+        Args:
+            maj_code: the major code associated with this error
+            min_code: the minor code associated with this error
+            token: an error token associated with the error
+        """
+
+
[docs]    def get_all_statuses(
+        self,
+        code: int,
+        is_maj: bool,
+    ) -> t.List[str]:
+        """
+        Retrieve all messages for a status code.
+
+        This method retrieves all human-readable messages
+        available for the given status code.
+
+        Args:
+            code: the status code in question
+            is_maj: whether this is a major status code (True)
+                or minor status code (False)
+
+        Returns:
+            [str]: A list of string messages associated with the
+                given code
+        """

+
+
[docs]    def gen_message(self) -> str:
+        """
+        Retrieves all messages for this error's status codes
+
+        This method retrieves all messages for this error's status codes,
+        and forms them into a string for use as an exception message
+
+        Returns:
+            str: a string for use as this error's message
+        """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/named_tuples.html b/_modules/gssapi/raw/named_tuples.html new file mode 100644 index 00000000..c49d252e --- /dev/null +++ b/_modules/gssapi/raw/named_tuples.html @@ -0,0 +1,327 @@ + + + + + + gssapi.raw.named_tuples — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.named_tuples

+from typing import List, NamedTuple, Optional, Set, TYPE_CHECKING
+
+from gssapi.raw.oids import OID
+from gssapi.raw.types import RequirementFlag
+
+if TYPE_CHECKING:
+    import gssapi
+
+
+
[docs]class AcquireCredResult(NamedTuple):
+    """Credential result when acquiring a GSSAPI credential."""
+    #: GSSAPI credentials that were acquired
+    creds: "gssapi.raw.creds.Creds"
+    #: Set of mechs the cred is for
+    mechs: Set[OID]
+    #: Number of seconds for which the cred will remain valid
+    lifetime: int

+
+
+
[docs]class InquireCredResult(NamedTuple):
+    """Information about the credential."""
+    #: The principal associated with the credential
+    name: Optional["gssapi.raw.names.Name"]
+    #: Number of seconds which the cred is valid for
+    lifetime: Optional[int]
+    #: How the credential can be used
+    usage: Optional[str]
+    #: Set of mechs the cred is for
+    mechs: Optional[Set[OID]]

+
+
+
[docs]class InquireCredByMechResult(NamedTuple):
+    """Information about the credential for a specific mechanism."""
+    #: The principal associated with the credential
+    name: Optional["gssapi.raw.names.Name"]
+    #: Time valid for initiation, in seconds
+    init_lifetime: Optional[int]
+    #: Time valid for accepting, in seconds
+    accept_lifetime: Optional[int]
+    #: How the credential can be used
+    usage: Optional[str]

+
+
+
[docs]class AddCredResult(NamedTuple):
+    """Result of adding to a GSSAPI credential."""
+    #: The credential that was generated
+    creds: Optional["gssapi.raw.creds.Creds"]
+    #: Set of mechs the cred is for
+    mechs: Set[OID]
+    #: Time valid for initiation, in seconds
+    init_lifetime: int
+    #: Time valid for accepting, in seconds
+    accept_lifetime: int

+
+
+
[docs]class DisplayNameResult(NamedTuple):
+    """Textual representation of a GSSAPI name."""
+    #: The representation of the GSSAPI name
+    name: bytes
+    #: The type of GSSAPI name
+    name_type: Optional[OID]

+
+
+
[docs]class WrapResult(NamedTuple):
+    """Wrapped message result."""
+    #: The wrapped message
+    message: bytes
+    #: Whether the message is encrypted and not just signed
+    encrypted: bool

+
+
+
[docs]class UnwrapResult(NamedTuple):
+    """Unwrapped message result."""
+    #: The unwrapped message
+    message: bytes
+    #: Whether the message was encrypted and not just signed
+    encrypted: bool
+    #: The quality of protection applied to the message
+    qop: int

+
+
+
[docs]class AcceptSecContextResult(NamedTuple):
+    """Result when accepting a security context by an initiator."""
+    #: The acceptor security context
+    context: "gssapi.raw.sec_contexts.SecurityContext"
+    #: The authenticated name of the initiator
+    initiator_name: "gssapi.raw.names.Name"
+    #: Mechanism with which the context was established
+    mech: OID
+    #: Token to be returned to the initiator
+    token: Optional[bytes]
+    #: Services requested by the initiator
+    flags: RequirementFlag
+    #: Seconds for which the context is valid for
+    lifetime: int
+    #: Delegated credentials
+    delegated_creds: Optional["gssapi.raw.creds.Creds"]
+    #: More input is required to complete the exchange
+    more_steps: bool

+
+
+
[docs]class InitSecContextResult(NamedTuple):
+    """Result when initiating a security context"""
+    #: The initiator security context
+    context: "gssapi.raw.sec_contexts.SecurityContext"
+    #: Mechanism used in the security context
+    mech: OID
+    #: Services available for the context
+    flags: RequirementFlag
+    #: Token to be sent to the acceptor
+    token: Optional[bytes]
+    #: Seconds for which the context is valid for
+    lifetime: int
+    #: More input is required to complete the exchange
+    more_steps: bool

+
+
+
[docs]class InquireContextResult(NamedTuple):
+    """Information about the security context."""
+    #: Name of the initiator
+    initiator_name: Optional["gssapi.raw.names.Name"]
+    #: Name of the acceptor
+    target_name: Optional["gssapi.raw.names.Name"]
+    #: Time valid for the security context, in seconds
+    lifetime: Optional[int]
+    #: Mech used to create the security context
+    mech: Optional[OID]
+    #: Services available for the context
+    flags: Optional[RequirementFlag]
+    #: Context was initiated locally
+    locally_init: Optional[bool]
+    #: Context has been established and ready to use
+    complete: Optional[bool]

+
+
+
[docs]class StoreCredResult(NamedTuple):
+    """Result of the credential storing operation."""
+    #: Mechs that were stored in the credential store
+    mechs: List[OID]
+    #: How the credential can be used
+    usage: str

+
+
+
[docs]class IOVUnwrapResult(NamedTuple):
+    """Unwrapped IOV message result."""
+    #: Whether the message was encrypted and not just signed
+    encrypted: bool
+    #: The quality of protection applied to the message
+    qop: int

+
+
+
[docs]class InquireNameResult(NamedTuple):
+    """Information about a GSSAPI Name."""
+    #: Set of attribute names
+    attrs: List[bytes]
+    #: Name is a mechanism name
+    is_mech_name: bool
+    #: The mechanism if is_name_mech is True
+    mech: OID

+
+
+
[docs]class GetNameAttributeResult(NamedTuple):
+    """GSSAPI Name attribute values."""
+    #: Raw values
+    values: List[bytes]
+    #: Human-readable values
+    display_values: List[bytes]
+    #: Attribute has been authenticated
+    authenticated: bool
+    #: Attribute value is marked as complete
+    complete: bool

+
+
+
[docs]class InquireAttrsResult(NamedTuple):
+    """Set of attributes supported and known by a mechanism."""
+    #: The mechanisms attributes
+    mech_attrs: Set[OID]
+    #: Known attributes of the mechanism
+    known_mech_attrs: Set[OID]

+
+
+
[docs]class DisplayAttrResult(NamedTuple):
+    """Information about an attribute."""
+    #: The mechanism name
+    name: bytes
+    #: Short description of the mechanism
+    short_desc: bytes
+    #: Long description of the mechanism
+    long_desc: bytes

+
+
+
[docs]class InquireSASLNameResult(NamedTuple):
+    """SASL informmation about a GSSAPI Name."""
+    #: The SASL name
+    sasl_mech_name: bytes
+    #: The mechanism name
+    mech_name: bytes
+    #: The mechanism description
+    mech_description: bytes

+
+
+
[docs]class Rfc1964KeyData(NamedTuple):
+    """Security context key data based on RFC1964."""
+    #: Signing algorithm identifier
+    sign_alg: int
+    #: Sealing algorithm identifier
+    seal_alg: int
+    #: Key encryption type identifier
+    key_type: int
+    #: Encryption key data
+    key: bytes

+
+
+
[docs]class CfxKeyData(NamedTuple):
+    """Securty context key data."""
+    #: Context key encryption type identifier
+    ctx_key_type: int
+    #: Context key data - session or sub-session key
+    ctx_key: bytes
+    #: Acceptor key enc type identifier
+    acceptor_subkey_type: Optional[int]
+    #: Acceptor key data
+    acceptor_subkey: Optional[bytes]

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/names.html b/_modules/gssapi/raw/names.html new file mode 100644 index 00000000..bd0e7911 --- /dev/null +++ b/_modules/gssapi/raw/names.html @@ -0,0 +1,274 @@ + + + + + + gssapi.raw.names — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.names

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import DisplayNameResult
+    from gssapi.raw.oids import OID
+
+
[docs]class Name:
+    """
+    A GSSAPI Name
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["Name"] = None,
+    ) -> "Name": ...

+
+
+
[docs]def import_name(
+    name: bytes,
+    name_type: t.Optional["OID"] = None,
+) -> Name:
+    """Convert a string and a name type into a GSSAPI name.
+
+    This method takes a string name and a name type and converts
+    them into a GSSAPI :class:`Name`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the string version of the name
+        name_type (~gssapi.raw.types.MechType): the type of this name
+
+    Returns:
+        Name: the GSSAPI version of the name
+
+    Raises:
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
[docs]def display_name(
+    name: Name,
+    name_type: bool = True,
+) -> "DisplayNameResult":
+    """Convert a GSSAPI name into its components.
+
+    This method converts a GSSAPI :class:`Name` back into its
+    text form.  If ``name_type`` is True, it also attempts to
+    retrieve the :class:`~gssapi.raw.types.NameType` of the name (otherwise the
+    returned name type will be ``None``).
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+        name_type (~gssapi.raw.types.MechType): whether or not to retrieve the
+            name type
+
+    Returns:
+        DisplayNameResult: the text part of the name and its type
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
[docs]def compare_name(
+    name1: Name,
+    name2: Name,
+) -> bool:
+    """Check two GSSAPI names to see if they are the same.
+
+    This method compares two GSSAPI names, checking to
+    see if they are equivalent.
+
+    Args:
+        name1 (~gssapi.raw.names.Name): the first name to compare
+        name2 (~gssapi.raw.names.Name): the second name to compare
+
+    Returns:
+        bool: whether or not the names are equal
+
+    Raises:
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
[docs]def export_name(
+    name: Name,
+) -> bytes:
+    """Export a GSSAPI name.
+
+    This method "produces a canonical contigous string representation
+    of a mechanism name, suitable for direct comparison for use in
+    authorization functions".
+
+    The input name must be a valid GSSAPI mechanism name, as generated by
+    :func:`canonicalize_name` or
+    :func:`~gssapi.raw.sec_contexts.accept_sec_context`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to export
+
+    Returns:
+        bytes: the exported name
+
+    Raises:
+        ~gssapi.exceptions.MechanismNameRequiredError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
[docs]def canonicalize_name(
+    name: Name,
+    mech: "OID",
+) -> Name:
+    """Canonicalize an arbitrary GSSAPI Name into a Mechanism Name
+
+    This method turns any GSSAPI name into a "mechanism name" --
+    a full form name specific to a mechanism.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to canonicalize
+        mech (~gssapi.raw.types.MechType): the mechanism type to use to
+            canonicalize the name
+
+    Returns:
+        Name: a canonicalized version of the input name
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
[docs]def duplicate_name(
+    name: Name,
+) -> Name:
+    """Duplicate a GSSAPI name.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to duplicate
+
+    Returns:
+        Name: a duplicate of the input name
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
[docs]def release_name(
+    name: Name,
+) -> None:
+    """Release a GSSAPI name.
+
+    This method frees a GSSAPI :class:`Name`.
+    You probably won't have to do this.
+
+    Warning:
+        This method is deprecated.  Names are
+        automatically freed by Python.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/oids.html b/_modules/gssapi/raw/oids.html new file mode 100644 index 00000000..59fa4dd3 --- /dev/null +++ b/_modules/gssapi/raw/oids.html @@ -0,0 +1,154 @@ + + + + + + gssapi.raw.oids — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.oids

+import typing as t
+
+
[docs]class OID:
+    """
+    A GSSAPI OID
+
+    A new OID may be created by passing the `elements` argument
+    to the constructor.  The `elements` argument should be a
+    :class:`bytes` consisting of the BER-encoded values in the OID.
+
+    To retrieve the underlying bytes, use the :class:`bytes`
+    function in Python 3.
+
+    This object is hashable, and may be compared using equality
+    operators.
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["OID"] = None,
+        elements: t.Optional[bytes] = None,
+    ) -> "OID": ...
+
+    @classmethod
+
[docs]    def from_int_seq(
+        cls,
+        integer_sequence: t.Union[str, t.Iterable[int]],
+    ) -> "OID":
+        """Create a OID from a sequence of integers.
+
+        This method creates an OID from a sequence of integers.
+        The sequence can either be in dotted form as a string,
+        or in list form.
+
+        This method is not for BER-encoded byte strings, which
+        can be passed directly to the OID constructor.
+
+        Args:
+            integer_sequence: either a list of integers or
+                a string in dotted form
+
+        Returns:
+            OID: the OID represented by the given integer sequence
+
+        Raises:
+            ValueError: the sequence is less than two elements long
+        """

+
+    @property
+
[docs]    def dotted_form(self) -> str: ...

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/sec_contexts.html b/_modules/gssapi/raw/sec_contexts.html new file mode 100644 index 00000000..09ed64fc --- /dev/null +++ b/_modules/gssapi/raw/sec_contexts.html @@ -0,0 +1,398 @@ + + + + + + gssapi.raw.sec_contexts — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.sec_contexts

+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.chan_bindings import ChannelBindings
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import (
+        AcceptSecContextResult,
+        InitSecContextResult,
+        InquireContextResult,
+    )
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+    from gssapi.raw.types import RequirementFlag
+
+
[docs]class SecurityContext:
+    """
+    A GSSAPI Security Context
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["SecurityContext"] = None,
+    ) -> "SecurityContext": ...
+
+    @property
+    def _started(self) -> bool: ...

+
+
+
[docs]def init_sec_context(
+    name: "Name",
+    creds: t.Optional["Creds"] = None,
+    context: t.Optional[SecurityContext] = None,
+    mech: t.Optional["OID"] = None,
+    flags: t.Optional[t.Union[
+        int, "RequirementFlag",
+        t.Iterable[int], t.Iterable["RequirementFlag"]
+    ]] = None,
+    lifetime: t.Optional[int] = None,
+    channel_bindings: t.Optional["ChannelBindings"] = None,
+    input_token: t.Optional[bytes] = None,
+) -> "InitSecContextResult":
+    """Initiate a GSSAPI security context.
+
+    This method initiates a GSSAPI security context, targeting the given
+    target name.  To create a basic context, just provide the target name.
+    Further calls used to update the context should pass in the output context
+    of the last call, as well as the input token received from the acceptor.
+
+    Warning:
+        This changes the input context!
+
+    Args:
+        target_name (~gssapi.raw.names.Name): the target for the security
+            context
+        creds (Creds): the credentials to use to initiate the context,
+            or None to use the default credentials
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context to update, or None to create a new context
+        mech (~gssapi.raw.types.MechType): the mechanism type for this security
+            context, or None for the default mechanism type
+        flags (list): the flags to request for the security context, or
+            None to use the default set: mutual_authentication and
+            out_of_sequence_detection.  This may also be an
+            :class:`IntEnumFlagSet`
+        lifetime (int): the request lifetime of the security context in seconds
+            (a value of 0 or None means indefinite)
+        channel_bindings (ChannelBindings): The channel bindings (or None for
+            no channel bindings)
+        input_token (bytes): the token to use to update the security context,
+            or None if you are creating a new context
+
+    Returns:
+        InitSecContextResult: the output security context, the actual mech
+        type, the actual flags used, the output token to send to the acceptor,
+        the actual lifetime of the context in seconds (or None if not supported
+        or indefinite), and whether or not more calls are needed to finish the
+        initiation.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.BadChannelBindingsError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
[docs]def accept_sec_context(
+    input_token: bytes,
+    acceptor_creds: t.Optional["Creds"] = None,
+    context: t.Optional[SecurityContext] = None,
+    channel_bindings: t.Optional["ChannelBindings"] = None,
+) -> "AcceptSecContextResult":
+    """Accept a GSSAPI security context.
+
+    This method accepts a GSSAPI security context using a token sent by the
+    initiator, using the given credentials.  It can either be used to accept a
+    security context and create a new security context object, or to update an
+    existing security context object.
+
+    Warning:
+        This changes the input context!
+
+    Args:
+        input_token (bytes): the token sent by the context initiator
+        acceptor_creds (Creds): the credentials to be used to accept the
+            context (or None to use the default credentials)
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context to update (or None to create a new security context object)
+        channel_bindings (ChannelBindings): The channel bindings (or None for
+            no channel bindings)
+
+    Returns:
+        AcceptSecContextResult: the resulting security context, the initiator
+        name, the mechanism being used, the output token, the flags in use,
+        the lifetime of the context in seconds (or None for indefinite or not
+        supported), the delegated credentials (valid only if the
+        delegate_to_peer flag is set), and whether or not further token
+        exchanges are needed to finalize the security context.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.BadChannelBindingsError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
[docs]def inquire_context(
+    context: SecurityContext,
+    initiator_name: bool = True,
+    target_name: bool = True,
+    lifetime: bool = True,
+    mech: bool = True,
+    flags: bool = True,
+    locally_init: bool = True,
+    complete: bool = True,
+) -> "InquireContextResult":
+    """Get information about a security context.
+
+    This method obtains information about a security context, including
+    the initiator and target names, as well as the TTL, mech,
+    flags, and its current state (open vs closed).
+
+    Note:
+        the target name may be ``None`` if it would have been ``GSS_C_NO_NAME``
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the context in
+            question
+
+    Returns:
+        InquireContextResult: the initiator name, the target name, the TTL
+        (can be None for indefinite or not supported), the mech type, the
+        flags, whether or not the context was locally initiated,
+        and whether or not the context is currently fully established
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
[docs]def context_time(
+    context: SecurityContext,
+) -> int:
+    """Get the amount of time for which the given context will remain valid.
+
+    This method determines the amount of time for which the given
+    security context will remain valid.  An expired context will
+    give a result of 0.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context in question
+
+    Returns:
+        int: the number of seconds for which the context will be valid
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
[docs]def process_context_token(
+    context: SecurityContext,
+    token: bytes,
+) -> None:
+    """Process a token asynchronously.
+
+    This method provides a way to process a token, even if the
+    given security context is not expecting one.  For example,
+    if the initiator has the initSecContext return that the context
+    is complete, but the acceptor is unable to accept the context,
+    and wishes to send a token to the initiator, letting the
+    initiator know of the error.
+
+    Warning:
+        This method has been essentially deprecated by :rfc:`2744`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context against which to process the token
+        token (bytes): the token to process
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
[docs]def import_sec_context(
+    token: bytes,
+) -> SecurityContext:
+    """Import a context from another process.
+
+    This method imports a security context established in another process
+    by reading the specified token which was output by
+    :func:`export_sec_context`.
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.UnauthorizedError
+    """

+
+
+
[docs]def export_sec_context(
+    context: SecurityContext,
+) -> bytes:
+    """Export a context for use in another process.
+
+    This method exports a security context, deactivating in the current process
+    and creating a token which can then be imported into another process
+    with :func:`import_sec_context`.
+
+    Warning: this modifies the input context
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the context to send
+            to another process
+
+    Returns:
+        bytes: the output token to be imported
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.OperationUnavailableError
+    """

+
+
+
[docs]def delete_sec_context(
+    context: SecurityContext,
+    local_only: bool = True,
+) -> bytes:
+    """Delete a GSSAPI security context.
+
+    This method deletes a GSSAPI security context,
+    returning an output token to send to the other
+    holder of the security context to notify them
+    of the deletion.
+
+    Note:
+        This method generally should not be used.  :class:`SecurityContext`
+        objects will automatically be freed by Python.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context in question
+        local_only (bool): should we request local deletion (True), or also
+            remote deletion (False), in which case a token is also returned
+
+    Returns:
+        bytes: the output token (if remote deletion is requested).  Generally
+            this is None, but bytes for compatibility.
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+    """

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/raw/types.html b/_modules/gssapi/raw/types.html new file mode 100644 index 00000000..68761c80 --- /dev/null +++ b/_modules/gssapi/raw/types.html @@ -0,0 +1,278 @@ + + + + + + gssapi.raw.types — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.raw.types

+import numbers
+import typing as t
+
+from collections.abc import MutableSet
+from enum import IntEnum
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.oids import OID
+
+
+
[docs]class NameType:
+    """
+    GSSAPI Name Types
+
+    This enum-like object represents GSSAPI name
+    types (to be used with :func:`~gssapi.raw.names.import_name`, etc)
+    """
+    #: GSS_C_NT_ANONYMOUS 1.3.6.1.5.6.3
+
[docs]    anonymous: "OID" = ...

+    #: GSS_C_NT_EXPORT_NAME 1.3.6.1.5.6.4
+
[docs]    export: "OID" = ...

+    #: GSS_C_NT_HOSTBASED_SERVICE 1.2.840.113554.1.2.1.4
+
[docs]    hostbased_service: "OID" = ...

+    #: GSS_C_NT_MACHINE_UID_NAME 1.2.840.113554.1.2.1.2
+
[docs]    machine_uid: "OID" = ...

+    #: GSS_C_NT_STRING_UID_NAME 1.2.840.113554.1.2.1.3
+
[docs]    string_uid: "OID" = ...

+    #: GSS_C_NT_USER_NAME 1.2.840.113554.1.2.1.1
+
[docs]    user: "OID" = ...

+
+    # Provided through optional extensions
+    #: GSS_C_NT_COMPOSITE_EXPORT 1.3.6.1.5.6.6
+
[docs]    composite_export: "OID" = ...

+    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
+
[docs]    kerberos_principal: "OID" = ...

+    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
+
[docs]    krb5_nt_principal_name: "OID" = ...

+
+
+
[docs]class RequirementFlag(IntEnum):
+    """
+    GSSAPI Requirement Flags
+
+    This :class:`~enum.IntEnum` represents flags used with the
+    :class:`~gssapi.raw.sec_contexts.SecurityContext`-related methods (e.g.
+    :func:`~gssapi.raw.sec_contexts.init_sec_context`)
+
+    The numbers behind the values correspond directly
+    to their C counterparts.
+    """
+    # Note the values are only set here for documentation and type hints
+
[docs]    delegate_to_peer = 1 #: GSS_C_DELEG_FLAG

+
[docs]    mutual_authentication = 2 #: GSS_C_MUTUAL_FLAG

+
[docs]    replay_detection = 4 #: GSS_C_REPLAY_FLAG

+
[docs]    out_of_sequence_detection = 8 #: GSS_C_SEQUENCE_FLAG

+
[docs]    confidentiality = 16 #: GSS_C_CONF_FLAG

+
[docs]    integrity = 32 #: GSS_C_INTEG_FLAG

+
[docs]    anonymity = 64 #: GSS_C_ANON_FLAG

+
[docs]    protection_ready = 128 #: GSS_C_PROT_READY_FLAG

+
[docs]    transferable = 256 #: GSS_C_TRANS_FLAG

+
[docs]    channel_bound = 2048 #: GSS_C_CHANNEL_BOUND_FLAG

+
[docs]    dce_style = 4096 #: GSS_C_DCE_STYLE

+
[docs]    identify = 8192 #: GSS_C_IDENTIFY_FLAG

+
[docs]    extended_error = 16384 #: GSS_C_EXTENDED_ERROR_FLAG

+
[docs]    ok_as_delegate = 32768 #: GSS_C_DELEG_POLICY_FLAG

+
+
+
[docs]class AddressType(IntEnum):
+    """
+    GSSAPI Channel Bindings Address Types
+
+    This :class:`~enum.IntEnum` represents the various address
+    types used with the :class:`~gssapi.raw.chan_bindings.ChannelBindings`
+    structure.
+
+    The numbers behind the values correspond directly
+    to their C counterparts.  There is no value for
+    ``GSS_C_AF_UNSPEC``, since this is represented
+    by ``None``.
+    """
+    # Note the values are only set here for documentation and type hints
+
[docs]    local = 1 #: GSS_C_AF_LOCAL

+
[docs]    ip = 2 #: GSS_C_AF_INET

+
[docs]    arpanet = 3 #: GSS_C_AF_IMPLINK

+
[docs]    pup = 4 #: GSS_C_AF_PUP

+
[docs]    chaos = 5 #: GSS_C_AF_CHAOS

+
[docs]    xerox_ns = 6 #: GSS_C_AF_NS

+
[docs]    nbs = 7 #: GSS_C_AF_NBS

+
[docs]    ecma = 8 #: GSS_C_AF_ECMA

+
[docs]    datakit = 9 #: GSS_C_AF_DATAKIT

+
[docs]    ccitt = 10 #: GSS_C_AF_CCITT

+
[docs]    ibm_sna = 11 #: GSS_C_AF_SNA

+
[docs]    decnet = 12 #: GSS_C_AF_DECnet

+
[docs]    dli = 13 #: GSS_C_AF_DLI

+
[docs]    lat = 14 #: GSS_C_AF_LAT

+
[docs]    hyperchannel = 15 #: GSS_C_AF_HYLINK

+
[docs]    appletalk = 16 #: GSS_C_AF_APPLETALK

+
[docs]    bisync = 17 #: GSS_C_AF_BSC

+
[docs]    dss = 18 #: GSS_C_AF_DSS

+
[docs]    osi_tp4 = 19 #: GSS_C_AF_OSI

+
[docs]    x25 = 21 #: GSS_C_AF_X25

+
[docs]    null = 255 #: GSS_C_AF_NULLADDR

+
+
+
[docs]class MechType:
+    """
+    GSSAPI Mechanism Types
+
+    This enum-like object contains any mechanism :class:`~gssapi.raw.oids.OID`
+    values registered by imported mechanisms.
+    """
+
[docs]    kerberos: "OID" #: gss_mech_krb5 1.2.840.113554.1.2.2

+
+
+
[docs]class GenericFlagSet(MutableSet):
+    """A set backed by a 32-bit integer
+
+    This is a set backed by a 32 bit integer.
+    the members are integers where only one
+    bit is set.
+
+    The class supports normal set operations,
+    as well as traditional "flag set" operations,
+    such as bitwise AND, OR, and XOR.
+    """
+
+
[docs]    MAX_VAL: int

+
+    def __init__(
+        self,
+        flags: t.Optional[
+            t.Union[GenericFlagSet, numbers.Integral, int]
+        ] = None,
+    ) -> None: ...
+
+    def __contains__(
+        self,
+        flag: object,
+    ) -> bool: ...
+
+    def __iter__(self) -> t.Iterator[int]: ...
+
+    def __len__(self) -> int: ...
+
+
[docs]    def add(
+        self,
+        flag: int,
+    ) -> None: ...

+
+
[docs]    def discard(
+        self,
+        flag: int,
+    ) -> None: ...

+
+
+
[docs]class IntEnumFlagSet(GenericFlagSet):
+    """A set backed by a 32-bit integer with enum members
+
+    This class is a :class:`GenericFlagSet` where the returned
+    members are values in an :class:`~enum.IntEnum`.
+
+    It functions exactly like a `GenericFlagSet`, except that
+    it also supports bitwise operations with the enum values.
+    """
+
+    def __init__(
+        self,
+        enum: t.Type[IntEnum],
+        flags: t.Optional[
+            t.Union[GenericFlagSet, numbers.Integral, int]
+        ] = None,
+    ) -> None: ...
+
+    def __iter__(self) -> t.Iterator[IntEnum]: ...

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/gssapi/sec_contexts.html b/_modules/gssapi/sec_contexts.html new file mode 100644 index 00000000..aae316bd --- /dev/null +++ b/_modules/gssapi/sec_contexts.html @@ -0,0 +1,726 @@ + + + + + + gssapi.sec_contexts — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +

Source code for gssapi.sec_contexts

+import typing as t
+
+from gssapi.raw import chan_bindings as rchan_bindings
+from gssapi.raw import sec_contexts as rsec_contexts
+from gssapi.raw import message as rmessage
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import names as rnames
+from gssapi.raw import oids as roids
+from gssapi.raw.types import RequirementFlag, IntEnumFlagSet
+
+import gssapi.exceptions as excs
+from gssapi import _utils
+from gssapi.names import Name
+from gssapi.creds import Credentials
+
+
+
[docs]class SecurityContext(rsec_contexts.SecurityContext,
+                      metaclass=_utils.CheckLastError):
+    """A GSSAPI Security Context
+
+    This class represents a GSSAPI security context that may be used
+    with and/or returned by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI
+    :class:`~gssapi.raw.sec_contexts.SecurityContext` class,
+    and thus may used with both low-level and high-level API methods.
+
+    This class may be pickled and unpickled (the attached delegated
+    credentials object will not be preserved, however).
+    """
+
+    def __new__(
+        cls,
+        base: t.Optional[rsec_contexts.SecurityContext] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        creds: t.Optional[Credentials] = None,
+        lifetime: t.Optional[int] = None,
+        flags: t.Optional[int] = None,
+        mech: t.Optional[roids.OID] = None,
+        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
+        usage: t.Optional[str] = None,
+    ) -> "SecurityContext":
+
+        if token is not None:
+            base = rsec_contexts.import_sec_context(token)
+
+        return t.cast("SecurityContext",
+                      super(SecurityContext, cls).__new__(cls, base))
+
+    def __init__(
+        self,
+        base: t.Optional[rsec_contexts.SecurityContext] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        creds: t.Optional[Credentials] = None,
+        lifetime: t.Optional[int] = None,
+        flags: t.Optional[int] = None,
+        mech: t.Optional[roids.OID] = None,
+        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
+        usage: t.Optional[str] = None,
+    ) -> None:
+        """
+        The constructor creates a new security context, but does not begin
+        the initiate or accept process.
+
+        If the `base` argument is used, an existing
+        :class:`~gssapi.raw.sec_contexts.SecurityContext` object from
+        the low-level API is converted into a high-level object.
+
+        If the `token` argument is passed, the security context is imported
+        using the token.
+
+        Otherwise, a new security context is created.
+
+        If the `usage` argument is not passed, the constructor will attempt
+        to detect what the appropriate usage is based on either the existing
+        security context (if `base` or `token` are used) or the argument set.
+
+        For a security context of the `initiate` usage, the `name` argument
+        must be used, and the `creds`, `mech`, `flags`,
+        `lifetime`, and `channel_bindings` arguments may be
+        used as well.
+
+        For a security context of the `accept` usage, the `creds` and
+        `channel_bindings` arguments may optionally be used.
+        """
+
+        # NB(directxman12): _last_err must be set first
+        self._last_err = None
+
+        # determine the usage ('initiate' vs 'accept')
+        if base is None and token is None:
+            # this will be a new context
+            if usage is not None:
+                if usage not in ('initiate', 'accept'):
+                    msg = "Usage must be either 'initiate' or 'accept'"
+                    raise excs.UnknownUsageError(msg, obj="security context")
+
+                self.usage = usage
+            elif creds is not None and creds.usage != 'both':
+                self.usage = creds.usage
+            elif name is not None:
+                # if we pass a name, assume the usage is 'initiate'
+                self.usage = 'initiate'
+            else:
+                # if we don't pass a name, assume the usage is 'accept'
+                self.usage = 'accept'
+
+            # check for appropriate arguments
+            if self.usage == 'initiate':
+                # takes: creds?, target_name, mech?, flags?,
+                #        channel_bindings?
+                if name is None:
+                    raise TypeError("You must pass the 'name' argument when "
+                                    "creating an initiating security context")
+                self._target_name = name
+                self._mech = mech
+                self._desired_flags = IntEnumFlagSet(RequirementFlag, flags)
+                self._desired_lifetime = lifetime
+            else:
+                # takes creds?
+                if (name is not None or flags is not None or
+                        mech is not None or lifetime is not None):
+                    raise TypeError("You must pass at most the 'creds' "
+                                    "argument when creating an accepting "
+                                    "security context")
+
+            self._channel_bindings = channel_bindings
+            self._creds = creds
+
+            self._delegated_creds = None
+
+        else:
+            # we already have a context in progress, just inspect it
+            # NB(directxman12): MIT krb5 refuses to inquire about a context
+            # if it's partially established, so we have to check here
+
+            try:
+                if self.locally_initiated:
+                    self.usage = 'initiate'
+                else:
+                    self.usage = 'accept'
+            except excs.MissingContextError:
+                msg = ("Cannot extract usage from a partially completed "
+                       "context")
+                raise excs.UnknownUsageError(msg, obj="security context")
+
+        # This is to work around an MIT krb5 bug (see the `complete` property)
+        self._complete: t.Optional[bool] = None
+
+    # NB(directxman12): DO NOT ADD AN __del__ TO THIS CLASS -- it screws up
+    #                   the garbage collector if _last_tb is still defined
+
+    # TODO(directxman12): implement flag properties
+
+
[docs]    def get_signature(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Calculate the signature for a message.
+
+        This method calculates the signature (called a MIC) for
+        the given message, which may be then used with
+        :meth:`verify_signature` to confirm the validity of the
+        signature.  This is useful if you wish to transmit the
+        message signature and message in your own format.
+
+        Args:
+            message (bytes): the input message
+
+        Returns:
+            bytes: the message signature
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        # TODO(directxman12): check flags?
+        return rmessage.get_mic(self, message)

+
+
[docs]    def verify_signature(
+        self,
+        message: bytes,
+        mic: bytes,
+    ) -> int:
+        """Verify the signature for a message.
+
+        This method verifies that a signature (generated by
+        :meth:`get_signature` is valid for the given message.
+
+        If the signature is valid, the method will return.
+        Otherwise, it will raise an error.
+
+        Args:
+            message (bytes): the message
+            mic (bytes): the signature to verify
+
+        Returns:
+            int: the QoP used.
+
+        Raises:
+            ~gssapi.exceptions.BadMICError: the signature was not valid
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        return rmessage.verify_mic(self, message, mic)

+
+
[docs]    def wrap(
+        self,
+        message: bytes,
+        encrypt: bool,
+    ) -> tuples.WrapResult:
+        """Wrap a message, optionally with encryption
+
+        This wraps a message, signing it and optionally
+        encrypting it.
+
+        Args:
+            message (bytes): the message to wrap
+            encrypt (bool): whether or not to encrypt the message
+
+        Returns:
+            WrapResult: the wrapped message and details about it
+            (e.g. whether encryption was used succesfully)
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        return rmessage.wrap(self, message, encrypt)

+
+
[docs]    def unwrap(
+        self,
+        message: bytes,
+    ) -> tuples.UnwrapResult:
+        """Unwrap a wrapped message.
+
+        This method unwraps/unencrypts a wrapped message,
+        verifying the signature along the way.
+
+        Args:
+            message (bytes): the message to unwrap/decrypt
+
+        Returns:
+            UnwrapResult: the unwrapped message and details about it
+            (e.g. wheter encryption was used)
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        return rmessage.unwrap(self, message)

+
+
[docs]    def encrypt(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Encrypt a message.
+
+        This method wraps and encrypts a message, similarly to
+        :meth:`wrap`.  The difference is that encryption is always
+        used, and the method will raise an exception if this is
+        not possible.  Additionally, this method simply returns
+        the encrypted message directly.
+
+        Args:
+            message (bytes): the message to encrypt
+
+        Returns:
+            bytes: the encrypted message
+
+        Raises:
+            ~gssapi.exceptions.EncryptionNotUsed: the encryption could not be
+                used
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        res = self.wrap(message, encrypt=True)
+
+        if not res.encrypted:
+            raise excs.EncryptionNotUsed("Wrapped message was not encrypted")
+
+        return res.message

+
+
[docs]    def decrypt(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Decrypt a message.
+
+        This method decrypts and unwraps a message, verifying the signature
+        along the way, similarly to :meth:`unwrap`.  The difference is that
+        this method will raise an exception if encryption was established
+        by the context and not used, and simply returns the decrypted
+        message directly.
+
+        Args:
+            message (bytes): the encrypted message
+
+        Returns:
+            bytes: the decrypted message
+
+        Raises:
+            ~gssapi.exceptions.EncryptionNotUsed: encryption was expected, but
+                not used
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        res = self.unwrap(message)
+
+        if (not res.encrypted and
+                self.actual_flags & RequirementFlag.confidentiality):
+            raise excs.EncryptionNotUsed("The context was established with "
+                                         "encryption, but unwrapped message "
+                                         "was not encrypted",
+                                         unwrapped_message=res.message)
+
+        return res.message

+
+
[docs]    def get_wrap_size_limit(
+        self,
+        desired_output_size: int,
+        encrypted: bool = True,
+    ) -> int:
+        """Calculate the maximum message size for a given wrapped message size.
+
+        This method calculates the maximum input message size for a given
+        maximum wrapped/encrypted message size.
+
+        Args:
+            desired_output_size (int): the maximum output message size
+            encrypted (bool): whether or not encryption should be taken
+                into account
+
+        Returns:
+            int: the maximum input message size
+
+        Raises:
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        return rmessage.wrap_size_limit(self, desired_output_size,
+                                        encrypted)

+
+
[docs]    def process_token(
+        self,
+        token: bytes,
+    ) -> None:
+        """Process an output token asynchronously.
+
+        This method processes an output token even when the security context
+        was not expecting it.
+
+        Warning:
+            This method is deprecated.
+
+        Args:
+            token (bytes): the token to process
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        rsec_contexts.process_context_token(self, token)

+
+
[docs]    def export(self) -> bytes:
+        """Export a security context.
+
+        This method exports a security context, allowing it to be passed
+        between processes.
+
+        Returns:
+            bytes: the exported security context
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.OperationUnavailableError
+        """
+
+        return rsec_contexts.export_sec_context(self)

+
+    _INQUIRE_ARGS = ('initiator_name', 'target_name', 'lifetime',
+                     'mech', 'flags', 'locally_init', 'complete')
+
+    @_utils.check_last_err
+    def _inquire(
+        self,
+        **kwargs: bool,
+    ) -> tuples.InquireContextResult:
+        """Inspect the security context for information
+
+        This method inspects the security context for information.
+
+        If no keyword arguments are passed, all available information
+        is returned.  Otherwise, only the keyword arguments that
+        are passed and set to `True` are returned.
+
+        Args:
+            initiator_name (bool): get the initiator name for this context
+            target_name (bool): get the target name for this context
+            lifetime (bool): get the remaining lifetime, in seconds, for this
+                context
+            mech (bool): get the :class:`MechType` used by this context
+            flags (bool): get the flags set on this context
+            locally_init (bool): get whether this context was locally initiated
+            complete (bool): get whether negotiation on this context has
+                been completed
+
+        Returns:
+            InquireContextResult: the results of the inquiry, with unused
+            fields set to None
+
+        Raises:
+            ~gssapi.exceptions.MissingContextError
+        """
+        if not kwargs:
+            default_val = True
+        else:
+            default_val = False
+
+        for arg in self._INQUIRE_ARGS:
+            kwargs[arg] = kwargs.get(arg, default_val)
+
+        res = rsec_contexts.inquire_context(self, **kwargs)
+
+        if (kwargs.get('initiator_name', False) and
+                res.initiator_name is not None):
+            init_name = Name(res.initiator_name)
+        else:
+            init_name = None
+
+        if (kwargs.get('target_name', False) and
+                res.target_name is not None):
+            target_name = Name(res.target_name)
+        else:
+            target_name = None
+
+        return tuples.InquireContextResult(init_name, target_name,
+                                           res.lifetime, res.mech,
+                                           res.flags, res.locally_init,
+                                           res.complete)
+
+    @property
+    def lifetime(self) -> int:
+        """The amount of time for which this context remains valid"""
+        return rsec_contexts.context_time(self)
+
+    @property
+    def delegated_creds(self) -> t.Optional[Credentials]:
+        """The credentials delegated from the initiator to the acceptor
+
+        .. warning::
+
+            This value will not be preserved across picklings.  These should
+            be separately exported and transfered.
+
+        """
+        return self._delegated_creds
+
+    initiator_name = _utils.inquire_property(
+        'initiator_name', 'The :class:`Name` of the initiator of this context')
+    target_name = _utils.inquire_property(
+        'target_name', 'The :class:`Name` of the target of this context')
+    mech = _utils.inquire_property(
+        'mech', 'The mechanism (:class:`MechType`) in use by this context')
+    actual_flags = _utils.inquire_property(
+        'flags', 'The flags set on this context')
+    locally_initiated = _utils.inquire_property(
+        'locally_init', 'Whether this context was locally intiated')
+
+    @property  # type: ignore # https://github.com/python/mypy/issues/1362
+    @_utils.check_last_err
+    def complete(self) -> bool:
+        """Whether negotiation for this context has been completed"""
+        # NB(directxman12): MIT krb5 has a bug where it refuses to
+        #                   inquire about partially completed contexts,
+        #                   so we can't just use `self._inquire` generally
+        if self._started:
+            complete = self._complete
+            if complete is None:
+                try:
+                    complete = self._inquire(complete=True).complete
+                except excs.MissingContextError:
+                    return False
+                else:
+                    self._complete = complete
+
+            return complete
+        else:
+            return False
+
+
[docs]    @_utils.catch_and_return_token
+    def step(
+        self,
+        token: t.Optional[bytes] = None,
+    ) -> t.Optional[bytes]:
+        """Perform a negotation step.
+
+        This method performs a negotiation step based on the usage type
+        of this context.  If `__DEFER_STEP_ERRORS__` is set to True on
+        the class, this method will return a token, even when exceptions
+        would be thrown.  The generated exception will be thrown on the next
+        method call or property lookup on the context.
+        **This is the default behavior.**
+
+        This method should be used in a while loop, as such:
+
+        .. code-block:: python
+
+           input_token = None
+           try:
+               while not ctx.complete:
+                   output_token = ctx.step(input_token)
+                   if not output_token:
+                       break
+                   input_token = send_and_receive(output_token)
+           except GSSError as e:
+                handle_the_issue()
+
+        .. tip::
+
+            Disabling `__DEFER_STEP_ERRORS__` is rarely necessary.
+            When this method is used in a loop (as above),
+            `__DEFER_STEP_ERRORS__` will ensure that you always
+            send an error token when it's available,
+            keeping the other end of the security context updated
+            with the status of the negotiation.
+
+        Args:
+            token (bytes): the input token from the other participant's step
+
+        Returns:
+            bytes: the output token to send to the other participant
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.InvalidCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.BadChannelBindingsError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.ExpiredTokenError: (initiate only)
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadNameTypeError: (initiate only)
+            ~gssapi.exceptions.BadNameError: (initiate only)
+            ~gssapi.exceptions.BadMechanismError
+        """
+
+        if self.usage == 'accept':
+            return self._acceptor_step(token=token or b"")
+        else:
+            return self._initiator_step(token=token)

+
+    def _acceptor_step(
+        self,
+        token: bytes,
+    ) -> t.Optional[bytes]:
+        res = rsec_contexts.accept_sec_context(token, self._creds,
+                                               self, self._channel_bindings)
+
+        if res.delegated_creds is not None:
+            self._delegated_creds = Credentials(res.delegated_creds)
+        else:
+            self._delegated_creds = None
+
+        self._complete = not res.more_steps
+
+        return res.token
+
+    def _initiator_step(
+        self,
+        token: t.Optional[bytes] = None,
+    ) -> t.Optional[bytes]:
+        res = rsec_contexts.init_sec_context(self._target_name, self._creds,
+                                             self, self._mech,
+                                             self._desired_flags,
+                                             self._desired_lifetime,
+                                             self._channel_bindings,
+                                             token)
+
+        self._complete = not res.more_steps
+
+        return res.token
+
+    # pickle protocol support
+    def __reduce__(
+        self,
+    ) -> t.Tuple[t.Type["SecurityContext"], t.Tuple[None, bytes]]:
+        # the unpickle arguments to new are (base=None, token=self.export())
+        return (type(self), (None, self.export()))

+
+ +
+
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/_modules/index.html b/_modules/index.html new file mode 100644 index 00000000..b4e395e1 --- /dev/null +++ b/_modules/index.html @@ -0,0 +1,134 @@ + + + + + + Overview: module code — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+
    +
    • +
  • Overview: module code
    • +
  • +
    • +
+
+
+
+ +
+
+ +
+ +
+

© Copyright 2014, The Python-GSSAPI team.

+
+ + Built with Sphinx using a + theme + provided by Read the Docs. + + +
+
+
+
+
+ + + + \ No newline at end of file diff --git a/docs/source/basic-tutorial.md b/_sources/basic-tutorial.md.txt similarity index 100% rename from docs/source/basic-tutorial.md rename to _sources/basic-tutorial.md.txt diff --git a/docs/source/credstore.rst b/_sources/credstore.rst.txt similarity index 100% rename from docs/source/credstore.rst rename to _sources/credstore.rst.txt diff --git a/docs/source/gssapi.raw.rst b/_sources/gssapi.raw.rst.txt similarity index 100% rename from docs/source/gssapi.raw.rst rename to _sources/gssapi.raw.rst.txt diff --git a/docs/source/gssapi.rst b/_sources/gssapi.rst.txt similarity index 100% rename from docs/source/gssapi.rst rename to _sources/gssapi.rst.txt diff --git a/docs/source/index.rst b/_sources/index.rst.txt similarity index 100% rename from docs/source/index.rst rename to _sources/index.rst.txt diff --git a/docs/source/otherdoc.rst b/_sources/otherdoc.rst.txt similarity index 100% rename from docs/source/otherdoc.rst rename to _sources/otherdoc.rst.txt diff --git a/docs/source/tutorials.rst b/_sources/tutorials.rst.txt similarity index 100% rename from docs/source/tutorials.rst rename to _sources/tutorials.rst.txt diff --git a/_static/_sphinx_javascript_frameworks_compat.js b/_static/_sphinx_javascript_frameworks_compat.js new file mode 100644 index 00000000..8549469d --- /dev/null +++ b/_static/_sphinx_javascript_frameworks_compat.js @@ -0,0 +1,134 @@ +/* + * _sphinx_javascript_frameworks_compat.js + * ~~~~~~~~~~ + * + * Compatability shim for jQuery and underscores.js. + * + * WILL BE REMOVED IN Sphinx 6.0 + * xref RemovedInSphinx60Warning + * + */ + +/** + * select a different prefix for underscore + */ +$u = _.noConflict(); + + +/** + * small helper function to urldecode strings + * + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL + */ +jQuery.urldecode = function(x) { + if (!x) { + return x + } + return decodeURIComponent(x.replace(/\+/g, ' ')); +}; + +/** + * small helper function to urlencode strings + */ +jQuery.urlencode = encodeURIComponent; + +/** + * This function returns the parsed url parameters of the + * current request. Multiple values per key are supported, + * it will always return arrays of strings for the value parts. + */ +jQuery.getQueryParameters = function(s) { + if (typeof s === 'undefined') + s = document.location.search; + var parts = s.substr(s.indexOf('?') + 1).split('&'); + var result = {}; + for (var i = 0; i < parts.length; i++) { + var tmp = parts[i].split('=', 2); + var key = jQuery.urldecode(tmp[0]); + var value = jQuery.urldecode(tmp[1]); + if (key in result) + result[key].push(value); + else + result[key] = [value]; + } + return result; +}; + +/** + * highlight a given string on a jquery object by wrapping it in + * span elements with the given class name. + */ +jQuery.fn.highlightText = function(text, className) { + function highlight(node, addItems) { + if (node.nodeType === 3) { + var val = node.nodeValue; + var pos = val.toLowerCase().indexOf(text); + if (pos >= 0 && + !jQuery(node.parentNode).hasClass(className) && + !jQuery(node.parentNode).hasClass("nohighlight")) { + var span; + var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.className = className; + } + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + node.parentNode.insertBefore(span, node.parentNode.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling)); + node.nodeValue = val.substr(0, pos); + if (isInSVG) { + var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); + var bbox = node.parentElement.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute('class', className); + addItems.push({ + "parent": node.parentNode, + "target": rect}); + } + } + } + else if (!jQuery(node).is("button, select, textarea")) { + jQuery.each(node.childNodes, function() { + highlight(this, addItems); + }); + } + } + var addItems = []; + var result = this.each(function() { + highlight(this, addItems); + }); + for (var i = 0; i < addItems.length; ++i) { + jQuery(addItems[i].parent).before(addItems[i].target); + } + return result; +}; + +/* + * backward compatibility for jQuery.browser + * This will be supported until firefox bug is fixed. + */ +if (!jQuery.browser) { + jQuery.uaMatch = function(ua) { + ua = ua.toLowerCase(); + + var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || + /(webkit)[ \/]([\w.]+)/.exec(ua) || + /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || + /(msie) ([\w.]+)/.exec(ua) || + ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || + []; + + return { + browser: match[ 1 ] || "", + version: match[ 2 ] || "0" + }; + }; + jQuery.browser = {}; + jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; +} diff --git a/_static/basic.css b/_static/basic.css new file mode 100644 index 00000000..eeb0519a --- /dev/null +++ b/_static/basic.css @@ -0,0 +1,899 @@ +/* + * basic.css + * ~~~~~~~~~ + * + * Sphinx stylesheet -- basic theme. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +/* -- main layout ----------------------------------------------------------- */ + +div.clearer { + clear: both; +} + +div.section::after { + display: block; + content: ''; + clear: left; +} + +/* -- relbar ---------------------------------------------------------------- */ + +div.related { + width: 100%; + font-size: 90%; +} + +div.related h3 { + display: none; +} + +div.related ul { + margin: 0; + padding: 0 0 0 10px; + list-style: none; +} + +div.related li { + display: inline; +} + +div.related li.right { + float: right; + margin-right: 5px; +} + +/* -- sidebar --------------------------------------------------------------- */ + +div.sphinxsidebarwrapper { + padding: 10px 5px 0 10px; +} + +div.sphinxsidebar { + float: left; + width: 230px; + margin-left: -100%; + font-size: 90%; + word-wrap: break-word; + overflow-wrap : break-word; +} + +div.sphinxsidebar ul { + list-style: none; +} + +div.sphinxsidebar ul ul, +div.sphinxsidebar ul.want-points { + margin-left: 20px; + list-style: square; +} + +div.sphinxsidebar ul ul { + margin-top: 0; + margin-bottom: 0; +} + +div.sphinxsidebar form { + margin-top: 10px; +} + +div.sphinxsidebar input { + border: 1px solid #98dbcc; + font-family: sans-serif; + font-size: 1em; +} + +div.sphinxsidebar #searchbox form.search { + overflow: hidden; +} + +div.sphinxsidebar #searchbox input[type="text"] { + float: left; + width: 80%; + padding: 0.25em; + box-sizing: border-box; +} + +div.sphinxsidebar #searchbox input[type="submit"] { + float: left; + width: 20%; + border-left: none; + padding: 0.25em; + box-sizing: border-box; +} + + +img { + border: 0; + max-width: 100%; +} + +/* -- search page ----------------------------------------------------------- */ + +ul.search { + margin: 10px 0 0 20px; + padding: 0; +} + +ul.search li { + padding: 5px 0 5px 20px; + background-image: url(file.png); + background-repeat: no-repeat; + background-position: 0 7px; +} + +ul.search li a { + font-weight: bold; +} + +ul.search li p.context { + color: #888; + margin: 2px 0 0 30px; + text-align: left; +} + +ul.keywordmatches li.goodmatch a { + font-weight: bold; +} + +/* -- index page ------------------------------------------------------------ */ + +table.contentstable { + width: 90%; + margin-left: auto; + margin-right: auto; +} + +table.contentstable p.biglink { + line-height: 150%; +} + +a.biglink { + font-size: 1.3em; +} + +span.linkdescr { + font-style: italic; + padding-top: 5px; + font-size: 90%; +} + +/* -- general index --------------------------------------------------------- */ + +table.indextable { + width: 100%; +} + +table.indextable td { + text-align: left; + vertical-align: top; +} + +table.indextable ul { + margin-top: 0; + margin-bottom: 0; + list-style-type: none; +} + +table.indextable > tbody > tr > td > ul { + padding-left: 0em; +} + +table.indextable tr.pcap { + height: 10px; +} + +table.indextable tr.cap { + margin-top: 10px; + background-color: #f2f2f2; +} + +img.toggler { + margin-right: 3px; + margin-top: 3px; + cursor: pointer; +} + +div.modindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +div.genindex-jumpbox { + border-top: 1px solid #ddd; + border-bottom: 1px solid #ddd; + margin: 1em 0 1em 0; + padding: 0.4em; +} + +/* -- domain module index --------------------------------------------------- */ + +table.modindextable td { + padding: 2px; + border-collapse: collapse; +} + +/* -- general body styles --------------------------------------------------- */ + +div.body { + min-width: 360px; + max-width: 800px; +} + +div.body p, div.body dd, div.body li, div.body blockquote { + -moz-hyphens: auto; + -ms-hyphens: auto; + -webkit-hyphens: auto; + hyphens: auto; +} + +a.headerlink { + visibility: hidden; +} +a.brackets:before, +span.brackets > a:before{ + content: "["; +} + +a.brackets:after, +span.brackets > a:after { + content: "]"; +} + + +h1:hover > a.headerlink, +h2:hover > a.headerlink, +h3:hover > a.headerlink, +h4:hover > a.headerlink, +h5:hover > a.headerlink, +h6:hover > a.headerlink, +dt:hover > a.headerlink, +caption:hover > a.headerlink, +p.caption:hover > a.headerlink, +div.code-block-caption:hover > a.headerlink { + visibility: visible; +} + +div.body p.caption { + text-align: inherit; +} + +div.body td { + text-align: left; +} + +.first { + margin-top: 0 !important; +} + +p.rubric { + margin-top: 30px; + font-weight: bold; +} + +img.align-left, figure.align-left, .figure.align-left, object.align-left { + clear: left; + float: left; + margin-right: 1em; +} + +img.align-right, figure.align-right, .figure.align-right, object.align-right { + clear: right; + float: right; + margin-left: 1em; +} + +img.align-center, figure.align-center, .figure.align-center, object.align-center { + display: block; + margin-left: auto; + margin-right: auto; +} + +img.align-default, figure.align-default, .figure.align-default { + display: block; + margin-left: auto; + margin-right: auto; +} + +.align-left { + text-align: left; +} + +.align-center { + text-align: center; +} + +.align-default { + text-align: center; +} + +.align-right { + text-align: right; +} + +/* -- sidebars -------------------------------------------------------------- */ + +div.sidebar, +aside.sidebar { + margin: 0 0 0.5em 1em; + border: 1px solid #ddb; + padding: 7px; + background-color: #ffe; + width: 40%; + float: right; + clear: right; + overflow-x: auto; +} + +p.sidebar-title { + font-weight: bold; +} +div.admonition, div.topic, blockquote { + clear: left; +} + +/* -- topics ---------------------------------------------------------------- */ +div.topic { + border: 1px solid #ccc; + padding: 7px; + margin: 10px 0 10px 0; +} + +p.topic-title { + font-size: 1.1em; + font-weight: bold; + margin-top: 10px; +} + +/* -- admonitions ----------------------------------------------------------- */ + +div.admonition { + margin-top: 10px; + margin-bottom: 10px; + padding: 7px; +} + +div.admonition dt { + font-weight: bold; +} + +p.admonition-title { + margin: 0px 10px 5px 0px; + font-weight: bold; +} + +div.body p.centered { + text-align: center; + margin-top: 25px; +} + +/* -- content of sidebars/topics/admonitions -------------------------------- */ + +div.sidebar > :last-child, +aside.sidebar > :last-child, +div.topic > :last-child, +div.admonition > :last-child { + margin-bottom: 0; +} + +div.sidebar::after, +aside.sidebar::after, +div.topic::after, +div.admonition::after, +blockquote::after { + display: block; + content: ''; + clear: both; +} + +/* -- tables ---------------------------------------------------------------- */ + +table.docutils { + margin-top: 10px; + margin-bottom: 10px; + border: 0; + border-collapse: collapse; +} + +table.align-center { + margin-left: auto; + margin-right: auto; +} + +table.align-default { + margin-left: auto; + margin-right: auto; +} + +table caption span.caption-number { + font-style: italic; +} + +table caption span.caption-text { +} + +table.docutils td, table.docutils th { + padding: 1px 8px 1px 5px; + border-top: 0; + border-left: 0; + border-right: 0; + border-bottom: 1px solid #aaa; +} + +th { + text-align: left; + padding-right: 5px; +} + +table.citation { + border-left: solid 1px gray; + margin-left: 1px; +} + +table.citation td { + border-bottom: none; +} + +th > :first-child, +td > :first-child { + margin-top: 0px; +} + +th > :last-child, +td > :last-child { + margin-bottom: 0px; +} + +/* -- figures --------------------------------------------------------------- */ + +div.figure, figure { + margin: 0.5em; + padding: 0.5em; +} + +div.figure p.caption, figcaption { + padding: 0.3em; +} + +div.figure p.caption span.caption-number, +figcaption span.caption-number { + font-style: italic; +} + +div.figure p.caption span.caption-text, +figcaption span.caption-text { +} + +/* -- field list styles ----------------------------------------------------- */ + +table.field-list td, table.field-list th { + border: 0 !important; +} + +.field-list ul { + margin: 0; + padding-left: 1em; +} + +.field-list p { + margin: 0; +} + +.field-name { + -moz-hyphens: manual; + -ms-hyphens: manual; + -webkit-hyphens: manual; + hyphens: manual; +} + +/* -- hlist styles ---------------------------------------------------------- */ + +table.hlist { + margin: 1em 0; +} + +table.hlist td { + vertical-align: top; +} + +/* -- object description styles --------------------------------------------- */ + +.sig { + font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; +} + +.sig-name, code.descname { + background-color: transparent; + font-weight: bold; +} + +.sig-name { + font-size: 1.1em; +} + +code.descname { + font-size: 1.2em; +} + +.sig-prename, code.descclassname { + background-color: transparent; +} + +.optional { + font-size: 1.3em; +} + +.sig-paren { + font-size: larger; +} + +.sig-param.n { + font-style: italic; +} + +/* C++ specific styling */ + +.sig-inline.c-texpr, +.sig-inline.cpp-texpr { + font-family: unset; +} + +.sig.c .k, .sig.c .kt, +.sig.cpp .k, .sig.cpp .kt { + color: #0033B3; +} + +.sig.c .m, +.sig.cpp .m { + color: #1750EB; +} + +.sig.c .s, .sig.c .sc, +.sig.cpp .s, .sig.cpp .sc { + color: #067D17; +} + + +/* -- other body styles ----------------------------------------------------- */ + +ol.arabic { + list-style: decimal; +} + +ol.loweralpha { + list-style: lower-alpha; +} + +ol.upperalpha { + list-style: upper-alpha; +} + +ol.lowerroman { + list-style: lower-roman; +} + +ol.upperroman { + list-style: upper-roman; +} + +:not(li) > ol > li:first-child > :first-child, +:not(li) > ul > li:first-child > :first-child { + margin-top: 0px; +} + +:not(li) > ol > li:last-child > :last-child, +:not(li) > ul > li:last-child > :last-child { + margin-bottom: 0px; +} + +ol.simple ol p, +ol.simple ul p, +ul.simple ol p, +ul.simple ul p { + margin-top: 0; +} + +ol.simple > li:not(:first-child) > p, +ul.simple > li:not(:first-child) > p { + margin-top: 0; +} + +ol.simple p, +ul.simple p { + margin-bottom: 0; +} +dl.footnote > dt, +dl.citation > dt { + float: left; + margin-right: 0.5em; +} + +dl.footnote > dd, +dl.citation > dd { + margin-bottom: 0em; +} + +dl.footnote > dd:after, +dl.citation > dd:after { + content: ""; + clear: both; +} + +dl.field-list { + display: grid; + grid-template-columns: fit-content(30%) auto; +} + +dl.field-list > dt { + font-weight: bold; + word-break: break-word; + padding-left: 0.5em; + padding-right: 5px; +} +dl.field-list > dt:after { + content: ":"; +} + + +dl.field-list > dd { + padding-left: 0.5em; + margin-top: 0em; + margin-left: 0em; + margin-bottom: 0em; +} + +dl { + margin-bottom: 15px; +} + +dd > :first-child { + margin-top: 0px; +} + +dd ul, dd table { + margin-bottom: 10px; +} + +dd { + margin-top: 3px; + margin-bottom: 10px; + margin-left: 30px; +} + +dl > dd:last-child, +dl > dd:last-child > :last-child { + margin-bottom: 0; +} + +dt:target, span.highlighted { + background-color: #fbe54e; +} + +rect.highlighted { + fill: #fbe54e; +} + +dl.glossary dt { + font-weight: bold; + font-size: 1.1em; +} + +.versionmodified { + font-style: italic; +} + +.system-message { + background-color: #fda; + padding: 5px; + border: 3px solid red; +} + +.footnote:target { + background-color: #ffa; +} + +.line-block { + display: block; + margin-top: 1em; + margin-bottom: 1em; +} + +.line-block .line-block { + margin-top: 0; + margin-bottom: 0; + margin-left: 1.5em; +} + +.guilabel, .menuselection { + font-family: sans-serif; +} + +.accelerator { + text-decoration: underline; +} + +.classifier { + font-style: oblique; +} + +.classifier:before { + font-style: normal; + margin: 0 0.5em; + content: ":"; + display: inline-block; +} + +abbr, acronym { + border-bottom: dotted 1px; + cursor: help; +} + +/* -- code displays --------------------------------------------------------- */ + +pre { + overflow: auto; + overflow-y: hidden; /* fixes display issues on Chrome browsers */ +} + +pre, div[class*="highlight-"] { + clear: both; +} + +span.pre { + -moz-hyphens: none; + -ms-hyphens: none; + -webkit-hyphens: none; + hyphens: none; + white-space: nowrap; +} + +div[class*="highlight-"] { + margin: 1em 0; +} + +td.linenos pre { + border: 0; + background-color: transparent; + color: #aaa; +} + +table.highlighttable { + display: block; +} + +table.highlighttable tbody { + display: block; +} + +table.highlighttable tr { + display: flex; +} + +table.highlighttable td { + margin: 0; + padding: 0; +} + +table.highlighttable td.linenos { + padding-right: 0.5em; +} + +table.highlighttable td.code { + flex: 1; + overflow: hidden; +} + +.highlight .hll { + display: block; +} + +div.highlight pre, +table.highlighttable pre { + margin: 0; +} + +div.code-block-caption + div { + margin-top: 0; +} + +div.code-block-caption { + margin-top: 1em; + padding: 2px 5px; + font-size: small; +} + +div.code-block-caption code { + background-color: transparent; +} + +table.highlighttable td.linenos, +span.linenos, +div.highlight span.gp { /* gp: Generic.Prompt */ + user-select: none; + -webkit-user-select: text; /* Safari fallback only */ + -webkit-user-select: none; /* Chrome/Safari */ + -moz-user-select: none; /* Firefox */ + -ms-user-select: none; /* IE10+ */ +} + +div.code-block-caption span.caption-number { + padding: 0.1em 0.3em; + font-style: italic; +} + +div.code-block-caption span.caption-text { +} + +div.literal-block-wrapper { + margin: 1em 0; +} + +code.xref, a code { + background-color: transparent; + font-weight: bold; +} + +h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { + background-color: transparent; +} + +.viewcode-link { + float: right; +} + +.viewcode-back { + float: right; + font-family: sans-serif; +} + +div.viewcode-block:target { + margin: -1px -10px; + padding: 0 10px; +} + +/* -- math display ---------------------------------------------------------- */ + +img.math { + vertical-align: middle; +} + +div.body div.math p { + text-align: center; +} + +span.eqno { + float: right; +} + +span.eqno a.headerlink { + position: absolute; + z-index: 1; +} + +div.math:hover a.headerlink { + visibility: visible; +} + +/* -- printout stylesheet --------------------------------------------------- */ + +@media print { + div.document, + div.documentwrapper, + div.bodywrapper { + margin: 0 !important; + width: 100%; + } + + div.sphinxsidebar, + div.related, + div.footer, + #top-link { + display: none; + } +} \ No newline at end of file diff --git a/_static/css/badge_only.css b/_static/css/badge_only.css new file mode 100644 index 00000000..c718cee4 --- /dev/null +++ b/_static/css/badge_only.css @@ -0,0 +1 @@ +.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}} \ No newline at end of file diff --git a/_static/css/fonts/Roboto-Slab-Bold.woff b/_static/css/fonts/Roboto-Slab-Bold.woff new file mode 100644 index 00000000..6cb60000 Binary files /dev/null and b/_static/css/fonts/Roboto-Slab-Bold.woff differ diff --git a/_static/css/fonts/Roboto-Slab-Bold.woff2 b/_static/css/fonts/Roboto-Slab-Bold.woff2 new file mode 100644 index 00000000..7059e231 Binary files /dev/null and b/_static/css/fonts/Roboto-Slab-Bold.woff2 differ diff --git a/_static/css/fonts/Roboto-Slab-Regular.woff b/_static/css/fonts/Roboto-Slab-Regular.woff new file mode 100644 index 00000000..f815f63f Binary files /dev/null and b/_static/css/fonts/Roboto-Slab-Regular.woff differ diff --git a/_static/css/fonts/Roboto-Slab-Regular.woff2 b/_static/css/fonts/Roboto-Slab-Regular.woff2 new file mode 100644 index 00000000..f2c76e5b Binary files /dev/null and b/_static/css/fonts/Roboto-Slab-Regular.woff2 differ diff --git a/_static/css/fonts/fontawesome-webfont.eot b/_static/css/fonts/fontawesome-webfont.eot new file mode 100644 index 00000000..e9f60ca9 Binary files /dev/null and b/_static/css/fonts/fontawesome-webfont.eot differ diff --git a/_static/css/fonts/fontawesome-webfont.svg b/_static/css/fonts/fontawesome-webfont.svg new file mode 100644 index 00000000..855c845e --- /dev/null +++ b/_static/css/fonts/fontawesome-webfont.svg @@ -0,0 +1,2671 @@ + + + + +Created by FontForge 20120731 at Mon Oct 24 17:37:40 2016 + By ,,, +Copyright Dave Gandy 2016. All rights reserved. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/_static/css/fonts/fontawesome-webfont.ttf b/_static/css/fonts/fontawesome-webfont.ttf new file mode 100644 index 00000000..35acda2f Binary files /dev/null and b/_static/css/fonts/fontawesome-webfont.ttf differ diff --git a/_static/css/fonts/fontawesome-webfont.woff b/_static/css/fonts/fontawesome-webfont.woff new file mode 100644 index 00000000..400014a4 Binary files /dev/null and b/_static/css/fonts/fontawesome-webfont.woff differ diff --git a/_static/css/fonts/fontawesome-webfont.woff2 b/_static/css/fonts/fontawesome-webfont.woff2 new file mode 100644 index 00000000..4d13fc60 Binary files /dev/null and b/_static/css/fonts/fontawesome-webfont.woff2 differ diff --git a/_static/css/fonts/lato-bold-italic.woff b/_static/css/fonts/lato-bold-italic.woff new file mode 100644 index 00000000..88ad05b9 Binary files /dev/null and b/_static/css/fonts/lato-bold-italic.woff differ diff --git a/_static/css/fonts/lato-bold-italic.woff2 b/_static/css/fonts/lato-bold-italic.woff2 new file mode 100644 index 00000000..c4e3d804 Binary files /dev/null and b/_static/css/fonts/lato-bold-italic.woff2 differ diff --git a/_static/css/fonts/lato-bold.woff b/_static/css/fonts/lato-bold.woff new file mode 100644 index 00000000..c6dff51f Binary files /dev/null and b/_static/css/fonts/lato-bold.woff differ diff --git a/_static/css/fonts/lato-bold.woff2 b/_static/css/fonts/lato-bold.woff2 new file mode 100644 index 00000000..bb195043 Binary files /dev/null and b/_static/css/fonts/lato-bold.woff2 differ diff --git a/_static/css/fonts/lato-normal-italic.woff b/_static/css/fonts/lato-normal-italic.woff new file mode 100644 index 00000000..76114bc0 Binary files /dev/null and b/_static/css/fonts/lato-normal-italic.woff differ diff --git a/_static/css/fonts/lato-normal-italic.woff2 b/_static/css/fonts/lato-normal-italic.woff2 new file mode 100644 index 00000000..3404f37e Binary files /dev/null and b/_static/css/fonts/lato-normal-italic.woff2 differ diff --git a/_static/css/fonts/lato-normal.woff b/_static/css/fonts/lato-normal.woff new file mode 100644 index 00000000..ae1307ff Binary files /dev/null and b/_static/css/fonts/lato-normal.woff differ diff --git a/_static/css/fonts/lato-normal.woff2 b/_static/css/fonts/lato-normal.woff2 new file mode 100644 index 00000000..3bf98433 Binary files /dev/null and b/_static/css/fonts/lato-normal.woff2 differ diff --git a/_static/css/theme.css b/_static/css/theme.css new file mode 100644 index 00000000..b2c29d0f --- /dev/null +++ b/_static/css/theme.css @@ -0,0 +1,4 @@ +html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden],audio:not([controls]){display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;text-decoration:none}ins,mark{color:#000}mark{background:#ff0;font-style:italic;font-weight:700}.rst-content code,.rst-content tt,code,kbd,pre,samp{font-family:monospace,serif;_font-family:courier new,monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:after,q:before{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}dl,ol,ul{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure,form{margin:0}label{cursor:pointer}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}textarea{resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none!important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{body,html,section{background:none!important}*{box-shadow:none!important;text-shadow:none!important;filter:none!important;-ms-filter:none!important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="#"]:after,a[href^="javascript:"]:after{content:""}blockquote,pre{page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}.rst-content .toctree-wrapper>p.caption,h2,h3,p{orphans:3;widows:3}.rst-content .toctree-wrapper>p.caption,h2,h3{page-break-after:avoid}}.btn,.fa:before,.icon:before,.rst-content .admonition,.rst-content .admonition-title:before,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .code-block-caption .headerlink:before,.rst-content .danger,.rst-content .eqno .headerlink:before,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-alert,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before,input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week],select,textarea{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}/*! + * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome + * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) + */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:""}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:""}.fa-search-plus:before{content:""}.fa-search-minus:before{content:""}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:""}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:""}.fa-map-marker:before{content:""}.fa-adjust:before{content:""}.fa-tint:before{content:""}.fa-edit:before,.fa-pencil-square-o:before{content:""}.fa-share-square-o:before{content:""}.fa-check-square-o:before{content:""}.fa-arrows:before{content:""}.fa-step-backward:before{content:""}.fa-fast-backward:before{content:""}.fa-backward:before{content:""}.fa-play:before{content:""}.fa-pause:before{content:""}.fa-stop:before{content:""}.fa-forward:before{content:""}.fa-fast-forward:before{content:""}.fa-step-forward:before{content:""}.fa-eject:before{content:""}.fa-chevron-left:before{content:""}.fa-chevron-right:before{content:""}.fa-plus-circle:before{content:""}.fa-minus-circle:before{content:""}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:""}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:""}.fa-question-circle:before{content:""}.fa-info-circle:before{content:""}.fa-crosshairs:before{content:""}.fa-times-circle-o:before{content:""}.fa-check-circle-o:before{content:""}.fa-ban:before{content:""}.fa-arrow-left:before{content:""}.fa-arrow-right:before{content:""}.fa-arrow-up:before{content:""}.fa-arrow-down:before{content:""}.fa-mail-forward:before,.fa-share:before{content:""}.fa-expand:before{content:""}.fa-compress:before{content:""}.fa-plus:before{content:""}.fa-minus:before{content:""}.fa-asterisk:before{content:""}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:""}.fa-gift:before{content:""}.fa-leaf:before{content:""}.fa-fire:before,.icon-fire:before{content:""}.fa-eye:before{content:""}.fa-eye-slash:before{content:""}.fa-exclamation-triangle:before,.fa-warning:before{content:""}.fa-plane:before{content:""}.fa-calendar:before{content:""}.fa-random:before{content:""}.fa-comment:before{content:""}.fa-magnet:before{content:""}.fa-chevron-up:before{content:""}.fa-chevron-down:before{content:""}.fa-retweet:before{content:""}.fa-shopping-cart:before{content:""}.fa-folder:before{content:""}.fa-folder-open:before{content:""}.fa-arrows-v:before{content:""}.fa-arrows-h:before{content:""}.fa-bar-chart-o:before,.fa-bar-chart:before{content:""}.fa-twitter-square:before{content:""}.fa-facebook-square:before{content:""}.fa-camera-retro:before{content:""}.fa-key:before{content:""}.fa-cogs:before,.fa-gears:before{content:""}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:""}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:""}.fa-external-link:before{content:""}.fa-sign-in:before{content:""}.fa-trophy:before{content:""}.fa-github-square:before{content:""}.fa-upload:before{content:""}.fa-lemon-o:before{content:""}.fa-phone:before{content:""}.fa-square-o:before{content:""}.fa-bookmark-o:before{content:""}.fa-phone-square:before{content:""}.fa-twitter:before{content:""}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:""}.fa-unlock:before{content:""}.fa-credit-card:before{content:""}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:""}.fa-bullhorn:before{content:""}.fa-bell:before{content:""}.fa-certificate:before{content:""}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:""}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:""}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:""}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:""}.fa-globe:before{content:""}.fa-wrench:before{content:""}.fa-tasks:before{content:""}.fa-filter:before{content:""}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:""}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:""}.fa-table:before{content:""}.fa-magic:before{content:""}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:""}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:""}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:""}.fa-angle-double-right:before{content:""}.fa-angle-double-up:before{content:""}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:""}.fa-angle-right:before{content:""}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:""}.fa-circle-o:before{content:""}.fa-quote-left:before{content:""}.fa-quote-right:before{content:""}.fa-spinner:before{content:""}.fa-circle:before{content:""}.fa-mail-reply:before,.fa-reply:before{content:""}.fa-github-alt:before{content:""}.fa-folder-o:before{content:""}.fa-folder-open-o:before{content:""}.fa-smile-o:before{content:""}.fa-frown-o:before{content:""}.fa-meh-o:before{content:""}.fa-gamepad:before{content:""}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:""}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:""}.fa-code:before{content:""}.fa-mail-reply-all:before,.fa-reply-all:before{content:""}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:""}.fa-location-arrow:before{content:""}.fa-crop:before{content:""}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:""}.fa-question:before{content:""}.fa-info:before{content:""}.fa-exclamation:before{content:""}.fa-superscript:before{content:""}.fa-subscript:before{content:""}.fa-eraser:before{content:""}.fa-puzzle-piece:before{content:""}.fa-microphone:before{content:""}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:""}.fa-rocket:before{content:""}.fa-maxcdn:before{content:""}.fa-chevron-circle-left:before{content:""}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:""}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:""}.fa-ellipsis-h:before{content:""}.fa-ellipsis-v:before{content:""}.fa-rss-square:before{content:""}.fa-play-circle:before{content:""}.fa-ticket:before{content:""}.fa-minus-square:before{content:""}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:""}.fa-level-up:before{content:""}.fa-level-down:before{content:""}.fa-check-square:before{content:""}.fa-pencil-square:before{content:""}.fa-external-link-square:before{content:""}.fa-share-square:before{content:""}.fa-compass:before{content:""}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:""}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:""}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:""}.fa-eur:before,.fa-euro:before{content:""}.fa-gbp:before{content:""}.fa-dollar:before,.fa-usd:before{content:""}.fa-inr:before,.fa-rupee:before{content:""}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:""}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:""}.fa-krw:before,.fa-won:before{content:""}.fa-bitcoin:before,.fa-btc:before{content:""}.fa-file:before{content:""}.fa-file-text:before{content:""}.fa-sort-alpha-asc:before{content:""}.fa-sort-alpha-desc:before{content:""}.fa-sort-amount-asc:before{content:""}.fa-sort-amount-desc:before{content:""}.fa-sort-numeric-asc:before{content:""}.fa-sort-numeric-desc:before{content:""}.fa-thumbs-up:before{content:""}.fa-thumbs-down:before{content:""}.fa-youtube-square:before{content:""}.fa-youtube:before{content:""}.fa-xing:before{content:""}.fa-xing-square:before{content:""}.fa-youtube-play:before{content:""}.fa-dropbox:before{content:""}.fa-stack-overflow:before{content:""}.fa-instagram:before{content:""}.fa-flickr:before{content:""}.fa-adn:before{content:""}.fa-bitbucket:before,.icon-bitbucket:before{content:""}.fa-bitbucket-square:before{content:""}.fa-tumblr:before{content:""}.fa-tumblr-square:before{content:""}.fa-long-arrow-down:before{content:""}.fa-long-arrow-up:before{content:""}.fa-long-arrow-left:before{content:""}.fa-long-arrow-right:before{content:""}.fa-apple:before{content:""}.fa-windows:before{content:""}.fa-android:before{content:""}.fa-linux:before{content:""}.fa-dribbble:before{content:""}.fa-skype:before{content:""}.fa-foursquare:before{content:""}.fa-trello:before{content:""}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:""}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:""}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:""}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:""}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:""}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:""}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:""}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:""}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:""}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:""}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:""}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:""}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:""}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:""}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:""}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:""}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:""}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:""}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:""}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:""}.fa-id-badge:before{content:""}.fa-drivers-license:before,.fa-id-card:before{content:""}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:""}.fa-free-code-camp:before{content:""}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:""}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:""}.fa-podcast:before{content:""}.fa-window-maximize:before{content:""}.fa-window-minimize:before{content:""}.fa-window-restore:before{content:""}.fa-times-rectangle:before,.fa-window-close:before{content:""}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:""}.fa-bandcamp:before{content:""}.fa-grav:before{content:""}.fa-etsy:before{content:""}.fa-imdb:before{content:""}.fa-ravelry:before{content:""}.fa-eercast:before{content:""}.fa-microchip:before{content:""}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:""}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:""}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs>li{display:inline-block;padding-top:5px}.wy-breadcrumbs>li.wy-breadcrumbs-aside{float:right}.rst-content .wy-breadcrumbs>li code,.rst-content .wy-breadcrumbs>li tt,.wy-breadcrumbs>li .rst-content tt,.wy-breadcrumbs>li code{all:inherit;color:inherit}.breadcrumb-item:before{content:"/";color:#bbb;font-size:13px;padding:0 6px 0 3px}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search>a:hover{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.version{margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content p a{overflow-wrap:anywhere}.rst-content .wy-table td p,.rst-content .wy-table td ul,.rst-content .wy-table th p,.rst-content .wy-table th ul,.rst-content table.docutils td p,.rst-content table.docutils td ul,.rst-content table.docutils th p,.rst-content table.docutils th ul,.rst-content table.field-list td p,.rst-content table.field-list td ul,.rst-content table.field-list th p,.rst-content table.field-list th ul{font-size:inherit}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.citation>dt:after,html.writer-html5 .rst-content dl.field-list>dt:after,html.writer-html5 .rst-content dl.footnote>dt:after{content:":"}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.citation>dt>span.brackets,html.writer-html5 .rst-content dl.footnote>dt>span.brackets{margin-right:.5rem}html.writer-html5 .rst-content dl.citation>dt>span.brackets:before,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.citation>dt>span.brackets:after,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{font-style:italic}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.citation>dd p,html.writer-html5 .rst-content dl.footnote>dd p,html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content dl.citation,.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content dl.citation code,.rst-content dl.citation tt,.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}.rst-content dl dd>ol:last-child,.rst-content dl dd>p:last-child,.rst-content dl dd>table:last-child,.rst-content dl dd>ul:last-child{margin-bottom:0}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel{border:1px solid #7fbbe3;background:#e7f2fa;font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>.kbd,.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>kbd{color:inherit;font-size:80%;background-color:#fff;border:1px solid #a6a6a6;border-radius:4px;box-shadow:0 2px grey;padding:2.4px 6px;margin:auto 0}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block} \ No newline at end of file diff --git a/_static/doctools.js b/_static/doctools.js new file mode 100644 index 00000000..527b876c --- /dev/null +++ b/_static/doctools.js @@ -0,0 +1,156 @@ +/* + * doctools.js + * ~~~~~~~~~~~ + * + * Base JavaScript utilities for all Sphinx HTML documentation. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ +"use strict"; + +const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([ + "TEXTAREA", + "INPUT", + "SELECT", + "BUTTON", +]); + +const _ready = (callback) => { + if (document.readyState !== "loading") { + callback(); + } else { + document.addEventListener("DOMContentLoaded", callback); + } +}; + +/** + * Small JavaScript module for the documentation. + */ +const Documentation = { + init: () => { + Documentation.initDomainIndexTable(); + Documentation.initOnKeyListeners(); + }, + + /** + * i18n support + */ + TRANSLATIONS: {}, + PLURAL_EXPR: (n) => (n === 1 ? 0 : 1), + LOCALE: "unknown", + + // gettext and ngettext don't access this so that the functions + // can safely bound to a different name (_ = Documentation.gettext) + gettext: (string) => { + const translated = Documentation.TRANSLATIONS[string]; + switch (typeof translated) { + case "undefined": + return string; // no translation + case "string": + return translated; // translation exists + default: + return translated[0]; // (singular, plural) translation tuple exists + } + }, + + ngettext: (singular, plural, n) => { + const translated = Documentation.TRANSLATIONS[singular]; + if (typeof translated !== "undefined") + return translated[Documentation.PLURAL_EXPR(n)]; + return n === 1 ? singular : plural; + }, + + addTranslations: (catalog) => { + Object.assign(Documentation.TRANSLATIONS, catalog.messages); + Documentation.PLURAL_EXPR = new Function( + "n", + `return (${catalog.plural_expr})` + ); + Documentation.LOCALE = catalog.locale; + }, + + /** + * helper function to focus on search bar + */ + focusSearchBar: () => { + document.querySelectorAll("input[name=q]")[0]?.focus(); + }, + + /** + * Initialise the domain index toggle buttons + */ + initDomainIndexTable: () => { + const toggler = (el) => { + const idNumber = el.id.substr(7); + const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`); + if (el.src.substr(-9) === "minus.png") { + el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`; + toggledRows.forEach((el) => (el.style.display = "none")); + } else { + el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`; + toggledRows.forEach((el) => (el.style.display = "")); + } + }; + + const togglerElements = document.querySelectorAll("img.toggler"); + togglerElements.forEach((el) => + el.addEventListener("click", (event) => toggler(event.currentTarget)) + ); + togglerElements.forEach((el) => (el.style.display = "")); + if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler); + }, + + initOnKeyListeners: () => { + // only install a listener if it is really needed + if ( + !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS && + !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS + ) + return; + + document.addEventListener("keydown", (event) => { + // bail for input elements + if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return; + // bail with special keys + if (event.altKey || event.ctrlKey || event.metaKey) return; + + if (!event.shiftKey) { + switch (event.key) { + case "ArrowLeft": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const prevLink = document.querySelector('link[rel="prev"]'); + if (prevLink && prevLink.href) { + window.location.href = prevLink.href; + event.preventDefault(); + } + break; + case "ArrowRight": + if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break; + + const nextLink = document.querySelector('link[rel="next"]'); + if (nextLink && nextLink.href) { + window.location.href = nextLink.href; + event.preventDefault(); + } + break; + } + } + + // some keyboard layouts may need Shift to get / + switch (event.key) { + case "/": + if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break; + Documentation.focusSearchBar(); + event.preventDefault(); + } + }); + }, +}; + +// quick alias for translations +const _ = Documentation.gettext; + +_ready(Documentation.init); diff --git a/_static/documentation_options.js b/_static/documentation_options.js new file mode 100644 index 00000000..7bb40552 --- /dev/null +++ b/_static/documentation_options.js @@ -0,0 +1,14 @@ +var DOCUMENTATION_OPTIONS = { + URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), + VERSION: '1.8.2', + LANGUAGE: 'en', + COLLAPSE_INDEX: false, + BUILDER: 'html', + FILE_SUFFIX: '.html', + LINK_SUFFIX: '.html', + HAS_SOURCE: true, + SOURCELINK_SUFFIX: '.txt', + NAVIGATION_WITH_KEYS: false, + SHOW_SEARCH_SUMMARY: true, + ENABLE_SEARCH_SHORTCUTS: true, +}; \ No newline at end of file diff --git a/_static/file.png b/_static/file.png new file mode 100644 index 00000000..a858a410 Binary files /dev/null and b/_static/file.png differ diff --git a/_static/graphviz.css b/_static/graphviz.css new file mode 100644 index 00000000..19e7afd3 --- /dev/null +++ b/_static/graphviz.css @@ -0,0 +1,19 @@ +/* + * graphviz.css + * ~~~~~~~~~~~~ + * + * Sphinx stylesheet -- graphviz extension. + * + * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS. + * :license: BSD, see LICENSE for details. + * + */ + +img.graphviz { + border: 0; + max-width: 100%; +} + +object.graphviz { + max-width: 100%; +} diff --git a/_static/jquery-3.6.0.js b/_static/jquery-3.6.0.js new file mode 100644 index 00000000..fc6c299b --- /dev/null +++ b/_static/jquery-3.6.0.js @@ -0,0 +1,10881 @@ +/*! + * jQuery JavaScript Library v3.6.0 + * https://jquery.com/ + * + * Includes Sizzle.js + * https://sizzlejs.com/ + * + * Copyright OpenJS Foundation and other contributors + * Released under the MIT license + * https://jquery.org/license + * + * Date: 2021-03-02T17:08Z + */ +( function( global, factory ) { + + "use strict"; + + if ( typeof module === "object" && typeof module.exports === "object" ) { + + // For CommonJS and CommonJS-like environments where a proper `window` + // is present, execute the factory and get jQuery. + // For environments that do not have a `window` with a `document` + // (such as Node.js), expose a factory as module.exports. + // This accentuates the need for the creation of a real `window`. + // e.g. var jQuery = require("jquery")(window); + // See ticket #14549 for more info. + module.exports = global.document ? + factory( global, true ) : + function( w ) { + if ( !w.document ) { + throw new Error( "jQuery requires a window with a document" ); + } + return factory( w ); + }; + } else { + factory( global ); + } + +// Pass this if window is not defined yet +} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { + +// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 +// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode +// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common +// enough that all such attempts are guarded in a try block. +"use strict"; + +var arr = []; + +var getProto = Object.getPrototypeOf; + +var slice = arr.slice; + +var flat = arr.flat ? function( array ) { + return arr.flat.call( array ); +} : function( array ) { + return arr.concat.apply( [], array ); +}; + + +var push = arr.push; + +var indexOf = arr.indexOf; + +var class2type = {}; + +var toString = class2type.toString; + +var hasOwn = class2type.hasOwnProperty; + +var fnToString = hasOwn.toString; + +var ObjectFunctionString = fnToString.call( Object ); + +var support = {}; + +var isFunction = function isFunction( obj ) { + + // Support: Chrome <=57, Firefox <=52 + // In some browsers, typeof returns "function" for HTML elements + // (i.e., `typeof document.createElement( "object" ) === "function"`). + // We don't want to classify *any* DOM node as a function. + // Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5 + // Plus for old WebKit, typeof returns "function" for HTML collections + // (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756) + return typeof obj === "function" && typeof obj.nodeType !== "number" && + typeof obj.item !== "function"; + }; + + +var isWindow = function isWindow( obj ) { + return obj != null && obj === obj.window; + }; + + +var document = window.document; + + + + var preservedScriptAttributes = { + type: true, + src: true, + nonce: true, + noModule: true + }; + + function DOMEval( code, node, doc ) { + doc = doc || document; + + var i, val, + script = doc.createElement( "script" ); + + script.text = code; + if ( node ) { + for ( i in preservedScriptAttributes ) { + + // Support: Firefox 64+, Edge 18+ + // Some browsers don't support the "nonce" property on scripts. + // On the other hand, just using `getAttribute` is not enough as + // the `nonce` attribute is reset to an empty string whenever it + // becomes browsing-context connected. + // See https://github.com/whatwg/html/issues/2369 + // See https://html.spec.whatwg.org/#nonce-attributes + // The `node.getAttribute` check was added for the sake of + // `jQuery.globalEval` so that it can fake a nonce-containing node + // via an object. + val = node[ i ] || node.getAttribute && node.getAttribute( i ); + if ( val ) { + script.setAttribute( i, val ); + } + } + } + doc.head.appendChild( script ).parentNode.removeChild( script ); + } + + +function toType( obj ) { + if ( obj == null ) { + return obj + ""; + } + + // Support: Android <=2.3 only (functionish RegExp) + return typeof obj === "object" || typeof obj === "function" ? + class2type[ toString.call( obj ) ] || "object" : + typeof obj; +} +/* global Symbol */ +// Defining this global in .eslintrc.json would create a danger of using the global +// unguarded in another place, it seems safer to define global only for this module + + + +var + version = "3.6.0", + + // Define a local copy of jQuery + jQuery = function( selector, context ) { + + // The jQuery object is actually just the init constructor 'enhanced' + // Need init if jQuery is called (just allow error to be thrown if not included) + return new jQuery.fn.init( selector, context ); + }; + +jQuery.fn = jQuery.prototype = { + + // The current version of jQuery being used + jquery: version, + + constructor: jQuery, + + // The default length of a jQuery object is 0 + length: 0, + + toArray: function() { + return slice.call( this ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + + // Return all the elements in a clean array + if ( num == null ) { + return slice.call( this ); + } + + // Return just the one element from the set + return num < 0 ? this[ num + this.length ] : this[ num ]; + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems ) { + + // Build a new jQuery matched element set + var ret = jQuery.merge( this.constructor(), elems ); + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + each: function( callback ) { + return jQuery.each( this, callback ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map( this, function( elem, i ) { + return callback.call( elem, i, elem ); + } ) ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ) ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + even: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return ( i + 1 ) % 2; + } ) ); + }, + + odd: function() { + return this.pushStack( jQuery.grep( this, function( _elem, i ) { + return i % 2; + } ) ); + }, + + eq: function( i ) { + var len = this.length, + j = +i + ( i < 0 ? len : 0 ); + return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); + }, + + end: function() { + return this.prevObject || this.constructor(); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: arr.sort, + splice: arr.splice +}; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + copy = options[ name ]; + + // Prevent Object.prototype pollution + // Prevent never-ending loop + if ( name === "__proto__" || target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = Array.isArray( copy ) ) ) ) { + src = target[ name ]; + + // Ensure proper type for the source value + if ( copyIsArray && !Array.isArray( src ) ) { + clone = []; + } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { + clone = {}; + } else { + clone = src; + } + copyIsArray = false; + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend( { + + // Unique for each copy of jQuery on the page + expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), + + // Assume jQuery is ready without the ready module + isReady: true, + + error: function( msg ) { + throw new Error( msg ); + }, + + noop: function() {}, + + isPlainObject: function( obj ) { + var proto, Ctor; + + // Detect obvious negatives + // Use toString instead of jQuery.type to catch host objects + if ( !obj || toString.call( obj ) !== "[object Object]" ) { + return false; + } + + proto = getProto( obj ); + + // Objects with no prototype (e.g., `Object.create( null )`) are plain + if ( !proto ) { + return true; + } + + // Objects with prototype are plain iff they were constructed by a global Object function + Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; + return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; + }, + + isEmptyObject: function( obj ) { + var name; + + for ( name in obj ) { + return false; + } + return true; + }, + + // Evaluates a script in a provided context; falls back to the global one + // if not specified. + globalEval: function( code, options, doc ) { + DOMEval( code, { nonce: options && options.nonce }, doc ); + }, + + each: function( obj, callback ) { + var length, i = 0; + + if ( isArrayLike( obj ) ) { + length = obj.length; + for ( ; i < length; i++ ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } else { + for ( i in obj ) { + if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { + break; + } + } + } + + return obj; + }, + + // results is for internal usage only + makeArray: function( arr, results ) { + var ret = results || []; + + if ( arr != null ) { + if ( isArrayLike( Object( arr ) ) ) { + jQuery.merge( ret, + typeof arr === "string" ? + [ arr ] : arr + ); + } else { + push.call( ret, arr ); + } + } + + return ret; + }, + + inArray: function( elem, arr, i ) { + return arr == null ? -1 : indexOf.call( arr, elem, i ); + }, + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + merge: function( first, second ) { + var len = +second.length, + j = 0, + i = first.length; + + for ( ; j < len; j++ ) { + first[ i++ ] = second[ j ]; + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, invert ) { + var callbackInverse, + matches = [], + i = 0, + length = elems.length, + callbackExpect = !invert; + + // Go through the array, only saving the items + // that pass the validator function + for ( ; i < length; i++ ) { + callbackInverse = !callback( elems[ i ], i ); + if ( callbackInverse !== callbackExpect ) { + matches.push( elems[ i ] ); + } + } + + return matches; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var length, value, + i = 0, + ret = []; + + // Go through the array, translating each of the items to their new values + if ( isArrayLike( elems ) ) { + length = elems.length; + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + + // Go through every key on the object, + } else { + for ( i in elems ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret.push( value ); + } + } + } + + // Flatten any nested arrays + return flat( ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // jQuery.support is not used in Core but other projects attach their + // properties to it so it needs to exist. + support: support +} ); + +if ( typeof Symbol === "function" ) { + jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; +} + +// Populate the class2type map +jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), + function( _i, name ) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); + } ); + +function isArrayLike( obj ) { + + // Support: real iOS 8.2 only (not reproducible in simulator) + // `in` check used to prevent JIT error (gh-2145) + // hasOwn isn't used here due to false negatives + // regarding Nodelist length in IE + var length = !!obj && "length" in obj && obj.length, + type = toType( obj ); + + if ( isFunction( obj ) || isWindow( obj ) ) { + return false; + } + + return type === "array" || length === 0 || + typeof length === "number" && length > 0 && ( length - 1 ) in obj; +} +var Sizzle = +/*! + * Sizzle CSS Selector Engine v2.3.6 + * https://sizzlejs.com/ + * + * Copyright JS Foundation and other contributors + * Released under the MIT license + * https://js.foundation/ + * + * Date: 2021-02-16 + */ +( function( window ) { +var i, + support, + Expr, + getText, + isXML, + tokenize, + compile, + select, + outermostContext, + sortInput, + hasDuplicate, + + // Local document vars + setDocument, + document, + docElem, + documentIsHTML, + rbuggyQSA, + rbuggyMatches, + matches, + contains, + + // Instance-specific data + expando = "sizzle" + 1 * new Date(), + preferredDoc = window.document, + dirruns = 0, + done = 0, + classCache = createCache(), + tokenCache = createCache(), + compilerCache = createCache(), + nonnativeSelectorCache = createCache(), + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + } + return 0; + }, + + // Instance methods + hasOwn = ( {} ).hasOwnProperty, + arr = [], + pop = arr.pop, + pushNative = arr.push, + push = arr.push, + slice = arr.slice, + + // Use a stripped-down indexOf as it's faster than native + // https://jsperf.com/thor-indexof-vs-for/5 + indexOf = function( list, elem ) { + var i = 0, + len = list.length; + for ( ; i < len; i++ ) { + if ( list[ i ] === elem ) { + return i; + } + } + return -1; + }, + + booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|" + + "ismap|loop|multiple|open|readonly|required|scoped", + + // Regular expressions + + // http://www.w3.org/TR/css3-selectors/#whitespace + whitespace = "[\\x20\\t\\r\\n\\f]", + + // https://www.w3.org/TR/css-syntax-3/#ident-token-diagram + identifier = "(?:\\\\[\\da-fA-F]{1,6}" + whitespace + + "?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+", + + // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors + attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + + + // Operator (capture 2) + "*([*^$|!~]?=)" + whitespace + + + // "Attribute values must be CSS identifiers [capture 5] + // or strings [capture 3 or capture 4]" + "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + + whitespace + "*\\]", + + pseudos = ":(" + identifier + ")(?:\\((" + + + // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: + // 1. quoted (capture 3; capture 4 or capture 5) + "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + + + // 2. simple (capture 6) + "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + + + // 3. anything else (capture 2) + ".*" + + ")\\)|)", + + // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter + rwhitespace = new RegExp( whitespace + "+", "g" ), + rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + + whitespace + "+$", "g" ), + + rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), + rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + + "*" ), + rdescend = new RegExp( whitespace + "|>" ), + + rpseudo = new RegExp( pseudos ), + ridentifier = new RegExp( "^" + identifier + "$" ), + + matchExpr = { + "ID": new RegExp( "^#(" + identifier + ")" ), + "CLASS": new RegExp( "^\\.(" + identifier + ")" ), + "TAG": new RegExp( "^(" + identifier + "|[*])" ), + "ATTR": new RegExp( "^" + attributes ), + "PSEUDO": new RegExp( "^" + pseudos ), + "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + + whitespace + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + + whitespace + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), + "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), + + // For use in libraries implementing .is() + // We use this for POS matching in `select` + "needsContext": new RegExp( "^" + whitespace + + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + whitespace + + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) + }, + + rhtml = /HTML$/i, + rinputs = /^(?:input|select|textarea|button)$/i, + rheader = /^h\d$/i, + + rnative = /^[^{]+\{\s*\[native \w/, + + // Easily-parseable/retrievable ID or TAG or CLASS selectors + rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, + + rsibling = /[+~]/, + + // CSS escapes + // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters + runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace + "?|\\\\([^\\r\\n\\f])", "g" ), + funescape = function( escape, nonHex ) { + var high = "0x" + escape.slice( 1 ) - 0x10000; + + return nonHex ? + + // Strip the backslash prefix from a non-hex escape sequence + nonHex : + + // Replace a hexadecimal escape sequence with the encoded Unicode code point + // Support: IE <=11+ + // For values outside the Basic Multilingual Plane (BMP), manually construct a + // surrogate pair + high < 0 ? + String.fromCharCode( high + 0x10000 ) : + String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); + }, + + // CSS string/identifier serialization + // https://drafts.csswg.org/cssom/#common-serializing-idioms + rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, + fcssescape = function( ch, asCodePoint ) { + if ( asCodePoint ) { + + // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER + if ( ch === "\0" ) { + return "\uFFFD"; + } + + // Control characters and (dependent upon position) numbers get escaped as code points + return ch.slice( 0, -1 ) + "\\" + + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; + } + + // Other potentially-special ASCII characters get backslash-escaped + return "\\" + ch; + }, + + // Used for iframes + // See setDocument() + // Removing the function wrapper causes a "Permission Denied" + // error in IE + unloadHandler = function() { + setDocument(); + }, + + inDisabledFieldset = addCombinator( + function( elem ) { + return elem.disabled === true && elem.nodeName.toLowerCase() === "fieldset"; + }, + { dir: "parentNode", next: "legend" } + ); + +// Optimize for push.apply( _, NodeList ) +try { + push.apply( + ( arr = slice.call( preferredDoc.childNodes ) ), + preferredDoc.childNodes + ); + + // Support: Android<4.0 + // Detect silently failing push.apply + // eslint-disable-next-line no-unused-expressions + arr[ preferredDoc.childNodes.length ].nodeType; +} catch ( e ) { + push = { apply: arr.length ? + + // Leverage slice if possible + function( target, els ) { + pushNative.apply( target, slice.call( els ) ); + } : + + // Support: IE<9 + // Otherwise append directly + function( target, els ) { + var j = target.length, + i = 0; + + // Can't trust NodeList.length + while ( ( target[ j++ ] = els[ i++ ] ) ) {} + target.length = j - 1; + } + }; +} + +function Sizzle( selector, context, results, seed ) { + var m, i, elem, nid, match, groups, newSelector, + newContext = context && context.ownerDocument, + + // nodeType defaults to 9, since context defaults to document + nodeType = context ? context.nodeType : 9; + + results = results || []; + + // Return early from calls with invalid selector or context + if ( typeof selector !== "string" || !selector || + nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { + + return results; + } + + // Try to shortcut find operations (as opposed to filters) in HTML documents + if ( !seed ) { + setDocument( context ); + context = context || document; + + if ( documentIsHTML ) { + + // If the selector is sufficiently simple, try using a "get*By*" DOM method + // (excepting DocumentFragment context, where the methods don't exist) + if ( nodeType !== 11 && ( match = rquickExpr.exec( selector ) ) ) { + + // ID selector + if ( ( m = match[ 1 ] ) ) { + + // Document context + if ( nodeType === 9 ) { + if ( ( elem = context.getElementById( m ) ) ) { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( elem.id === m ) { + results.push( elem ); + return results; + } + } else { + return results; + } + + // Element context + } else { + + // Support: IE, Opera, Webkit + // TODO: identify versions + // getElementById can match elements by name instead of ID + if ( newContext && ( elem = newContext.getElementById( m ) ) && + contains( context, elem ) && + elem.id === m ) { + + results.push( elem ); + return results; + } + } + + // Type selector + } else if ( match[ 2 ] ) { + push.apply( results, context.getElementsByTagName( selector ) ); + return results; + + // Class selector + } else if ( ( m = match[ 3 ] ) && support.getElementsByClassName && + context.getElementsByClassName ) { + + push.apply( results, context.getElementsByClassName( m ) ); + return results; + } + } + + // Take advantage of querySelectorAll + if ( support.qsa && + !nonnativeSelectorCache[ selector + " " ] && + ( !rbuggyQSA || !rbuggyQSA.test( selector ) ) && + + // Support: IE 8 only + // Exclude object elements + ( nodeType !== 1 || context.nodeName.toLowerCase() !== "object" ) ) { + + newSelector = selector; + newContext = context; + + // qSA considers elements outside a scoping root when evaluating child or + // descendant combinators, which is not what we want. + // In such cases, we work around the behavior by prefixing every selector in the + // list with an ID selector referencing the scope context. + // The technique has to be used as well when a leading combinator is used + // as such selectors are not recognized by querySelectorAll. + // Thanks to Andrew Dupont for this technique. + if ( nodeType === 1 && + ( rdescend.test( selector ) || rcombinators.test( selector ) ) ) { + + // Expand context for sibling selectors + newContext = rsibling.test( selector ) && testContext( context.parentNode ) || + context; + + // We can use :scope instead of the ID hack if the browser + // supports it & if we're not changing the context. + if ( newContext !== context || !support.scope ) { + + // Capture the context ID, setting it first if necessary + if ( ( nid = context.getAttribute( "id" ) ) ) { + nid = nid.replace( rcssescape, fcssescape ); + } else { + context.setAttribute( "id", ( nid = expando ) ); + } + } + + // Prefix every selector in the list + groups = tokenize( selector ); + i = groups.length; + while ( i-- ) { + groups[ i ] = ( nid ? "#" + nid : ":scope" ) + " " + + toSelector( groups[ i ] ); + } + newSelector = groups.join( "," ); + } + + try { + push.apply( results, + newContext.querySelectorAll( newSelector ) + ); + return results; + } catch ( qsaError ) { + nonnativeSelectorCache( selector, true ); + } finally { + if ( nid === expando ) { + context.removeAttribute( "id" ); + } + } + } + } + } + + // All others + return select( selector.replace( rtrim, "$1" ), context, results, seed ); +} + +/** + * Create key-value caches of limited size + * @returns {function(string, object)} Returns the Object data after storing it on itself with + * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) + * deleting the oldest entry + */ +function createCache() { + var keys = []; + + function cache( key, value ) { + + // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) + if ( keys.push( key + " " ) > Expr.cacheLength ) { + + // Only keep the most recent entries + delete cache[ keys.shift() ]; + } + return ( cache[ key + " " ] = value ); + } + return cache; +} + +/** + * Mark a function for special use by Sizzle + * @param {Function} fn The function to mark + */ +function markFunction( fn ) { + fn[ expando ] = true; + return fn; +} + +/** + * Support testing using an element + * @param {Function} fn Passed the created element and returns a boolean result + */ +function assert( fn ) { + var el = document.createElement( "fieldset" ); + + try { + return !!fn( el ); + } catch ( e ) { + return false; + } finally { + + // Remove from its parent by default + if ( el.parentNode ) { + el.parentNode.removeChild( el ); + } + + // release memory in IE + el = null; + } +} + +/** + * Adds the same handler for all of the specified attrs + * @param {String} attrs Pipe-separated list of attributes + * @param {Function} handler The method that will be applied + */ +function addHandle( attrs, handler ) { + var arr = attrs.split( "|" ), + i = arr.length; + + while ( i-- ) { + Expr.attrHandle[ arr[ i ] ] = handler; + } +} + +/** + * Checks document order of two siblings + * @param {Element} a + * @param {Element} b + * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b + */ +function siblingCheck( a, b ) { + var cur = b && a, + diff = cur && a.nodeType === 1 && b.nodeType === 1 && + a.sourceIndex - b.sourceIndex; + + // Use IE sourceIndex if available on both nodes + if ( diff ) { + return diff; + } + + // Check if b follows a + if ( cur ) { + while ( ( cur = cur.nextSibling ) ) { + if ( cur === b ) { + return -1; + } + } + } + + return a ? 1 : -1; +} + +/** + * Returns a function to use in pseudos for input types + * @param {String} type + */ +function createInputPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for buttons + * @param {String} type + */ +function createButtonPseudo( type ) { + return function( elem ) { + var name = elem.nodeName.toLowerCase(); + return ( name === "input" || name === "button" ) && elem.type === type; + }; +} + +/** + * Returns a function to use in pseudos for :enabled/:disabled + * @param {Boolean} disabled true for :disabled; false for :enabled + */ +function createDisabledPseudo( disabled ) { + + // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable + return function( elem ) { + + // Only certain elements can match :enabled or :disabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled + // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled + if ( "form" in elem ) { + + // Check for inherited disabledness on relevant non-disabled elements: + // * listed form-associated elements in a disabled fieldset + // https://html.spec.whatwg.org/multipage/forms.html#category-listed + // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled + // * option elements in a disabled optgroup + // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled + // All such elements have a "form" property. + if ( elem.parentNode && elem.disabled === false ) { + + // Option elements defer to a parent optgroup if present + if ( "label" in elem ) { + if ( "label" in elem.parentNode ) { + return elem.parentNode.disabled === disabled; + } else { + return elem.disabled === disabled; + } + } + + // Support: IE 6 - 11 + // Use the isDisabled shortcut property to check for disabled fieldset ancestors + return elem.isDisabled === disabled || + + // Where there is no isDisabled, check manually + /* jshint -W018 */ + elem.isDisabled !== !disabled && + inDisabledFieldset( elem ) === disabled; + } + + return elem.disabled === disabled; + + // Try to winnow out elements that can't be disabled before trusting the disabled property. + // Some victims get caught in our net (label, legend, menu, track), but it shouldn't + // even exist on them, let alone have a boolean value. + } else if ( "label" in elem ) { + return elem.disabled === disabled; + } + + // Remaining elements are neither :enabled nor :disabled + return false; + }; +} + +/** + * Returns a function to use in pseudos for positionals + * @param {Function} fn + */ +function createPositionalPseudo( fn ) { + return markFunction( function( argument ) { + argument = +argument; + return markFunction( function( seed, matches ) { + var j, + matchIndexes = fn( [], seed.length, argument ), + i = matchIndexes.length; + + // Match elements found at the specified indexes + while ( i-- ) { + if ( seed[ ( j = matchIndexes[ i ] ) ] ) { + seed[ j ] = !( matches[ j ] = seed[ j ] ); + } + } + } ); + } ); +} + +/** + * Checks a node for validity as a Sizzle context + * @param {Element|Object=} context + * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value + */ +function testContext( context ) { + return context && typeof context.getElementsByTagName !== "undefined" && context; +} + +// Expose support vars for convenience +support = Sizzle.support = {}; + +/** + * Detects XML nodes + * @param {Element|Object} elem An element or a document + * @returns {Boolean} True iff elem is a non-HTML XML node + */ +isXML = Sizzle.isXML = function( elem ) { + var namespace = elem && elem.namespaceURI, + docElem = elem && ( elem.ownerDocument || elem ).documentElement; + + // Support: IE <=8 + // Assume HTML when documentElement doesn't yet exist, such as inside loading iframes + // https://bugs.jquery.com/ticket/4833 + return !rhtml.test( namespace || docElem && docElem.nodeName || "HTML" ); +}; + +/** + * Sets document-related variables once based on the current document + * @param {Element|Object} [doc] An element or document object to use to set the document + * @returns {Object} Returns the current document + */ +setDocument = Sizzle.setDocument = function( node ) { + var hasCompare, subWindow, + doc = node ? node.ownerDocument || node : preferredDoc; + + // Return early if doc is invalid or already selected + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( doc == document || doc.nodeType !== 9 || !doc.documentElement ) { + return document; + } + + // Update global variables + document = doc; + docElem = document.documentElement; + documentIsHTML = !isXML( document ); + + // Support: IE 9 - 11+, Edge 12 - 18+ + // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( preferredDoc != document && + ( subWindow = document.defaultView ) && subWindow.top !== subWindow ) { + + // Support: IE 11, Edge + if ( subWindow.addEventListener ) { + subWindow.addEventListener( "unload", unloadHandler, false ); + + // Support: IE 9 - 10 only + } else if ( subWindow.attachEvent ) { + subWindow.attachEvent( "onunload", unloadHandler ); + } + } + + // Support: IE 8 - 11+, Edge 12 - 18+, Chrome <=16 - 25 only, Firefox <=3.6 - 31 only, + // Safari 4 - 5 only, Opera <=11.6 - 12.x only + // IE/Edge & older browsers don't support the :scope pseudo-class. + // Support: Safari 6.0 only + // Safari 6.0 supports :scope but it's an alias of :root there. + support.scope = assert( function( el ) { + docElem.appendChild( el ).appendChild( document.createElement( "div" ) ); + return typeof el.querySelectorAll !== "undefined" && + !el.querySelectorAll( ":scope fieldset div" ).length; + } ); + + /* Attributes + ---------------------------------------------------------------------- */ + + // Support: IE<8 + // Verify that getAttribute really returns attributes and not properties + // (excepting IE8 booleans) + support.attributes = assert( function( el ) { + el.className = "i"; + return !el.getAttribute( "className" ); + } ); + + /* getElement(s)By* + ---------------------------------------------------------------------- */ + + // Check if getElementsByTagName("*") returns only elements + support.getElementsByTagName = assert( function( el ) { + el.appendChild( document.createComment( "" ) ); + return !el.getElementsByTagName( "*" ).length; + } ); + + // Support: IE<9 + support.getElementsByClassName = rnative.test( document.getElementsByClassName ); + + // Support: IE<10 + // Check if getElementById returns elements by name + // The broken getElementById methods don't pick up programmatically-set names, + // so use a roundabout getElementsByName test + support.getById = assert( function( el ) { + docElem.appendChild( el ).id = expando; + return !document.getElementsByName || !document.getElementsByName( expando ).length; + } ); + + // ID filter and find + if ( support.getById ) { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + return elem.getAttribute( "id" ) === attrId; + }; + }; + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var elem = context.getElementById( id ); + return elem ? [ elem ] : []; + } + }; + } else { + Expr.filter[ "ID" ] = function( id ) { + var attrId = id.replace( runescape, funescape ); + return function( elem ) { + var node = typeof elem.getAttributeNode !== "undefined" && + elem.getAttributeNode( "id" ); + return node && node.value === attrId; + }; + }; + + // Support: IE 6 - 7 only + // getElementById is not reliable as a find shortcut + Expr.find[ "ID" ] = function( id, context ) { + if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { + var node, i, elems, + elem = context.getElementById( id ); + + if ( elem ) { + + // Verify the id attribute + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + + // Fall back on getElementsByName + elems = context.getElementsByName( id ); + i = 0; + while ( ( elem = elems[ i++ ] ) ) { + node = elem.getAttributeNode( "id" ); + if ( node && node.value === id ) { + return [ elem ]; + } + } + } + + return []; + } + }; + } + + // Tag + Expr.find[ "TAG" ] = support.getElementsByTagName ? + function( tag, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( tag ); + + // DocumentFragment nodes don't have gEBTN + } else if ( support.qsa ) { + return context.querySelectorAll( tag ); + } + } : + + function( tag, context ) { + var elem, + tmp = [], + i = 0, + + // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too + results = context.getElementsByTagName( tag ); + + // Filter out possible comments + if ( tag === "*" ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem.nodeType === 1 ) { + tmp.push( elem ); + } + } + + return tmp; + } + return results; + }; + + // Class + Expr.find[ "CLASS" ] = support.getElementsByClassName && function( className, context ) { + if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { + return context.getElementsByClassName( className ); + } + }; + + /* QSA/matchesSelector + ---------------------------------------------------------------------- */ + + // QSA and matchesSelector support + + // matchesSelector(:active) reports false when true (IE9/Opera 11.5) + rbuggyMatches = []; + + // qSa(:focus) reports false when true (Chrome 21) + // We allow this because of a bug in IE8/9 that throws an error + // whenever `document.activeElement` is accessed on an iframe + // So, we allow :focus to pass through QSA all the time to avoid the IE error + // See https://bugs.jquery.com/ticket/13378 + rbuggyQSA = []; + + if ( ( support.qsa = rnative.test( document.querySelectorAll ) ) ) { + + // Build QSA regex + // Regex strategy adopted from Diego Perini + assert( function( el ) { + + var input; + + // Select is set to empty string on purpose + // This is to test IE's treatment of not explicitly + // setting a boolean content attribute, + // since its presence should be enough + // https://bugs.jquery.com/ticket/12359 + docElem.appendChild( el ).innerHTML = "" + + ""; + + // Support: IE8, Opera 11-12.16 + // Nothing should be selected when empty strings follow ^= or $= or *= + // The test attribute must be unknown in Opera but "safe" for WinRT + // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section + if ( el.querySelectorAll( "[msallowcapture^='']" ).length ) { + rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); + } + + // Support: IE8 + // Boolean attributes and "value" are not treated correctly + if ( !el.querySelectorAll( "[selected]" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); + } + + // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ + if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { + rbuggyQSA.push( "~=" ); + } + + // Support: IE 11+, Edge 15 - 18+ + // IE 11/Edge don't find elements on a `[name='']` query in some cases. + // Adding a temporary attribute to the document before the selection works + // around the issue. + // Interestingly, IE 10 & older don't seem to have the issue. + input = document.createElement( "input" ); + input.setAttribute( "name", "" ); + el.appendChild( input ); + if ( !el.querySelectorAll( "[name='']" ).length ) { + rbuggyQSA.push( "\\[" + whitespace + "*name" + whitespace + "*=" + + whitespace + "*(?:''|\"\")" ); + } + + // Webkit/Opera - :checked should return selected option elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + // IE8 throws error here and will not see later tests + if ( !el.querySelectorAll( ":checked" ).length ) { + rbuggyQSA.push( ":checked" ); + } + + // Support: Safari 8+, iOS 8+ + // https://bugs.webkit.org/show_bug.cgi?id=136851 + // In-page `selector#id sibling-combinator selector` fails + if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { + rbuggyQSA.push( ".#.+[+~]" ); + } + + // Support: Firefox <=3.6 - 5 only + // Old Firefox doesn't throw on a badly-escaped identifier. + el.querySelectorAll( "\\\f" ); + rbuggyQSA.push( "[\\r\\n\\f]" ); + } ); + + assert( function( el ) { + el.innerHTML = "" + + ""; + + // Support: Windows 8 Native Apps + // The type and name attributes are restricted during .innerHTML assignment + var input = document.createElement( "input" ); + input.setAttribute( "type", "hidden" ); + el.appendChild( input ).setAttribute( "name", "D" ); + + // Support: IE8 + // Enforce case-sensitivity of name attribute + if ( el.querySelectorAll( "[name=d]" ).length ) { + rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); + } + + // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) + // IE8 throws error here and will not see later tests + if ( el.querySelectorAll( ":enabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: IE9-11+ + // IE's :disabled selector does not pick up the children of disabled fieldsets + docElem.appendChild( el ).disabled = true; + if ( el.querySelectorAll( ":disabled" ).length !== 2 ) { + rbuggyQSA.push( ":enabled", ":disabled" ); + } + + // Support: Opera 10 - 11 only + // Opera 10-11 does not throw on post-comma invalid pseudos + el.querySelectorAll( "*,:x" ); + rbuggyQSA.push( ",.*:" ); + } ); + } + + if ( ( support.matchesSelector = rnative.test( ( matches = docElem.matches || + docElem.webkitMatchesSelector || + docElem.mozMatchesSelector || + docElem.oMatchesSelector || + docElem.msMatchesSelector ) ) ) ) { + + assert( function( el ) { + + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9) + support.disconnectedMatch = matches.call( el, "*" ); + + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( el, "[s!='']:x" ); + rbuggyMatches.push( "!=", pseudos ); + } ); + } + + rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join( "|" ) ); + rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join( "|" ) ); + + /* Contains + ---------------------------------------------------------------------- */ + hasCompare = rnative.test( docElem.compareDocumentPosition ); + + // Element contains another + // Purposefully self-exclusive + // As in, an element does not contain itself + contains = hasCompare || rnative.test( docElem.contains ) ? + function( a, b ) { + var adown = a.nodeType === 9 ? a.documentElement : a, + bup = b && b.parentNode; + return a === bup || !!( bup && bup.nodeType === 1 && ( + adown.contains ? + adown.contains( bup ) : + a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 + ) ); + } : + function( a, b ) { + if ( b ) { + while ( ( b = b.parentNode ) ) { + if ( b === a ) { + return true; + } + } + } + return false; + }; + + /* Sorting + ---------------------------------------------------------------------- */ + + // Document order sorting + sortOrder = hasCompare ? + function( a, b ) { + + // Flag for duplicate removal + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + // Sort on method existence if only one input has compareDocumentPosition + var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; + if ( compare ) { + return compare; + } + + // Calculate position if both inputs belong to the same document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + compare = ( a.ownerDocument || a ) == ( b.ownerDocument || b ) ? + a.compareDocumentPosition( b ) : + + // Otherwise we know they are disconnected + 1; + + // Disconnected nodes + if ( compare & 1 || + ( !support.sortDetached && b.compareDocumentPosition( a ) === compare ) ) { + + // Choose the first element that is related to our preferred document + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( a == document || a.ownerDocument == preferredDoc && + contains( preferredDoc, a ) ) { + return -1; + } + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( b == document || b.ownerDocument == preferredDoc && + contains( preferredDoc, b ) ) { + return 1; + } + + // Maintain original order + return sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + } + + return compare & 4 ? -1 : 1; + } : + function( a, b ) { + + // Exit early if the nodes are identical + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + var cur, + i = 0, + aup = a.parentNode, + bup = b.parentNode, + ap = [ a ], + bp = [ b ]; + + // Parentless nodes are either documents or disconnected + if ( !aup || !bup ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + return a == document ? -1 : + b == document ? 1 : + /* eslint-enable eqeqeq */ + aup ? -1 : + bup ? 1 : + sortInput ? + ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : + 0; + + // If the nodes are siblings, we can do a quick check + } else if ( aup === bup ) { + return siblingCheck( a, b ); + } + + // Otherwise we need full lists of their ancestors for comparison + cur = a; + while ( ( cur = cur.parentNode ) ) { + ap.unshift( cur ); + } + cur = b; + while ( ( cur = cur.parentNode ) ) { + bp.unshift( cur ); + } + + // Walk down the tree looking for a discrepancy + while ( ap[ i ] === bp[ i ] ) { + i++; + } + + return i ? + + // Do a sibling check if the nodes have a common ancestor + siblingCheck( ap[ i ], bp[ i ] ) : + + // Otherwise nodes in our document sort first + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + /* eslint-disable eqeqeq */ + ap[ i ] == preferredDoc ? -1 : + bp[ i ] == preferredDoc ? 1 : + /* eslint-enable eqeqeq */ + 0; + }; + + return document; +}; + +Sizzle.matches = function( expr, elements ) { + return Sizzle( expr, null, null, elements ); +}; + +Sizzle.matchesSelector = function( elem, expr ) { + setDocument( elem ); + + if ( support.matchesSelector && documentIsHTML && + !nonnativeSelectorCache[ expr + " " ] && + ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && + ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { + + try { + var ret = matches.call( elem, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || support.disconnectedMatch || + + // As well, disconnected nodes are said to be in a document + // fragment in IE 9 + elem.document && elem.document.nodeType !== 11 ) { + return ret; + } + } catch ( e ) { + nonnativeSelectorCache( expr, true ); + } + } + + return Sizzle( expr, document, null, [ elem ] ).length > 0; +}; + +Sizzle.contains = function( context, elem ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( context.ownerDocument || context ) != document ) { + setDocument( context ); + } + return contains( context, elem ); +}; + +Sizzle.attr = function( elem, name ) { + + // Set document vars if needed + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( ( elem.ownerDocument || elem ) != document ) { + setDocument( elem ); + } + + var fn = Expr.attrHandle[ name.toLowerCase() ], + + // Don't get fooled by Object.prototype properties (jQuery #13807) + val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? + fn( elem, name, !documentIsHTML ) : + undefined; + + return val !== undefined ? + val : + support.attributes || !documentIsHTML ? + elem.getAttribute( name ) : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; +}; + +Sizzle.escape = function( sel ) { + return ( sel + "" ).replace( rcssescape, fcssescape ); +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Document sorting and removing duplicates + * @param {ArrayLike} results + */ +Sizzle.uniqueSort = function( results ) { + var elem, + duplicates = [], + j = 0, + i = 0; + + // Unless we *know* we can detect duplicates, assume their presence + hasDuplicate = !support.detectDuplicates; + sortInput = !support.sortStable && results.slice( 0 ); + results.sort( sortOrder ); + + if ( hasDuplicate ) { + while ( ( elem = results[ i++ ] ) ) { + if ( elem === results[ i ] ) { + j = duplicates.push( i ); + } + } + while ( j-- ) { + results.splice( duplicates[ j ], 1 ); + } + } + + // Clear input after sorting to release objects + // See https://github.com/jquery/sizzle/pull/225 + sortInput = null; + + return results; +}; + +/** + * Utility function for retrieving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +getText = Sizzle.getText = function( elem ) { + var node, + ret = "", + i = 0, + nodeType = elem.nodeType; + + if ( !nodeType ) { + + // If no nodeType, this is expected to be an array + while ( ( node = elem[ i++ ] ) ) { + + // Do not traverse comment nodes + ret += getText( node ); + } + } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + + // Use textContent for elements + // innerText usage removed for consistency of new lines (jQuery #11153) + if ( typeof elem.textContent === "string" ) { + return elem.textContent; + } else { + + // Traverse its children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + + // Do not include comment or processing instruction nodes + + return ret; +}; + +Expr = Sizzle.selectors = { + + // Can be adjusted by the user + cacheLength: 50, + + createPseudo: markFunction, + + match: matchExpr, + + attrHandle: {}, + + find: {}, + + relative: { + ">": { dir: "parentNode", first: true }, + " ": { dir: "parentNode" }, + "+": { dir: "previousSibling", first: true }, + "~": { dir: "previousSibling" } + }, + + preFilter: { + "ATTR": function( match ) { + match[ 1 ] = match[ 1 ].replace( runescape, funescape ); + + // Move the given value to match[3] whether quoted or unquoted + match[ 3 ] = ( match[ 3 ] || match[ 4 ] || + match[ 5 ] || "" ).replace( runescape, funescape ); + + if ( match[ 2 ] === "~=" ) { + match[ 3 ] = " " + match[ 3 ] + " "; + } + + return match.slice( 0, 4 ); + }, + + "CHILD": function( match ) { + + /* matches from matchExpr["CHILD"] + 1 type (only|nth|...) + 2 what (child|of-type) + 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) + 4 xn-component of xn+y argument ([+-]?\d*n|) + 5 sign of xn-component + 6 x of xn-component + 7 sign of y-component + 8 y of y-component + */ + match[ 1 ] = match[ 1 ].toLowerCase(); + + if ( match[ 1 ].slice( 0, 3 ) === "nth" ) { + + // nth-* requires argument + if ( !match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + // numeric x and y parameters for Expr.filter.CHILD + // remember that false/true cast respectively to 0/1 + match[ 4 ] = +( match[ 4 ] ? + match[ 5 ] + ( match[ 6 ] || 1 ) : + 2 * ( match[ 3 ] === "even" || match[ 3 ] === "odd" ) ); + match[ 5 ] = +( ( match[ 7 ] + match[ 8 ] ) || match[ 3 ] === "odd" ); + + // other types prohibit arguments + } else if ( match[ 3 ] ) { + Sizzle.error( match[ 0 ] ); + } + + return match; + }, + + "PSEUDO": function( match ) { + var excess, + unquoted = !match[ 6 ] && match[ 2 ]; + + if ( matchExpr[ "CHILD" ].test( match[ 0 ] ) ) { + return null; + } + + // Accept quoted arguments as-is + if ( match[ 3 ] ) { + match[ 2 ] = match[ 4 ] || match[ 5 ] || ""; + + // Strip excess characters from unquoted arguments + } else if ( unquoted && rpseudo.test( unquoted ) && + + // Get excess from tokenize (recursively) + ( excess = tokenize( unquoted, true ) ) && + + // advance to the next closing parenthesis + ( excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length ) ) { + + // excess is a negative index + match[ 0 ] = match[ 0 ].slice( 0, excess ); + match[ 2 ] = unquoted.slice( 0, excess ); + } + + // Return only captures needed by the pseudo filter method (type and argument) + return match.slice( 0, 3 ); + } + }, + + filter: { + + "TAG": function( nodeNameSelector ) { + var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); + return nodeNameSelector === "*" ? + function() { + return true; + } : + function( elem ) { + return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; + }; + }, + + "CLASS": function( className ) { + var pattern = classCache[ className + " " ]; + + return pattern || + ( pattern = new RegExp( "(^|" + whitespace + + ")" + className + "(" + whitespace + "|$)" ) ) && classCache( + className, function( elem ) { + return pattern.test( + typeof elem.className === "string" && elem.className || + typeof elem.getAttribute !== "undefined" && + elem.getAttribute( "class" ) || + "" + ); + } ); + }, + + "ATTR": function( name, operator, check ) { + return function( elem ) { + var result = Sizzle.attr( elem, name ); + + if ( result == null ) { + return operator === "!="; + } + if ( !operator ) { + return true; + } + + result += ""; + + /* eslint-disable max-len */ + + return operator === "=" ? result === check : + operator === "!=" ? result !== check : + operator === "^=" ? check && result.indexOf( check ) === 0 : + operator === "*=" ? check && result.indexOf( check ) > -1 : + operator === "$=" ? check && result.slice( -check.length ) === check : + operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : + operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : + false; + /* eslint-enable max-len */ + + }; + }, + + "CHILD": function( type, what, _argument, first, last ) { + var simple = type.slice( 0, 3 ) !== "nth", + forward = type.slice( -4 ) !== "last", + ofType = what === "of-type"; + + return first === 1 && last === 0 ? + + // Shortcut for :nth-*(n) + function( elem ) { + return !!elem.parentNode; + } : + + function( elem, _context, xml ) { + var cache, uniqueCache, outerCache, node, nodeIndex, start, + dir = simple !== forward ? "nextSibling" : "previousSibling", + parent = elem.parentNode, + name = ofType && elem.nodeName.toLowerCase(), + useCache = !xml && !ofType, + diff = false; + + if ( parent ) { + + // :(first|last|only)-(child|of-type) + if ( simple ) { + while ( dir ) { + node = elem; + while ( ( node = node[ dir ] ) ) { + if ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) { + + return false; + } + } + + // Reverse direction for :only-* (if we haven't yet done so) + start = dir = type === "only" && !start && "nextSibling"; + } + return true; + } + + start = [ forward ? parent.firstChild : parent.lastChild ]; + + // non-xml :nth-child(...) stores cache data on `parent` + if ( forward && useCache ) { + + // Seek `elem` from a previously-cached index + + // ...in a gzip-friendly way + node = parent; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex && cache[ 2 ]; + node = nodeIndex && parent.childNodes[ nodeIndex ]; + + while ( ( node = ++nodeIndex && node && node[ dir ] || + + // Fallback to seeking `elem` from the start + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + // When found, cache indexes on `parent` and break + if ( node.nodeType === 1 && ++diff && node === elem ) { + uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; + break; + } + } + + } else { + + // Use previously-cached element index if available + if ( useCache ) { + + // ...in a gzip-friendly way + node = elem; + outerCache = node[ expando ] || ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + cache = uniqueCache[ type ] || []; + nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; + diff = nodeIndex; + } + + // xml :nth-child(...) + // or :nth-last-child(...) or :nth(-last)?-of-type(...) + if ( diff === false ) { + + // Use the same loop as above to seek `elem` from the start + while ( ( node = ++nodeIndex && node && node[ dir ] || + ( diff = nodeIndex = 0 ) || start.pop() ) ) { + + if ( ( ofType ? + node.nodeName.toLowerCase() === name : + node.nodeType === 1 ) && + ++diff ) { + + // Cache the index of each encountered element + if ( useCache ) { + outerCache = node[ expando ] || + ( node[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ node.uniqueID ] || + ( outerCache[ node.uniqueID ] = {} ); + + uniqueCache[ type ] = [ dirruns, diff ]; + } + + if ( node === elem ) { + break; + } + } + } + } + } + + // Incorporate the offset, then check against cycle size + diff -= last; + return diff === first || ( diff % first === 0 && diff / first >= 0 ); + } + }; + }, + + "PSEUDO": function( pseudo, argument ) { + + // pseudo-class names are case-insensitive + // http://www.w3.org/TR/selectors/#pseudo-classes + // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters + // Remember that setFilters inherits from pseudos + var args, + fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || + Sizzle.error( "unsupported pseudo: " + pseudo ); + + // The user may use createPseudo to indicate that + // arguments are needed to create the filter function + // just as Sizzle does + if ( fn[ expando ] ) { + return fn( argument ); + } + + // But maintain support for old signatures + if ( fn.length > 1 ) { + args = [ pseudo, pseudo, "", argument ]; + return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? + markFunction( function( seed, matches ) { + var idx, + matched = fn( seed, argument ), + i = matched.length; + while ( i-- ) { + idx = indexOf( seed, matched[ i ] ); + seed[ idx ] = !( matches[ idx ] = matched[ i ] ); + } + } ) : + function( elem ) { + return fn( elem, 0, args ); + }; + } + + return fn; + } + }, + + pseudos: { + + // Potentially complex pseudos + "not": markFunction( function( selector ) { + + // Trim the selector passed to compile + // to avoid treating leading and trailing + // spaces as combinators + var input = [], + results = [], + matcher = compile( selector.replace( rtrim, "$1" ) ); + + return matcher[ expando ] ? + markFunction( function( seed, matches, _context, xml ) { + var elem, + unmatched = matcher( seed, null, xml, [] ), + i = seed.length; + + // Match elements unmatched by `matcher` + while ( i-- ) { + if ( ( elem = unmatched[ i ] ) ) { + seed[ i ] = !( matches[ i ] = elem ); + } + } + } ) : + function( elem, _context, xml ) { + input[ 0 ] = elem; + matcher( input, null, xml, results ); + + // Don't keep the element (issue #299) + input[ 0 ] = null; + return !results.pop(); + }; + } ), + + "has": markFunction( function( selector ) { + return function( elem ) { + return Sizzle( selector, elem ).length > 0; + }; + } ), + + "contains": markFunction( function( text ) { + text = text.replace( runescape, funescape ); + return function( elem ) { + return ( elem.textContent || getText( elem ) ).indexOf( text ) > -1; + }; + } ), + + // "Whether an element is represented by a :lang() selector + // is based solely on the element's language value + // being equal to the identifier C, + // or beginning with the identifier C immediately followed by "-". + // The matching of C against the element's language value is performed case-insensitively. + // The identifier C does not have to be a valid language name." + // http://www.w3.org/TR/selectors/#lang-pseudo + "lang": markFunction( function( lang ) { + + // lang value must be a valid identifier + if ( !ridentifier.test( lang || "" ) ) { + Sizzle.error( "unsupported lang: " + lang ); + } + lang = lang.replace( runescape, funescape ).toLowerCase(); + return function( elem ) { + var elemLang; + do { + if ( ( elemLang = documentIsHTML ? + elem.lang : + elem.getAttribute( "xml:lang" ) || elem.getAttribute( "lang" ) ) ) { + + elemLang = elemLang.toLowerCase(); + return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; + } + } while ( ( elem = elem.parentNode ) && elem.nodeType === 1 ); + return false; + }; + } ), + + // Miscellaneous + "target": function( elem ) { + var hash = window.location && window.location.hash; + return hash && hash.slice( 1 ) === elem.id; + }, + + "root": function( elem ) { + return elem === docElem; + }, + + "focus": function( elem ) { + return elem === document.activeElement && + ( !document.hasFocus || document.hasFocus() ) && + !!( elem.type || elem.href || ~elem.tabIndex ); + }, + + // Boolean properties + "enabled": createDisabledPseudo( false ), + "disabled": createDisabledPseudo( true ), + + "checked": function( elem ) { + + // In CSS3, :checked should return both checked and selected elements + // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked + var nodeName = elem.nodeName.toLowerCase(); + return ( nodeName === "input" && !!elem.checked ) || + ( nodeName === "option" && !!elem.selected ); + }, + + "selected": function( elem ) { + + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + // eslint-disable-next-line no-unused-expressions + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + // Contents + "empty": function( elem ) { + + // http://www.w3.org/TR/selectors/#empty-pseudo + // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), + // but not by others (comment: 8; processing instruction: 7; etc.) + // nodeType < 6 works because attributes (2) do not appear as children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { + if ( elem.nodeType < 6 ) { + return false; + } + } + return true; + }, + + "parent": function( elem ) { + return !Expr.pseudos[ "empty" ]( elem ); + }, + + // Element/input types + "header": function( elem ) { + return rheader.test( elem.nodeName ); + }, + + "input": function( elem ) { + return rinputs.test( elem.nodeName ); + }, + + "button": function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && elem.type === "button" || name === "button"; + }, + + "text": function( elem ) { + var attr; + return elem.nodeName.toLowerCase() === "input" && + elem.type === "text" && + + // Support: IE<8 + // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" + ( ( attr = elem.getAttribute( "type" ) ) == null || + attr.toLowerCase() === "text" ); + }, + + // Position-in-collection + "first": createPositionalPseudo( function() { + return [ 0 ]; + } ), + + "last": createPositionalPseudo( function( _matchIndexes, length ) { + return [ length - 1 ]; + } ), + + "eq": createPositionalPseudo( function( _matchIndexes, length, argument ) { + return [ argument < 0 ? argument + length : argument ]; + } ), + + "even": createPositionalPseudo( function( matchIndexes, length ) { + var i = 0; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "odd": createPositionalPseudo( function( matchIndexes, length ) { + var i = 1; + for ( ; i < length; i += 2 ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "lt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? + argument + length : + argument > length ? + length : + argument; + for ( ; --i >= 0; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ), + + "gt": createPositionalPseudo( function( matchIndexes, length, argument ) { + var i = argument < 0 ? argument + length : argument; + for ( ; ++i < length; ) { + matchIndexes.push( i ); + } + return matchIndexes; + } ) + } +}; + +Expr.pseudos[ "nth" ] = Expr.pseudos[ "eq" ]; + +// Add button/input type pseudos +for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { + Expr.pseudos[ i ] = createInputPseudo( i ); +} +for ( i in { submit: true, reset: true } ) { + Expr.pseudos[ i ] = createButtonPseudo( i ); +} + +// Easy API for creating new setFilters +function setFilters() {} +setFilters.prototype = Expr.filters = Expr.pseudos; +Expr.setFilters = new setFilters(); + +tokenize = Sizzle.tokenize = function( selector, parseOnly ) { + var matched, match, tokens, type, + soFar, groups, preFilters, + cached = tokenCache[ selector + " " ]; + + if ( cached ) { + return parseOnly ? 0 : cached.slice( 0 ); + } + + soFar = selector; + groups = []; + preFilters = Expr.preFilter; + + while ( soFar ) { + + // Comma and first run + if ( !matched || ( match = rcomma.exec( soFar ) ) ) { + if ( match ) { + + // Don't consume trailing commas as valid + soFar = soFar.slice( match[ 0 ].length ) || soFar; + } + groups.push( ( tokens = [] ) ); + } + + matched = false; + + // Combinators + if ( ( match = rcombinators.exec( soFar ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + + // Cast descendant combinators to space + type: match[ 0 ].replace( rtrim, " " ) + } ); + soFar = soFar.slice( matched.length ); + } + + // Filters + for ( type in Expr.filter ) { + if ( ( match = matchExpr[ type ].exec( soFar ) ) && ( !preFilters[ type ] || + ( match = preFilters[ type ]( match ) ) ) ) { + matched = match.shift(); + tokens.push( { + value: matched, + type: type, + matches: match + } ); + soFar = soFar.slice( matched.length ); + } + } + + if ( !matched ) { + break; + } + } + + // Return the length of the invalid excess + // if we're just parsing + // Otherwise, throw an error or return tokens + return parseOnly ? + soFar.length : + soFar ? + Sizzle.error( selector ) : + + // Cache the tokens + tokenCache( selector, groups ).slice( 0 ); +}; + +function toSelector( tokens ) { + var i = 0, + len = tokens.length, + selector = ""; + for ( ; i < len; i++ ) { + selector += tokens[ i ].value; + } + return selector; +} + +function addCombinator( matcher, combinator, base ) { + var dir = combinator.dir, + skip = combinator.next, + key = skip || dir, + checkNonElements = base && key === "parentNode", + doneName = done++; + + return combinator.first ? + + // Check against closest ancestor/preceding element + function( elem, context, xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + return matcher( elem, context, xml ); + } + } + return false; + } : + + // Check against all ancestor/preceding elements + function( elem, context, xml ) { + var oldCache, uniqueCache, outerCache, + newCache = [ dirruns, doneName ]; + + // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching + if ( xml ) { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + if ( matcher( elem, context, xml ) ) { + return true; + } + } + } + } else { + while ( ( elem = elem[ dir ] ) ) { + if ( elem.nodeType === 1 || checkNonElements ) { + outerCache = elem[ expando ] || ( elem[ expando ] = {} ); + + // Support: IE <9 only + // Defend against cloned attroperties (jQuery gh-1709) + uniqueCache = outerCache[ elem.uniqueID ] || + ( outerCache[ elem.uniqueID ] = {} ); + + if ( skip && skip === elem.nodeName.toLowerCase() ) { + elem = elem[ dir ] || elem; + } else if ( ( oldCache = uniqueCache[ key ] ) && + oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { + + // Assign to newCache so results back-propagate to previous elements + return ( newCache[ 2 ] = oldCache[ 2 ] ); + } else { + + // Reuse newcache so results back-propagate to previous elements + uniqueCache[ key ] = newCache; + + // A match means we're done; a fail means we have to keep checking + if ( ( newCache[ 2 ] = matcher( elem, context, xml ) ) ) { + return true; + } + } + } + } + } + return false; + }; +} + +function elementMatcher( matchers ) { + return matchers.length > 1 ? + function( elem, context, xml ) { + var i = matchers.length; + while ( i-- ) { + if ( !matchers[ i ]( elem, context, xml ) ) { + return false; + } + } + return true; + } : + matchers[ 0 ]; +} + +function multipleContexts( selector, contexts, results ) { + var i = 0, + len = contexts.length; + for ( ; i < len; i++ ) { + Sizzle( selector, contexts[ i ], results ); + } + return results; +} + +function condense( unmatched, map, filter, context, xml ) { + var elem, + newUnmatched = [], + i = 0, + len = unmatched.length, + mapped = map != null; + + for ( ; i < len; i++ ) { + if ( ( elem = unmatched[ i ] ) ) { + if ( !filter || filter( elem, context, xml ) ) { + newUnmatched.push( elem ); + if ( mapped ) { + map.push( i ); + } + } + } + } + + return newUnmatched; +} + +function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { + if ( postFilter && !postFilter[ expando ] ) { + postFilter = setMatcher( postFilter ); + } + if ( postFinder && !postFinder[ expando ] ) { + postFinder = setMatcher( postFinder, postSelector ); + } + return markFunction( function( seed, results, context, xml ) { + var temp, i, elem, + preMap = [], + postMap = [], + preexisting = results.length, + + // Get initial elements from seed or context + elems = seed || multipleContexts( + selector || "*", + context.nodeType ? [ context ] : context, + [] + ), + + // Prefilter to get matcher input, preserving a map for seed-results synchronization + matcherIn = preFilter && ( seed || !selector ) ? + condense( elems, preMap, preFilter, context, xml ) : + elems, + + matcherOut = matcher ? + + // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, + postFinder || ( seed ? preFilter : preexisting || postFilter ) ? + + // ...intermediate processing is necessary + [] : + + // ...otherwise use results directly + results : + matcherIn; + + // Find primary matches + if ( matcher ) { + matcher( matcherIn, matcherOut, context, xml ); + } + + // Apply postFilter + if ( postFilter ) { + temp = condense( matcherOut, postMap ); + postFilter( temp, [], context, xml ); + + // Un-match failing elements by moving them back to matcherIn + i = temp.length; + while ( i-- ) { + if ( ( elem = temp[ i ] ) ) { + matcherOut[ postMap[ i ] ] = !( matcherIn[ postMap[ i ] ] = elem ); + } + } + } + + if ( seed ) { + if ( postFinder || preFilter ) { + if ( postFinder ) { + + // Get the final matcherOut by condensing this intermediate into postFinder contexts + temp = []; + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) ) { + + // Restore matcherIn since elem is not yet a final match + temp.push( ( matcherIn[ i ] = elem ) ); + } + } + postFinder( null, ( matcherOut = [] ), temp, xml ); + } + + // Move matched elements from seed to results to keep them synchronized + i = matcherOut.length; + while ( i-- ) { + if ( ( elem = matcherOut[ i ] ) && + ( temp = postFinder ? indexOf( seed, elem ) : preMap[ i ] ) > -1 ) { + + seed[ temp ] = !( results[ temp ] = elem ); + } + } + } + + // Add elements to results, through postFinder if defined + } else { + matcherOut = condense( + matcherOut === results ? + matcherOut.splice( preexisting, matcherOut.length ) : + matcherOut + ); + if ( postFinder ) { + postFinder( null, results, matcherOut, xml ); + } else { + push.apply( results, matcherOut ); + } + } + } ); +} + +function matcherFromTokens( tokens ) { + var checkContext, matcher, j, + len = tokens.length, + leadingRelative = Expr.relative[ tokens[ 0 ].type ], + implicitRelative = leadingRelative || Expr.relative[ " " ], + i = leadingRelative ? 1 : 0, + + // The foundational matcher ensures that elements are reachable from top-level context(s) + matchContext = addCombinator( function( elem ) { + return elem === checkContext; + }, implicitRelative, true ), + matchAnyContext = addCombinator( function( elem ) { + return indexOf( checkContext, elem ) > -1; + }, implicitRelative, true ), + matchers = [ function( elem, context, xml ) { + var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( + ( checkContext = context ).nodeType ? + matchContext( elem, context, xml ) : + matchAnyContext( elem, context, xml ) ); + + // Avoid hanging onto element (issue #299) + checkContext = null; + return ret; + } ]; + + for ( ; i < len; i++ ) { + if ( ( matcher = Expr.relative[ tokens[ i ].type ] ) ) { + matchers = [ addCombinator( elementMatcher( matchers ), matcher ) ]; + } else { + matcher = Expr.filter[ tokens[ i ].type ].apply( null, tokens[ i ].matches ); + + // Return special upon seeing a positional matcher + if ( matcher[ expando ] ) { + + // Find the next relative operator (if any) for proper handling + j = ++i; + for ( ; j < len; j++ ) { + if ( Expr.relative[ tokens[ j ].type ] ) { + break; + } + } + return setMatcher( + i > 1 && elementMatcher( matchers ), + i > 1 && toSelector( + + // If the preceding token was a descendant combinator, insert an implicit any-element `*` + tokens + .slice( 0, i - 1 ) + .concat( { value: tokens[ i - 2 ].type === " " ? "*" : "" } ) + ).replace( rtrim, "$1" ), + matcher, + i < j && matcherFromTokens( tokens.slice( i, j ) ), + j < len && matcherFromTokens( ( tokens = tokens.slice( j ) ) ), + j < len && toSelector( tokens ) + ); + } + matchers.push( matcher ); + } + } + + return elementMatcher( matchers ); +} + +function matcherFromGroupMatchers( elementMatchers, setMatchers ) { + var bySet = setMatchers.length > 0, + byElement = elementMatchers.length > 0, + superMatcher = function( seed, context, xml, results, outermost ) { + var elem, j, matcher, + matchedCount = 0, + i = "0", + unmatched = seed && [], + setMatched = [], + contextBackup = outermostContext, + + // We must always have either seed elements or outermost context + elems = seed || byElement && Expr.find[ "TAG" ]( "*", outermost ), + + // Use integer dirruns iff this is the outermost matcher + dirrunsUnique = ( dirruns += contextBackup == null ? 1 : Math.random() || 0.1 ), + len = elems.length; + + if ( outermost ) { + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + outermostContext = context == document || context || outermost; + } + + // Add elements passing elementMatchers directly to results + // Support: IE<9, Safari + // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id + for ( ; i !== len && ( elem = elems[ i ] ) != null; i++ ) { + if ( byElement && elem ) { + j = 0; + + // Support: IE 11+, Edge 17 - 18+ + // IE/Edge sometimes throw a "Permission denied" error when strict-comparing + // two documents; shallow comparisons work. + // eslint-disable-next-line eqeqeq + if ( !context && elem.ownerDocument != document ) { + setDocument( elem ); + xml = !documentIsHTML; + } + while ( ( matcher = elementMatchers[ j++ ] ) ) { + if ( matcher( elem, context || document, xml ) ) { + results.push( elem ); + break; + } + } + if ( outermost ) { + dirruns = dirrunsUnique; + } + } + + // Track unmatched elements for set filters + if ( bySet ) { + + // They will have gone through all possible matchers + if ( ( elem = !matcher && elem ) ) { + matchedCount--; + } + + // Lengthen the array for every element, matched or not + if ( seed ) { + unmatched.push( elem ); + } + } + } + + // `i` is now the count of elements visited above, and adding it to `matchedCount` + // makes the latter nonnegative. + matchedCount += i; + + // Apply set filters to unmatched elements + // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` + // equals `i`), unless we didn't visit _any_ elements in the above loop because we have + // no element matchers and no seed. + // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that + // case, which will result in a "00" `matchedCount` that differs from `i` but is also + // numerically zero. + if ( bySet && i !== matchedCount ) { + j = 0; + while ( ( matcher = setMatchers[ j++ ] ) ) { + matcher( unmatched, setMatched, context, xml ); + } + + if ( seed ) { + + // Reintegrate element matches to eliminate the need for sorting + if ( matchedCount > 0 ) { + while ( i-- ) { + if ( !( unmatched[ i ] || setMatched[ i ] ) ) { + setMatched[ i ] = pop.call( results ); + } + } + } + + // Discard index placeholder values to get only actual matches + setMatched = condense( setMatched ); + } + + // Add matches to results + push.apply( results, setMatched ); + + // Seedless set matches succeeding multiple successful matchers stipulate sorting + if ( outermost && !seed && setMatched.length > 0 && + ( matchedCount + setMatchers.length ) > 1 ) { + + Sizzle.uniqueSort( results ); + } + } + + // Override manipulation of globals by nested matchers + if ( outermost ) { + dirruns = dirrunsUnique; + outermostContext = contextBackup; + } + + return unmatched; + }; + + return bySet ? + markFunction( superMatcher ) : + superMatcher; +} + +compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { + var i, + setMatchers = [], + elementMatchers = [], + cached = compilerCache[ selector + " " ]; + + if ( !cached ) { + + // Generate a function of recursive functions that can be used to check each element + if ( !match ) { + match = tokenize( selector ); + } + i = match.length; + while ( i-- ) { + cached = matcherFromTokens( match[ i ] ); + if ( cached[ expando ] ) { + setMatchers.push( cached ); + } else { + elementMatchers.push( cached ); + } + } + + // Cache the compiled function + cached = compilerCache( + selector, + matcherFromGroupMatchers( elementMatchers, setMatchers ) + ); + + // Save selector and tokenization + cached.selector = selector; + } + return cached; +}; + +/** + * A low-level selection function that works with Sizzle's compiled + * selector functions + * @param {String|Function} selector A selector or a pre-compiled + * selector function built with Sizzle.compile + * @param {Element} context + * @param {Array} [results] + * @param {Array} [seed] A set of elements to match against + */ +select = Sizzle.select = function( selector, context, results, seed ) { + var i, tokens, token, type, find, + compiled = typeof selector === "function" && selector, + match = !seed && tokenize( ( selector = compiled.selector || selector ) ); + + results = results || []; + + // Try to minimize operations if there is only one selector in the list and no seed + // (the latter of which guarantees us context) + if ( match.length === 1 ) { + + // Reduce context if the leading compound selector is an ID + tokens = match[ 0 ] = match[ 0 ].slice( 0 ); + if ( tokens.length > 2 && ( token = tokens[ 0 ] ).type === "ID" && + context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[ 1 ].type ] ) { + + context = ( Expr.find[ "ID" ]( token.matches[ 0 ] + .replace( runescape, funescape ), context ) || [] )[ 0 ]; + if ( !context ) { + return results; + + // Precompiled matchers will still verify ancestry, so step up a level + } else if ( compiled ) { + context = context.parentNode; + } + + selector = selector.slice( tokens.shift().value.length ); + } + + // Fetch a seed set for right-to-left matching + i = matchExpr[ "needsContext" ].test( selector ) ? 0 : tokens.length; + while ( i-- ) { + token = tokens[ i ]; + + // Abort if we hit a combinator + if ( Expr.relative[ ( type = token.type ) ] ) { + break; + } + if ( ( find = Expr.find[ type ] ) ) { + + // Search, expanding context for leading sibling combinators + if ( ( seed = find( + token.matches[ 0 ].replace( runescape, funescape ), + rsibling.test( tokens[ 0 ].type ) && testContext( context.parentNode ) || + context + ) ) ) { + + // If seed is empty or no tokens remain, we can return early + tokens.splice( i, 1 ); + selector = seed.length && toSelector( tokens ); + if ( !selector ) { + push.apply( results, seed ); + return results; + } + + break; + } + } + } + } + + // Compile and execute a filtering function if one is not provided + // Provide `match` to avoid retokenization if we modified the selector above + ( compiled || compile( selector, match ) )( + seed, + context, + !documentIsHTML, + results, + !context || rsibling.test( selector ) && testContext( context.parentNode ) || context + ); + return results; +}; + +// One-time assignments + +// Sort stability +support.sortStable = expando.split( "" ).sort( sortOrder ).join( "" ) === expando; + +// Support: Chrome 14-35+ +// Always assume duplicates if they aren't passed to the comparison function +support.detectDuplicates = !!hasDuplicate; + +// Initialize against the default document +setDocument(); + +// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) +// Detached nodes confoundingly follow *each other* +support.sortDetached = assert( function( el ) { + + // Should return 1, but returns 4 (following) + return el.compareDocumentPosition( document.createElement( "fieldset" ) ) & 1; +} ); + +// Support: IE<8 +// Prevent attribute/property "interpolation" +// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx +if ( !assert( function( el ) { + el.innerHTML = ""; + return el.firstChild.getAttribute( "href" ) === "#"; +} ) ) { + addHandle( "type|href|height|width", function( elem, name, isXML ) { + if ( !isXML ) { + return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); + } + } ); +} + +// Support: IE<9 +// Use defaultValue in place of getAttribute("value") +if ( !support.attributes || !assert( function( el ) { + el.innerHTML = ""; + el.firstChild.setAttribute( "value", "" ); + return el.firstChild.getAttribute( "value" ) === ""; +} ) ) { + addHandle( "value", function( elem, _name, isXML ) { + if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { + return elem.defaultValue; + } + } ); +} + +// Support: IE<9 +// Use getAttributeNode to fetch booleans when getAttribute lies +if ( !assert( function( el ) { + return el.getAttribute( "disabled" ) == null; +} ) ) { + addHandle( booleans, function( elem, name, isXML ) { + var val; + if ( !isXML ) { + return elem[ name ] === true ? name.toLowerCase() : + ( val = elem.getAttributeNode( name ) ) && val.specified ? + val.value : + null; + } + } ); +} + +return Sizzle; + +} )( window ); + + + +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; + +// Deprecated +jQuery.expr[ ":" ] = jQuery.expr.pseudos; +jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; +jQuery.escapeSelector = Sizzle.escape; + + + + +var dir = function( elem, dir, until ) { + var matched = [], + truncate = until !== undefined; + + while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { + if ( elem.nodeType === 1 ) { + if ( truncate && jQuery( elem ).is( until ) ) { + break; + } + matched.push( elem ); + } + } + return matched; +}; + + +var siblings = function( n, elem ) { + var matched = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + matched.push( n ); + } + } + + return matched; +}; + + +var rneedsContext = jQuery.expr.match.needsContext; + + + +function nodeName( elem, name ) { + + return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); + +} +var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); + + + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, not ) { + if ( isFunction( qualifier ) ) { + return jQuery.grep( elements, function( elem, i ) { + return !!qualifier.call( elem, i, elem ) !== not; + } ); + } + + // Single element + if ( qualifier.nodeType ) { + return jQuery.grep( elements, function( elem ) { + return ( elem === qualifier ) !== not; + } ); + } + + // Arraylike of elements (jQuery, arguments, Array) + if ( typeof qualifier !== "string" ) { + return jQuery.grep( elements, function( elem ) { + return ( indexOf.call( qualifier, elem ) > -1 ) !== not; + } ); + } + + // Filtered directly for both simple and complex selectors + return jQuery.filter( qualifier, elements, not ); +} + +jQuery.filter = function( expr, elems, not ) { + var elem = elems[ 0 ]; + + if ( not ) { + expr = ":not(" + expr + ")"; + } + + if ( elems.length === 1 && elem.nodeType === 1 ) { + return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; + } + + return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { + return elem.nodeType === 1; + } ) ); +}; + +jQuery.fn.extend( { + find: function( selector ) { + var i, ret, + len = this.length, + self = this; + + if ( typeof selector !== "string" ) { + return this.pushStack( jQuery( selector ).filter( function() { + for ( i = 0; i < len; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + } ) ); + } + + ret = this.pushStack( [] ); + + for ( i = 0; i < len; i++ ) { + jQuery.find( selector, self[ i ], ret ); + } + + return len > 1 ? jQuery.uniqueSort( ret ) : ret; + }, + filter: function( selector ) { + return this.pushStack( winnow( this, selector || [], false ) ); + }, + not: function( selector ) { + return this.pushStack( winnow( this, selector || [], true ) ); + }, + is: function( selector ) { + return !!winnow( + this, + + // If this is a positional/relative selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + typeof selector === "string" && rneedsContext.test( selector ) ? + jQuery( selector ) : + selector || [], + false + ).length; + } +} ); + + +// Initialize a jQuery object + + +// A central reference to the root jQuery(document) +var rootjQuery, + + // A simple way to check for HTML strings + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + // Shortcut simple #id case for speed + rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, + + init = jQuery.fn.init = function( selector, context, root ) { + var match, elem; + + // HANDLE: $(""), $(null), $(undefined), $(false) + if ( !selector ) { + return this; + } + + // Method init() accepts an alternate rootjQuery + // so migrate can support jQuery.sub (gh-2101) + root = root || rootjQuery; + + // Handle HTML strings + if ( typeof selector === "string" ) { + if ( selector[ 0 ] === "<" && + selector[ selector.length - 1 ] === ">" && + selector.length >= 3 ) { + + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = rquickExpr.exec( selector ); + } + + // Match html or make sure no context is specified for #id + if ( match && ( match[ 1 ] || !context ) ) { + + // HANDLE: $(html) -> $(array) + if ( match[ 1 ] ) { + context = context instanceof jQuery ? context[ 0 ] : context; + + // Option to run scripts is true for back-compat + // Intentionally let the error be thrown if parseHTML is not present + jQuery.merge( this, jQuery.parseHTML( + match[ 1 ], + context && context.nodeType ? context.ownerDocument || context : document, + true + ) ); + + // HANDLE: $(html, props) + if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { + for ( match in context ) { + + // Properties of context are called as methods if possible + if ( isFunction( this[ match ] ) ) { + this[ match ]( context[ match ] ); + + // ...and otherwise set as attributes + } else { + this.attr( match, context[ match ] ); + } + } + } + + return this; + + // HANDLE: $(#id) + } else { + elem = document.getElementById( match[ 2 ] ); + + if ( elem ) { + + // Inject the element directly into the jQuery object + this[ 0 ] = elem; + this.length = 1; + } + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || root ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(DOMElement) + } else if ( selector.nodeType ) { + this[ 0 ] = selector; + this.length = 1; + return this; + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( isFunction( selector ) ) { + return root.ready !== undefined ? + root.ready( selector ) : + + // Execute immediately if ready is not present + selector( jQuery ); + } + + return jQuery.makeArray( selector, this ); + }; + +// Give the init function the jQuery prototype for later instantiation +init.prototype = jQuery.fn; + +// Initialize central reference +rootjQuery = jQuery( document ); + + +var rparentsprev = /^(?:parents|prev(?:Until|All))/, + + // Methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend( { + has: function( target ) { + var targets = jQuery( target, this ), + l = targets.length; + + return this.filter( function() { + var i = 0; + for ( ; i < l; i++ ) { + if ( jQuery.contains( this, targets[ i ] ) ) { + return true; + } + } + } ); + }, + + closest: function( selectors, context ) { + var cur, + i = 0, + l = this.length, + matched = [], + targets = typeof selectors !== "string" && jQuery( selectors ); + + // Positional selectors never match, since there's no _selection_ context + if ( !rneedsContext.test( selectors ) ) { + for ( ; i < l; i++ ) { + for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { + + // Always skip document fragments + if ( cur.nodeType < 11 && ( targets ? + targets.index( cur ) > -1 : + + // Don't pass non-elements to Sizzle + cur.nodeType === 1 && + jQuery.find.matchesSelector( cur, selectors ) ) ) { + + matched.push( cur ); + break; + } + } + } + } + + return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); + }, + + // Determine the position of an element within the set + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; + } + + // Index in selector + if ( typeof elem === "string" ) { + return indexOf.call( jQuery( elem ), this[ 0 ] ); + } + + // Locate the position of the desired element + return indexOf.call( this, + + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[ 0 ] : elem + ); + }, + + add: function( selector, context ) { + return this.pushStack( + jQuery.uniqueSort( + jQuery.merge( this.get(), jQuery( selector, context ) ) + ) + ); + }, + + addBack: function( selector ) { + return this.add( selector == null ? + this.prevObject : this.prevObject.filter( selector ) + ); + } +} ); + +function sibling( cur, dir ) { + while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} + return cur; +} + +jQuery.each( { + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, _i, until ) { + return dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return sibling( elem, "nextSibling" ); + }, + prev: function( elem ) { + return sibling( elem, "previousSibling" ); + }, + nextAll: function( elem ) { + return dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, _i, until ) { + return dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, _i, until ) { + return dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return siblings( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return siblings( elem.firstChild ); + }, + contents: function( elem ) { + if ( elem.contentDocument != null && + + // Support: IE 11+ + // elements with no `data` attribute has an object + // `contentDocument` with a `null` prototype. + getProto( elem.contentDocument ) ) { + + return elem.contentDocument; + } + + // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only + // Treat the template element as a regular one in browsers that + // don't support it. + if ( nodeName( elem, "template" ) ) { + elem = elem.content || elem; + } + + return jQuery.merge( [], elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var matched = jQuery.map( this, fn, until ); + + if ( name.slice( -5 ) !== "Until" ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + matched = jQuery.filter( selector, matched ); + } + + if ( this.length > 1 ) { + + // Remove duplicates + if ( !guaranteedUnique[ name ] ) { + jQuery.uniqueSort( matched ); + } + + // Reverse order for parents* and prev-derivatives + if ( rparentsprev.test( name ) ) { + matched.reverse(); + } + } + + return this.pushStack( matched ); + }; +} ); +var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); + + + +// Convert String-formatted options into Object-formatted ones +function createOptions( options ) { + var object = {}; + jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { + object[ flag ] = true; + } ); + return object; +} + +/* + * Create a callback list using the following parameters: + * + * options: an optional list of space-separated options that will change how + * the callback list behaves or a more traditional option object + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible options: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( options ) { + + // Convert options from String-formatted to Object-formatted if needed + // (we check in cache first) + options = typeof options === "string" ? + createOptions( options ) : + jQuery.extend( {}, options ); + + var // Flag to know if list is currently firing + firing, + + // Last fire value for non-forgettable lists + memory, + + // Flag to know if list was already fired + fired, + + // Flag to prevent firing + locked, + + // Actual callback list + list = [], + + // Queue of execution data for repeatable lists + queue = [], + + // Index of currently firing callback (modified by add/remove as needed) + firingIndex = -1, + + // Fire callbacks + fire = function() { + + // Enforce single-firing + locked = locked || options.once; + + // Execute callbacks for all pending executions, + // respecting firingIndex overrides and runtime changes + fired = firing = true; + for ( ; queue.length; firingIndex = -1 ) { + memory = queue.shift(); + while ( ++firingIndex < list.length ) { + + // Run callback and check for early termination + if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && + options.stopOnFalse ) { + + // Jump to end and forget the data so .add doesn't re-fire + firingIndex = list.length; + memory = false; + } + } + } + + // Forget the data if we're done with it + if ( !options.memory ) { + memory = false; + } + + firing = false; + + // Clean up if we're done firing for good + if ( locked ) { + + // Keep an empty list if we have data for future add calls + if ( memory ) { + list = []; + + // Otherwise, this object is spent + } else { + list = ""; + } + } + }, + + // Actual Callbacks object + self = { + + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + + // If we have memory from a past run, we should fire after adding + if ( memory && !firing ) { + firingIndex = list.length - 1; + queue.push( memory ); + } + + ( function add( args ) { + jQuery.each( args, function( _, arg ) { + if ( isFunction( arg ) ) { + if ( !options.unique || !self.has( arg ) ) { + list.push( arg ); + } + } else if ( arg && arg.length && toType( arg ) !== "string" ) { + + // Inspect recursively + add( arg ); + } + } ); + } )( arguments ); + + if ( memory && !firing ) { + fire(); + } + } + return this; + }, + + // Remove a callback from the list + remove: function() { + jQuery.each( arguments, function( _, arg ) { + var index; + while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { + list.splice( index, 1 ); + + // Handle firing indexes + if ( index <= firingIndex ) { + firingIndex--; + } + } + } ); + return this; + }, + + // Check if a given callback is in the list. + // If no argument is given, return whether or not list has callbacks attached. + has: function( fn ) { + return fn ? + jQuery.inArray( fn, list ) > -1 : + list.length > 0; + }, + + // Remove all callbacks from the list + empty: function() { + if ( list ) { + list = []; + } + return this; + }, + + // Disable .fire and .add + // Abort any current/pending executions + // Clear all callbacks and values + disable: function() { + locked = queue = []; + list = memory = ""; + return this; + }, + disabled: function() { + return !list; + }, + + // Disable .fire + // Also disable .add unless we have memory (since it would have no effect) + // Abort any pending executions + lock: function() { + locked = queue = []; + if ( !memory && !firing ) { + list = memory = ""; + } + return this; + }, + locked: function() { + return !!locked; + }, + + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( !locked ) { + args = args || []; + args = [ context, args.slice ? args.slice() : args ]; + queue.push( args ); + if ( !firing ) { + fire(); + } + } + return this; + }, + + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + +function Identity( v ) { + return v; +} +function Thrower( ex ) { + throw ex; +} + +function adoptValue( value, resolve, reject, noValue ) { + var method; + + try { + + // Check for promise aspect first to privilege synchronous behavior + if ( value && isFunction( ( method = value.promise ) ) ) { + method.call( value ).done( resolve ).fail( reject ); + + // Other thenables + } else if ( value && isFunction( ( method = value.then ) ) ) { + method.call( value, resolve, reject ); + + // Other non-thenables + } else { + + // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: + // * false: [ value ].slice( 0 ) => resolve( value ) + // * true: [ value ].slice( 1 ) => resolve() + resolve.apply( undefined, [ value ].slice( noValue ) ); + } + + // For Promises/A+, convert exceptions into rejections + // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in + // Deferred#then to conditionally suppress rejection. + } catch ( value ) { + + // Support: Android 4.0 only + // Strict mode functions invoked without .call/.apply get global-object context + reject.apply( undefined, [ value ] ); + } +} + +jQuery.extend( { + + Deferred: function( func ) { + var tuples = [ + + // action, add listener, callbacks, + // ... .then handlers, argument index, [final state] + [ "notify", "progress", jQuery.Callbacks( "memory" ), + jQuery.Callbacks( "memory" ), 2 ], + [ "resolve", "done", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 0, "resolved" ], + [ "reject", "fail", jQuery.Callbacks( "once memory" ), + jQuery.Callbacks( "once memory" ), 1, "rejected" ] + ], + state = "pending", + promise = { + state: function() { + return state; + }, + always: function() { + deferred.done( arguments ).fail( arguments ); + return this; + }, + "catch": function( fn ) { + return promise.then( null, fn ); + }, + + // Keep pipe for back-compat + pipe: function( /* fnDone, fnFail, fnProgress */ ) { + var fns = arguments; + + return jQuery.Deferred( function( newDefer ) { + jQuery.each( tuples, function( _i, tuple ) { + + // Map tuples (progress, done, fail) to arguments (done, fail, progress) + var fn = isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; + + // deferred.progress(function() { bind to newDefer or newDefer.notify }) + // deferred.done(function() { bind to newDefer or newDefer.resolve }) + // deferred.fail(function() { bind to newDefer or newDefer.reject }) + deferred[ tuple[ 1 ] ]( function() { + var returned = fn && fn.apply( this, arguments ); + if ( returned && isFunction( returned.promise ) ) { + returned.promise() + .progress( newDefer.notify ) + .done( newDefer.resolve ) + .fail( newDefer.reject ); + } else { + newDefer[ tuple[ 0 ] + "With" ]( + this, + fn ? [ returned ] : arguments + ); + } + } ); + } ); + fns = null; + } ).promise(); + }, + then: function( onFulfilled, onRejected, onProgress ) { + var maxDepth = 0; + function resolve( depth, deferred, handler, special ) { + return function() { + var that = this, + args = arguments, + mightThrow = function() { + var returned, then; + + // Support: Promises/A+ section 2.3.3.3.3 + // https://promisesaplus.com/#point-59 + // Ignore double-resolution attempts + if ( depth < maxDepth ) { + return; + } + + returned = handler.apply( that, args ); + + // Support: Promises/A+ section 2.3.1 + // https://promisesaplus.com/#point-48 + if ( returned === deferred.promise() ) { + throw new TypeError( "Thenable self-resolution" ); + } + + // Support: Promises/A+ sections 2.3.3.1, 3.5 + // https://promisesaplus.com/#point-54 + // https://promisesaplus.com/#point-75 + // Retrieve `then` only once + then = returned && + + // Support: Promises/A+ section 2.3.4 + // https://promisesaplus.com/#point-64 + // Only check objects and functions for thenability + ( typeof returned === "object" || + typeof returned === "function" ) && + returned.then; + + // Handle a returned thenable + if ( isFunction( then ) ) { + + // Special processors (notify) just wait for resolution + if ( special ) { + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ) + ); + + // Normal processors (resolve) also hook into progress + } else { + + // ...and disregard older resolution values + maxDepth++; + + then.call( + returned, + resolve( maxDepth, deferred, Identity, special ), + resolve( maxDepth, deferred, Thrower, special ), + resolve( maxDepth, deferred, Identity, + deferred.notifyWith ) + ); + } + + // Handle all other returned values + } else { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Identity ) { + that = undefined; + args = [ returned ]; + } + + // Process the value(s) + // Default process is resolve + ( special || deferred.resolveWith )( that, args ); + } + }, + + // Only normal processors (resolve) catch and reject exceptions + process = special ? + mightThrow : + function() { + try { + mightThrow(); + } catch ( e ) { + + if ( jQuery.Deferred.exceptionHook ) { + jQuery.Deferred.exceptionHook( e, + process.stackTrace ); + } + + // Support: Promises/A+ section 2.3.3.3.4.1 + // https://promisesaplus.com/#point-61 + // Ignore post-resolution exceptions + if ( depth + 1 >= maxDepth ) { + + // Only substitute handlers pass on context + // and multiple values (non-spec behavior) + if ( handler !== Thrower ) { + that = undefined; + args = [ e ]; + } + + deferred.rejectWith( that, args ); + } + } + }; + + // Support: Promises/A+ section 2.3.3.3.1 + // https://promisesaplus.com/#point-57 + // Re-resolve promises immediately to dodge false rejection from + // subsequent errors + if ( depth ) { + process(); + } else { + + // Call an optional hook to record the stack, in case of exception + // since it's otherwise lost when execution goes async + if ( jQuery.Deferred.getStackHook ) { + process.stackTrace = jQuery.Deferred.getStackHook(); + } + window.setTimeout( process ); + } + }; + } + + return jQuery.Deferred( function( newDefer ) { + + // progress_handlers.add( ... ) + tuples[ 0 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onProgress ) ? + onProgress : + Identity, + newDefer.notifyWith + ) + ); + + // fulfilled_handlers.add( ... ) + tuples[ 1 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onFulfilled ) ? + onFulfilled : + Identity + ) + ); + + // rejected_handlers.add( ... ) + tuples[ 2 ][ 3 ].add( + resolve( + 0, + newDefer, + isFunction( onRejected ) ? + onRejected : + Thrower + ) + ); + } ).promise(); + }, + + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + return obj != null ? jQuery.extend( obj, promise ) : promise; + } + }, + deferred = {}; + + // Add list-specific methods + jQuery.each( tuples, function( i, tuple ) { + var list = tuple[ 2 ], + stateString = tuple[ 5 ]; + + // promise.progress = list.add + // promise.done = list.add + // promise.fail = list.add + promise[ tuple[ 1 ] ] = list.add; + + // Handle state + if ( stateString ) { + list.add( + function() { + + // state = "resolved" (i.e., fulfilled) + // state = "rejected" + state = stateString; + }, + + // rejected_callbacks.disable + // fulfilled_callbacks.disable + tuples[ 3 - i ][ 2 ].disable, + + // rejected_handlers.disable + // fulfilled_handlers.disable + tuples[ 3 - i ][ 3 ].disable, + + // progress_callbacks.lock + tuples[ 0 ][ 2 ].lock, + + // progress_handlers.lock + tuples[ 0 ][ 3 ].lock + ); + } + + // progress_handlers.fire + // fulfilled_handlers.fire + // rejected_handlers.fire + list.add( tuple[ 3 ].fire ); + + // deferred.notify = function() { deferred.notifyWith(...) } + // deferred.resolve = function() { deferred.resolveWith(...) } + // deferred.reject = function() { deferred.rejectWith(...) } + deferred[ tuple[ 0 ] ] = function() { + deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); + return this; + }; + + // deferred.notifyWith = list.fireWith + // deferred.resolveWith = list.fireWith + // deferred.rejectWith = list.fireWith + deferred[ tuple[ 0 ] + "With" ] = list.fireWith; + } ); + + // Make the deferred a promise + promise.promise( deferred ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( singleValue ) { + var + + // count of uncompleted subordinates + remaining = arguments.length, + + // count of unprocessed arguments + i = remaining, + + // subordinate fulfillment data + resolveContexts = Array( i ), + resolveValues = slice.call( arguments ), + + // the primary Deferred + primary = jQuery.Deferred(), + + // subordinate callback factory + updateFunc = function( i ) { + return function( value ) { + resolveContexts[ i ] = this; + resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; + if ( !( --remaining ) ) { + primary.resolveWith( resolveContexts, resolveValues ); + } + }; + }; + + // Single- and empty arguments are adopted like Promise.resolve + if ( remaining <= 1 ) { + adoptValue( singleValue, primary.done( updateFunc( i ) ).resolve, primary.reject, + !remaining ); + + // Use .then() to unwrap secondary thenables (cf. gh-3000) + if ( primary.state() === "pending" || + isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { + + return primary.then(); + } + } + + // Multiple arguments are aggregated like Promise.all array elements + while ( i-- ) { + adoptValue( resolveValues[ i ], updateFunc( i ), primary.reject ); + } + + return primary.promise(); + } +} ); + + +// These usually indicate a programmer mistake during development, +// warn about them ASAP rather than swallowing them by default. +var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; + +jQuery.Deferred.exceptionHook = function( error, stack ) { + + // Support: IE 8 - 9 only + // Console exists when dev tools are open, which can happen at any time + if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { + window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); + } +}; + + + + +jQuery.readyException = function( error ) { + window.setTimeout( function() { + throw error; + } ); +}; + + + + +// The deferred used on DOM ready +var readyList = jQuery.Deferred(); + +jQuery.fn.ready = function( fn ) { + + readyList + .then( fn ) + + // Wrap jQuery.readyException in a function so that the lookup + // happens at the time of error handling instead of callback + // registration. + .catch( function( error ) { + jQuery.readyException( error ); + } ); + + return this; +}; + +jQuery.extend( { + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Handle when the DOM is ready + ready: function( wait ) { + + // Abort if there are pending holds or we're already ready + if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { + return; + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.resolveWith( document, [ jQuery ] ); + } +} ); + +jQuery.ready.then = readyList.then; + +// The ready event handler and self cleanup method +function completed() { + document.removeEventListener( "DOMContentLoaded", completed ); + window.removeEventListener( "load", completed ); + jQuery.ready(); +} + +// Catch cases where $(document).ready() is called +// after the browser event has already occurred. +// Support: IE <=9 - 10 only +// Older IE sometimes signals "interactive" too soon +if ( document.readyState === "complete" || + ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { + + // Handle it asynchronously to allow scripts the opportunity to delay ready + window.setTimeout( jQuery.ready ); + +} else { + + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", completed ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", completed ); +} + + + + +// Multifunctional method to get and set values of a collection +// The value/s can optionally be executed if it's a function +var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { + var i = 0, + len = elems.length, + bulk = key == null; + + // Sets many values + if ( toType( key ) === "object" ) { + chainable = true; + for ( i in key ) { + access( elems, fn, i, key[ i ], true, emptyGet, raw ); + } + + // Sets one value + } else if ( value !== undefined ) { + chainable = true; + + if ( !isFunction( value ) ) { + raw = true; + } + + if ( bulk ) { + + // Bulk operations run against the entire set + if ( raw ) { + fn.call( elems, value ); + fn = null; + + // ...except when executing function values + } else { + bulk = fn; + fn = function( elem, _key, value ) { + return bulk.call( jQuery( elem ), value ); + }; + } + } + + if ( fn ) { + for ( ; i < len; i++ ) { + fn( + elems[ i ], key, raw ? + value : + value.call( elems[ i ], i, fn( elems[ i ], key ) ) + ); + } + } + } + + if ( chainable ) { + return elems; + } + + // Gets + if ( bulk ) { + return fn.call( elems ); + } + + return len ? fn( elems[ 0 ], key ) : emptyGet; +}; + + +// Matches dashed string for camelizing +var rmsPrefix = /^-ms-/, + rdashAlpha = /-([a-z])/g; + +// Used by camelCase as callback to replace() +function fcamelCase( _all, letter ) { + return letter.toUpperCase(); +} + +// Convert dashed to camelCase; used by the css and data modules +// Support: IE <=9 - 11, Edge 12 - 15 +// Microsoft forgot to hump their vendor prefix (#9572) +function camelCase( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); +} +var acceptData = function( owner ) { + + // Accepts only: + // - Node + // - Node.ELEMENT_NODE + // - Node.DOCUMENT_NODE + // - Object + // - Any + return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); +}; + + + + +function Data() { + this.expando = jQuery.expando + Data.uid++; +} + +Data.uid = 1; + +Data.prototype = { + + cache: function( owner ) { + + // Check if the owner object already has a cache + var value = owner[ this.expando ]; + + // If not, create one + if ( !value ) { + value = {}; + + // We can accept data for non-element nodes in modern browsers, + // but we should not, see #8335. + // Always return an empty object. + if ( acceptData( owner ) ) { + + // If it is a node unlikely to be stringify-ed or looped over + // use plain assignment + if ( owner.nodeType ) { + owner[ this.expando ] = value; + + // Otherwise secure it in a non-enumerable property + // configurable must be true to allow the property to be + // deleted when data is removed + } else { + Object.defineProperty( owner, this.expando, { + value: value, + configurable: true + } ); + } + } + } + + return value; + }, + set: function( owner, data, value ) { + var prop, + cache = this.cache( owner ); + + // Handle: [ owner, key, value ] args + // Always use camelCase key (gh-2257) + if ( typeof data === "string" ) { + cache[ camelCase( data ) ] = value; + + // Handle: [ owner, { properties } ] args + } else { + + // Copy the properties one-by-one to the cache object + for ( prop in data ) { + cache[ camelCase( prop ) ] = data[ prop ]; + } + } + return cache; + }, + get: function( owner, key ) { + return key === undefined ? + this.cache( owner ) : + + // Always use camelCase key (gh-2257) + owner[ this.expando ] && owner[ this.expando ][ camelCase( key ) ]; + }, + access: function( owner, key, value ) { + + // In cases where either: + // + // 1. No key was specified + // 2. A string key was specified, but no value provided + // + // Take the "read" path and allow the get method to determine + // which value to return, respectively either: + // + // 1. The entire cache object + // 2. The data stored at the key + // + if ( key === undefined || + ( ( key && typeof key === "string" ) && value === undefined ) ) { + + return this.get( owner, key ); + } + + // When the key is not a string, or both a key and value + // are specified, set or extend (existing objects) with either: + // + // 1. An object of properties + // 2. A key and value + // + this.set( owner, key, value ); + + // Since the "set" path can have two possible entry points + // return the expected data based on which path was taken[*] + return value !== undefined ? value : key; + }, + remove: function( owner, key ) { + var i, + cache = owner[ this.expando ]; + + if ( cache === undefined ) { + return; + } + + if ( key !== undefined ) { + + // Support array or space separated string of keys + if ( Array.isArray( key ) ) { + + // If key is an array of keys... + // We always set camelCase keys, so remove that. + key = key.map( camelCase ); + } else { + key = camelCase( key ); + + // If a key with the spaces exists, use it. + // Otherwise, create an array by matching non-whitespace + key = key in cache ? + [ key ] : + ( key.match( rnothtmlwhite ) || [] ); + } + + i = key.length; + + while ( i-- ) { + delete cache[ key[ i ] ]; + } + } + + // Remove the expando if there's no more data + if ( key === undefined || jQuery.isEmptyObject( cache ) ) { + + // Support: Chrome <=35 - 45 + // Webkit & Blink performance suffers when deleting properties + // from DOM nodes, so set to undefined instead + // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) + if ( owner.nodeType ) { + owner[ this.expando ] = undefined; + } else { + delete owner[ this.expando ]; + } + } + }, + hasData: function( owner ) { + var cache = owner[ this.expando ]; + return cache !== undefined && !jQuery.isEmptyObject( cache ); + } +}; +var dataPriv = new Data(); + +var dataUser = new Data(); + + + +// Implementation Summary +// +// 1. Enforce API surface and semantic compatibility with 1.9.x branch +// 2. Improve the module's maintainability by reducing the storage +// paths to a single mechanism. +// 3. Use the same single mechanism to support "private" and "user" data. +// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) +// 5. Avoid exposing implementation details on user objects (eg. expando properties) +// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 + +var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, + rmultiDash = /[A-Z]/g; + +function getData( data ) { + if ( data === "true" ) { + return true; + } + + if ( data === "false" ) { + return false; + } + + if ( data === "null" ) { + return null; + } + + // Only convert to a number if it doesn't change the string + if ( data === +data + "" ) { + return +data; + } + + if ( rbrace.test( data ) ) { + return JSON.parse( data ); + } + + return data; +} + +function dataAttr( elem, key, data ) { + var name; + + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = getData( data ); + } catch ( e ) {} + + // Make sure we set the data so it isn't changed later + dataUser.set( elem, key, data ); + } else { + data = undefined; + } + } + return data; +} + +jQuery.extend( { + hasData: function( elem ) { + return dataUser.hasData( elem ) || dataPriv.hasData( elem ); + }, + + data: function( elem, name, data ) { + return dataUser.access( elem, name, data ); + }, + + removeData: function( elem, name ) { + dataUser.remove( elem, name ); + }, + + // TODO: Now that all calls to _data and _removeData have been replaced + // with direct calls to dataPriv methods, these can be deprecated. + _data: function( elem, name, data ) { + return dataPriv.access( elem, name, data ); + }, + + _removeData: function( elem, name ) { + dataPriv.remove( elem, name ); + } +} ); + +jQuery.fn.extend( { + data: function( key, value ) { + var i, name, data, + elem = this[ 0 ], + attrs = elem && elem.attributes; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = dataUser.get( elem ); + + if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { + i = attrs.length; + while ( i-- ) { + + // Support: IE 11 only + // The attrs elements can be null (#14894) + if ( attrs[ i ] ) { + name = attrs[ i ].name; + if ( name.indexOf( "data-" ) === 0 ) { + name = camelCase( name.slice( 5 ) ); + dataAttr( elem, name, data[ name ] ); + } + } + } + dataPriv.set( elem, "hasDataAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each( function() { + dataUser.set( this, key ); + } ); + } + + return access( this, function( value ) { + var data; + + // The calling jQuery object (element matches) is not empty + // (and therefore has an element appears at this[ 0 ]) and the + // `value` parameter was not undefined. An empty jQuery object + // will result in `undefined` for elem = this[ 0 ] which will + // throw an exception if an attempt to read a data cache is made. + if ( elem && value === undefined ) { + + // Attempt to get data from the cache + // The key will always be camelCased in Data + data = dataUser.get( elem, key ); + if ( data !== undefined ) { + return data; + } + + // Attempt to "discover" the data in + // HTML5 custom data-* attrs + data = dataAttr( elem, key ); + if ( data !== undefined ) { + return data; + } + + // We tried really hard, but the data doesn't exist. + return; + } + + // Set the data... + this.each( function() { + + // We always store the camelCased key + dataUser.set( this, key, value ); + } ); + }, null, value, arguments.length > 1, null, true ); + }, + + removeData: function( key ) { + return this.each( function() { + dataUser.remove( this, key ); + } ); + } +} ); + + +jQuery.extend( { + queue: function( elem, type, data ) { + var queue; + + if ( elem ) { + type = ( type || "fx" ) + "queue"; + queue = dataPriv.get( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !queue || Array.isArray( data ) ) { + queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); + } else { + queue.push( data ); + } + } + return queue || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + startLength = queue.length, + fn = queue.shift(), + hooks = jQuery._queueHooks( elem, type ), + next = function() { + jQuery.dequeue( elem, type ); + }; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + startLength--; + } + + if ( fn ) { + + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + // Clear up the last queue stop function + delete hooks.stop; + fn.call( elem, next, hooks ); + } + + if ( !startLength && hooks ) { + hooks.empty.fire(); + } + }, + + // Not public - generate a queueHooks object, or return the current one + _queueHooks: function( elem, type ) { + var key = type + "queueHooks"; + return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { + empty: jQuery.Callbacks( "once memory" ).add( function() { + dataPriv.remove( elem, [ type + "queue", key ] ); + } ) + } ); + } +} ); + +jQuery.fn.extend( { + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[ 0 ], type ); + } + + return data === undefined ? + this : + this.each( function() { + var queue = jQuery.queue( this, type, data ); + + // Ensure a hooks for this queue + jQuery._queueHooks( this, type ); + + if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + } ); + }, + dequeue: function( type ) { + return this.each( function() { + jQuery.dequeue( this, type ); + } ); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, obj ) { + var tmp, + count = 1, + defer = jQuery.Deferred(), + elements = this, + i = this.length, + resolve = function() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + }; + + if ( typeof type !== "string" ) { + obj = type; + type = undefined; + } + type = type || "fx"; + + while ( i-- ) { + tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); + if ( tmp && tmp.empty ) { + count++; + tmp.empty.add( resolve ); + } + } + resolve(); + return defer.promise( obj ); + } +} ); +var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; + +var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); + + +var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; + +var documentElement = document.documentElement; + + + + var isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ); + }, + composed = { composed: true }; + + // Support: IE 9 - 11+, Edge 12 - 18+, iOS 10.0 - 10.2 only + // Check attachment across shadow DOM boundaries when possible (gh-3504) + // Support: iOS 10.0-10.2 only + // Early iOS 10 versions support `attachShadow` but not `getRootNode`, + // leading to errors. We need to check for `getRootNode`. + if ( documentElement.getRootNode ) { + isAttached = function( elem ) { + return jQuery.contains( elem.ownerDocument, elem ) || + elem.getRootNode( composed ) === elem.ownerDocument; + }; + } +var isHiddenWithinTree = function( elem, el ) { + + // isHiddenWithinTree might be called from jQuery#filter function; + // in that case, element will be second argument + elem = el || elem; + + // Inline style trumps all + return elem.style.display === "none" || + elem.style.display === "" && + + // Otherwise, check computed style + // Support: Firefox <=43 - 45 + // Disconnected elements can have computed display: none, so first confirm that elem is + // in the document. + isAttached( elem ) && + + jQuery.css( elem, "display" ) === "none"; + }; + + + +function adjustCSS( elem, prop, valueParts, tween ) { + var adjusted, scale, + maxIterations = 20, + currentValue = tween ? + function() { + return tween.cur(); + } : + function() { + return jQuery.css( elem, prop, "" ); + }, + initial = currentValue(), + unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), + + // Starting value computation is required for potential unit mismatches + initialInUnit = elem.nodeType && + ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && + rcssNum.exec( jQuery.css( elem, prop ) ); + + if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { + + // Support: Firefox <=54 + // Halve the iteration target value to prevent interference from CSS upper bounds (gh-2144) + initial = initial / 2; + + // Trust units reported by jQuery.css + unit = unit || initialInUnit[ 3 ]; + + // Iteratively approximate from a nonzero starting point + initialInUnit = +initial || 1; + + while ( maxIterations-- ) { + + // Evaluate and update our best guess (doubling guesses that zero out). + // Finish if the scale equals or crosses 1 (making the old*new product non-positive). + jQuery.style( elem, prop, initialInUnit + unit ); + if ( ( 1 - scale ) * ( 1 - ( scale = currentValue() / initial || 0.5 ) ) <= 0 ) { + maxIterations = 0; + } + initialInUnit = initialInUnit / scale; + + } + + initialInUnit = initialInUnit * 2; + jQuery.style( elem, prop, initialInUnit + unit ); + + // Make sure we update the tween properties later on + valueParts = valueParts || []; + } + + if ( valueParts ) { + initialInUnit = +initialInUnit || +initial || 0; + + // Apply relative offset (+=/-=) if specified + adjusted = valueParts[ 1 ] ? + initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : + +valueParts[ 2 ]; + if ( tween ) { + tween.unit = unit; + tween.start = initialInUnit; + tween.end = adjusted; + } + } + return adjusted; +} + + +var defaultDisplayMap = {}; + +function getDefaultDisplay( elem ) { + var temp, + doc = elem.ownerDocument, + nodeName = elem.nodeName, + display = defaultDisplayMap[ nodeName ]; + + if ( display ) { + return display; + } + + temp = doc.body.appendChild( doc.createElement( nodeName ) ); + display = jQuery.css( temp, "display" ); + + temp.parentNode.removeChild( temp ); + + if ( display === "none" ) { + display = "block"; + } + defaultDisplayMap[ nodeName ] = display; + + return display; +} + +function showHide( elements, show ) { + var display, elem, + values = [], + index = 0, + length = elements.length; + + // Determine new display value for elements that need to change + for ( ; index < length; index++ ) { + elem = elements[ index ]; + if ( !elem.style ) { + continue; + } + + display = elem.style.display; + if ( show ) { + + // Since we force visibility upon cascade-hidden elements, an immediate (and slow) + // check is required in this first loop unless we have a nonempty display value (either + // inline or about-to-be-restored) + if ( display === "none" ) { + values[ index ] = dataPriv.get( elem, "display" ) || null; + if ( !values[ index ] ) { + elem.style.display = ""; + } + } + if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { + values[ index ] = getDefaultDisplay( elem ); + } + } else { + if ( display !== "none" ) { + values[ index ] = "none"; + + // Remember what we're overwriting + dataPriv.set( elem, "display", display ); + } + } + } + + // Set the display of the elements in a second loop to avoid constant reflow + for ( index = 0; index < length; index++ ) { + if ( values[ index ] != null ) { + elements[ index ].style.display = values[ index ]; + } + } + + return elements; +} + +jQuery.fn.extend( { + show: function() { + return showHide( this, true ); + }, + hide: function() { + return showHide( this ); + }, + toggle: function( state ) { + if ( typeof state === "boolean" ) { + return state ? this.show() : this.hide(); + } + + return this.each( function() { + if ( isHiddenWithinTree( this ) ) { + jQuery( this ).show(); + } else { + jQuery( this ).hide(); + } + } ); + } +} ); +var rcheckableType = ( /^(?:checkbox|radio)$/i ); + +var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]*)/i ); + +var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i ); + + + +( function() { + var fragment = document.createDocumentFragment(), + div = fragment.appendChild( document.createElement( "div" ) ), + input = document.createElement( "input" ); + + // Support: Android 4.0 - 4.3 only + // Check state lost if the name is set (#11217) + // Support: Windows Web Apps (WWA) + // `name` and `type` must use .setAttribute for WWA (#14901) + input.setAttribute( "type", "radio" ); + input.setAttribute( "checked", "checked" ); + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + + // Support: Android <=4.1 only + // Older WebKit doesn't clone checked state correctly in fragments + support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Support: IE <=11 only + // Make sure textarea (and checkbox) defaultValue is properly cloned + div.innerHTML = ""; + support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; + + // Support: IE <=9 only + // IE <=9 replaces "; + support.option = !!div.lastChild; +} )(); + + +// We have to close these tags to support XHTML (#13200) +var wrapMap = { + + // XHTML parsers do not magically insert elements in the + // same way that tag soup parsers do. So we cannot shorten + // this by omitting or other required elements. + thead: [ 1, "", "
" ], + col: [ 2, "", "
" ], + tr: [ 2, "", "
" ], + td: [ 3, "", "
" ], + + _default: [ 0, "", "" ] +}; + +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + +// Support: IE <=9 only +if ( !support.option ) { + wrapMap.optgroup = wrapMap.option = [ 1, "" ]; +} + + +function getAll( context, tag ) { + + // Support: IE <=9 - 11 only + // Use typeof to avoid zero-argument method invocation on host objects (#15151) + var ret; + + if ( typeof context.getElementsByTagName !== "undefined" ) { + ret = context.getElementsByTagName( tag || "*" ); + + } else if ( typeof context.querySelectorAll !== "undefined" ) { + ret = context.querySelectorAll( tag || "*" ); + + } else { + ret = []; + } + + if ( tag === undefined || tag && nodeName( context, tag ) ) { + return jQuery.merge( [ context ], ret ); + } + + return ret; +} + + +// Mark scripts as having already been evaluated +function setGlobalEval( elems, refElements ) { + var i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + dataPriv.set( + elems[ i ], + "globalEval", + !refElements || dataPriv.get( refElements[ i ], "globalEval" ) + ); + } +} + + +var rhtml = /<|&#?\w+;/; + +function buildFragment( elems, context, scripts, selection, ignored ) { + var elem, tmp, tag, wrap, attached, j, + fragment = context.createDocumentFragment(), + nodes = [], + i = 0, + l = elems.length; + + for ( ; i < l; i++ ) { + elem = elems[ i ]; + + if ( elem || elem === 0 ) { + + // Add nodes directly + if ( toType( elem ) === "object" ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); + + // Convert non-html into a text node + } else if ( !rhtml.test( elem ) ) { + nodes.push( context.createTextNode( elem ) ); + + // Convert html into DOM nodes + } else { + tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); + + // Deserialize a standard representation + tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); + wrap = wrapMap[ tag ] || wrapMap._default; + tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; + + // Descend through wrappers to the right content + j = wrap[ 0 ]; + while ( j-- ) { + tmp = tmp.lastChild; + } + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( nodes, tmp.childNodes ); + + // Remember the top-level container + tmp = fragment.firstChild; + + // Ensure the created nodes are orphaned (#12392) + tmp.textContent = ""; + } + } + } + + // Remove wrapper from fragment + fragment.textContent = ""; + + i = 0; + while ( ( elem = nodes[ i++ ] ) ) { + + // Skip elements already in the context collection (trac-4087) + if ( selection && jQuery.inArray( elem, selection ) > -1 ) { + if ( ignored ) { + ignored.push( elem ); + } + continue; + } + + attached = isAttached( elem ); + + // Append to fragment + tmp = getAll( fragment.appendChild( elem ), "script" ); + + // Preserve script evaluation history + if ( attached ) { + setGlobalEval( tmp ); + } + + // Capture executables + if ( scripts ) { + j = 0; + while ( ( elem = tmp[ j++ ] ) ) { + if ( rscriptType.test( elem.type || "" ) ) { + scripts.push( elem ); + } + } + } + } + + return fragment; +} + + +var rtypenamespace = /^([^.]*)(?:\.(.+)|)/; + +function returnTrue() { + return true; +} + +function returnFalse() { + return false; +} + +// Support: IE <=9 - 11+ +// focus() and blur() are asynchronous, except when they are no-op. +// So expect focus to be synchronous when the element is already active, +// and blur to be synchronous when the element is not already active. +// (focus and blur are always synchronous in other supported browsers, +// this just defines when we can count on it). +function expectSync( elem, type ) { + return ( elem === safeActiveElement() ) === ( type === "focus" ); +} + +// Support: IE <=9 only +// Accessing document.activeElement can throw unexpectedly +// https://bugs.jquery.com/ticket/13393 +function safeActiveElement() { + try { + return document.activeElement; + } catch ( err ) { } +} + +function on( elem, types, selector, data, fn, one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { + + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + on( elem, type, selector, data, types[ type ], one ); + } + return elem; + } + + if ( data == null && fn == null ) { + + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return elem; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return elem.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + } ); +} + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + global: {}, + + add: function( elem, types, handler, data, selector ) { + + var handleObjIn, eventHandle, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.get( elem ); + + // Only attach events to objects that accept data + if ( !acceptData( elem ) ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Ensure that invalid selectors throw exceptions at attach time + // Evaluate against documentElement in case elem is a non-element node (e.g., document) + if ( selector ) { + jQuery.find.matchesSelector( documentElement, selector ); + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + if ( !( events = elemData.events ) ) { + events = elemData.events = Object.create( null ); + } + if ( !( eventHandle = elemData.handle ) ) { + eventHandle = elemData.handle = function( e ) { + + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? + jQuery.event.dispatch.apply( elem, arguments ) : undefined; + }; + } + + // Handle multiple events separated by a space + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // There *must* be a type, no attaching namespace-only handlers + if ( !type ) { + continue; + } + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend( { + type: type, + origType: origType, + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + needsContext: selector && jQuery.expr.match.needsContext.test( selector ), + namespace: namespaces.join( "." ) + }, handleObjIn ); + + // Init the event handler queue if we're the first + if ( !( handlers = events[ type ] ) ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener if the special events handler returns false + if ( !special.setup || + special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + }, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var j, origCount, tmp, + events, t, handleObj, + special, handlers, type, namespaces, origType, + elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); + + if ( !elemData || !( events = elemData.events ) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; + t = types.length; + while ( t-- ) { + tmp = rtypenamespace.exec( types[ t ] ) || []; + type = origType = tmp[ 1 ]; + namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector ? special.delegateType : special.bindType ) || type; + handlers = events[ type ] || []; + tmp = tmp[ 2 ] && + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); + + // Remove matching events + origCount = j = handlers.length; + while ( j-- ) { + handleObj = handlers[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !tmp || tmp.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || + selector === "**" && handleObj.selector ) ) { + handlers.splice( j, 1 ); + + if ( handleObj.selector ) { + handlers.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( origCount && !handlers.length ) { + if ( !special.teardown || + special.teardown.call( elem, namespaces, elemData.handle ) === false ) { + + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove data and the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + dataPriv.remove( elem, "handle events" ); + } + }, + + dispatch: function( nativeEvent ) { + + var i, j, ret, matched, handleObj, handlerQueue, + args = new Array( arguments.length ), + + // Make a writable jQuery.Event from the native event object + event = jQuery.event.fix( nativeEvent ), + + handlers = ( + dataPriv.get( this, "events" ) || Object.create( null ) + )[ event.type ] || [], + special = jQuery.event.special[ event.type ] || {}; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[ 0 ] = event; + + for ( i = 1; i < arguments.length; i++ ) { + args[ i ] = arguments[ i ]; + } + + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers + handlerQueue = jQuery.event.handlers.call( this, event, handlers ); + + // Run delegates first; they may want to stop propagation beneath us + i = 0; + while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { + event.currentTarget = matched.elem; + + j = 0; + while ( ( handleObj = matched.handlers[ j++ ] ) && + !event.isImmediatePropagationStopped() ) { + + // If the event is namespaced, then each handler is only invoked if it is + // specially universal or its namespaces are a superset of the event's. + if ( !event.rnamespace || handleObj.namespace === false || + event.rnamespace.test( handleObj.namespace ) ) { + + event.handleObj = handleObj; + event.data = handleObj.data; + + ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || + handleObj.handler ).apply( matched.elem, args ); + + if ( ret !== undefined ) { + if ( ( event.result = ret ) === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + handlers: function( event, handlers ) { + var i, handleObj, sel, matchedHandlers, matchedSelectors, + handlerQueue = [], + delegateCount = handlers.delegateCount, + cur = event.target; + + // Find delegate handlers + if ( delegateCount && + + // Support: IE <=9 + // Black-hole SVG instance trees (trac-13180) + cur.nodeType && + + // Support: Firefox <=42 + // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) + // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click + // Support: IE 11 only + // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) + !( event.type === "click" && event.button >= 1 ) ) { + + for ( ; cur !== this; cur = cur.parentNode || this ) { + + // Don't check non-elements (#13208) + // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) + if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { + matchedHandlers = []; + matchedSelectors = {}; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + + // Don't conflict with Object.prototype properties (#13203) + sel = handleObj.selector + " "; + + if ( matchedSelectors[ sel ] === undefined ) { + matchedSelectors[ sel ] = handleObj.needsContext ? + jQuery( sel, this ).index( cur ) > -1 : + jQuery.find( sel, this, null, [ cur ] ).length; + } + if ( matchedSelectors[ sel ] ) { + matchedHandlers.push( handleObj ); + } + } + if ( matchedHandlers.length ) { + handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); + } + } + } + } + + // Add the remaining (directly-bound) handlers + cur = this; + if ( delegateCount < handlers.length ) { + handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); + } + + return handlerQueue; + }, + + addProp: function( name, hook ) { + Object.defineProperty( jQuery.Event.prototype, name, { + enumerable: true, + configurable: true, + + get: isFunction( hook ) ? + function() { + if ( this.originalEvent ) { + return hook( this.originalEvent ); + } + } : + function() { + if ( this.originalEvent ) { + return this.originalEvent[ name ]; + } + }, + + set: function( value ) { + Object.defineProperty( this, name, { + enumerable: true, + configurable: true, + writable: true, + value: value + } ); + } + } ); + }, + + fix: function( originalEvent ) { + return originalEvent[ jQuery.expando ] ? + originalEvent : + new jQuery.Event( originalEvent ); + }, + + special: { + load: { + + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + click: { + + // Utilize native event to ensure correct state for checkable inputs + setup: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Claim the first handler + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + // dataPriv.set( el, "click", ... ) + leverageNative( el, "click", returnTrue ); + } + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function( data ) { + + // For mutual compressibility with _default, replace `this` access with a local var. + // `|| data` is dead code meant only to preserve the variable through minification. + var el = this || data; + + // Force setup before triggering a click + if ( rcheckableType.test( el.type ) && + el.click && nodeName( el, "input" ) ) { + + leverageNative( el, "click" ); + } + + // Return non-false to allow normal event-path propagation + return true; + }, + + // For cross-browser consistency, suppress native .click() on links + // Also prevent it if we're currently inside a leveraged native-event stack + _default: function( event ) { + var target = event.target; + return rcheckableType.test( target.type ) && + target.click && nodeName( target, "input" ) && + dataPriv.get( target, "click" ) || + nodeName( target, "a" ); + } + }, + + beforeunload: { + postDispatch: function( event ) { + + // Support: Firefox 20+ + // Firefox doesn't alert if the returnValue field is not set. + if ( event.result !== undefined && event.originalEvent ) { + event.originalEvent.returnValue = event.result; + } + } + } + } +}; + +// Ensure the presence of an event listener that handles manually-triggered +// synthetic events by interrupting progress until reinvoked in response to +// *native* events that it fires directly, ensuring that state changes have +// already occurred before other listeners are invoked. +function leverageNative( el, type, expectSync ) { + + // Missing expectSync indicates a trigger call, which must force setup through jQuery.event.add + if ( !expectSync ) { + if ( dataPriv.get( el, type ) === undefined ) { + jQuery.event.add( el, type, returnTrue ); + } + return; + } + + // Register the controller as a special universal handler for all event namespaces + dataPriv.set( el, type, false ); + jQuery.event.add( el, type, { + namespace: false, + handler: function( event ) { + var notAsync, result, + saved = dataPriv.get( this, type ); + + if ( ( event.isTrigger & 1 ) && this[ type ] ) { + + // Interrupt processing of the outer synthetic .trigger()ed event + // Saved data should be false in such cases, but might be a leftover capture object + // from an async native handler (gh-4350) + if ( !saved.length ) { + + // Store arguments for use when handling the inner native event + // There will always be at least one argument (an event object), so this array + // will not be confused with a leftover capture object. + saved = slice.call( arguments ); + dataPriv.set( this, type, saved ); + + // Trigger the native event and capture its result + // Support: IE <=9 - 11+ + // focus() and blur() are asynchronous + notAsync = expectSync( this, type ); + this[ type ](); + result = dataPriv.get( this, type ); + if ( saved !== result || notAsync ) { + dataPriv.set( this, type, false ); + } else { + result = {}; + } + if ( saved !== result ) { + + // Cancel the outer synthetic event + event.stopImmediatePropagation(); + event.preventDefault(); + + // Support: Chrome 86+ + // In Chrome, if an element having a focusout handler is blurred by + // clicking outside of it, it invokes the handler synchronously. If + // that handler calls `.remove()` on the element, the data is cleared, + // leaving `result` undefined. We need to guard against this. + return result && result.value; + } + + // If this is an inner synthetic event for an event with a bubbling surrogate + // (focus or blur), assume that the surrogate already propagated from triggering the + // native event and prevent that from happening again here. + // This technically gets the ordering wrong w.r.t. to `.trigger()` (in which the + // bubbling surrogate propagates *after* the non-bubbling base), but that seems + // less bad than duplication. + } else if ( ( jQuery.event.special[ type ] || {} ).delegateType ) { + event.stopPropagation(); + } + + // If this is a native event triggered above, everything is now in order + // Fire an inner synthetic event with the original arguments + } else if ( saved.length ) { + + // ...and capture the result + dataPriv.set( this, type, { + value: jQuery.event.trigger( + + // Support: IE <=9 - 11+ + // Extend with the prototype to reset the above stopImmediatePropagation() + jQuery.extend( saved[ 0 ], jQuery.Event.prototype ), + saved.slice( 1 ), + this + ) + } ); + + // Abort handling of the native event + event.stopImmediatePropagation(); + } + } + } ); +} + +jQuery.removeEvent = function( elem, type, handle ) { + + // This "if" is needed for plain objects + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle ); + } +}; + +jQuery.Event = function( src, props ) { + + // Allow instantiation without the 'new' keyword + if ( !( this instanceof jQuery.Event ) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = src.defaultPrevented || + src.defaultPrevented === undefined && + + // Support: Android <=2.3 only + src.returnValue === false ? + returnTrue : + returnFalse; + + // Create target properties + // Support: Safari <=6 - 7 only + // Target should not be a text node (#504, #13143) + this.target = ( src.target && src.target.nodeType === 3 ) ? + src.target.parentNode : + src.target; + + this.currentTarget = src.currentTarget; + this.relatedTarget = src.relatedTarget; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || Date.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + constructor: jQuery.Event, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse, + isSimulated: false, + + preventDefault: function() { + var e = this.originalEvent; + + this.isDefaultPrevented = returnTrue; + + if ( e && !this.isSimulated ) { + e.preventDefault(); + } + }, + stopPropagation: function() { + var e = this.originalEvent; + + this.isPropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopPropagation(); + } + }, + stopImmediatePropagation: function() { + var e = this.originalEvent; + + this.isImmediatePropagationStopped = returnTrue; + + if ( e && !this.isSimulated ) { + e.stopImmediatePropagation(); + } + + this.stopPropagation(); + } +}; + +// Includes all common event props including KeyEvent and MouseEvent specific props +jQuery.each( { + altKey: true, + bubbles: true, + cancelable: true, + changedTouches: true, + ctrlKey: true, + detail: true, + eventPhase: true, + metaKey: true, + pageX: true, + pageY: true, + shiftKey: true, + view: true, + "char": true, + code: true, + charCode: true, + key: true, + keyCode: true, + button: true, + buttons: true, + clientX: true, + clientY: true, + offsetX: true, + offsetY: true, + pointerId: true, + pointerType: true, + screenX: true, + screenY: true, + targetTouches: true, + toElement: true, + touches: true, + which: true +}, jQuery.event.addProp ); + +jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) { + jQuery.event.special[ type ] = { + + // Utilize native event if possible so blur/focus sequence is correct + setup: function() { + + // Claim the first handler + // dataPriv.set( this, "focus", ... ) + // dataPriv.set( this, "blur", ... ) + leverageNative( this, type, expectSync ); + + // Return false to allow normal processing in the caller + return false; + }, + trigger: function() { + + // Force setup before trigger + leverageNative( this, type ); + + // Return non-false to allow normal event-path propagation + return true; + }, + + // Suppress native focus or blur as it's already being fired + // in leverageNative. + _default: function() { + return true; + }, + + delegateType: delegateType + }; +} ); + +// Create mouseenter/leave events using mouseover/out and event-time checks +// so that event delegation works in jQuery. +// Do the same for pointerenter/pointerleave and pointerover/pointerout +// +// Support: Safari 7 only +// Safari sends mouseenter too often; see: +// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 +// for the description of the bug (it existed in older Chrome versions as well). +jQuery.each( { + mouseenter: "mouseover", + mouseleave: "mouseout", + pointerenter: "pointerover", + pointerleave: "pointerout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var ret, + target = this, + related = event.relatedTarget, + handleObj = event.handleObj; + + // For mouseenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +} ); + +jQuery.fn.extend( { + + on: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn ); + }, + one: function( types, selector, data, fn ) { + return on( this, types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + var handleObj, type; + if ( types && types.preventDefault && types.handleObj ) { + + // ( event ) dispatched jQuery.Event + handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? + handleObj.origType + "." + handleObj.namespace : + handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + + // ( types-object [, selector] ) + for ( type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each( function() { + jQuery.event.remove( this, types, fn, selector ); + } ); + } +} ); + + +var + + // Support: IE <=10 - 11, Edge 12 - 13 only + // In IE/Edge using regex groups here causes severe slowdowns. + // See https://connect.microsoft.com/IE/feedback/details/1736512/ + rnoInnerhtml = /\s*$/g; + +// Prefer a tbody over its parent table for containing new rows +function manipulationTarget( elem, content ) { + if ( nodeName( elem, "table" ) && + nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { + + return jQuery( elem ).children( "tbody" )[ 0 ] || elem; + } + + return elem; +} + +// Replace/restore the type attribute of script elements for safe DOM manipulation +function disableScript( elem ) { + elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; + return elem; +} +function restoreScript( elem ) { + if ( ( elem.type || "" ).slice( 0, 5 ) === "true/" ) { + elem.type = elem.type.slice( 5 ); + } else { + elem.removeAttribute( "type" ); + } + + return elem; +} + +function cloneCopyEvent( src, dest ) { + var i, l, type, pdataOld, udataOld, udataCur, events; + + if ( dest.nodeType !== 1 ) { + return; + } + + // 1. Copy private data: events, handlers, etc. + if ( dataPriv.hasData( src ) ) { + pdataOld = dataPriv.get( src ); + events = pdataOld.events; + + if ( events ) { + dataPriv.remove( dest, "handle events" ); + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + } + + // 2. Copy user data + if ( dataUser.hasData( src ) ) { + udataOld = dataUser.access( src ); + udataCur = jQuery.extend( {}, udataOld ); + + dataUser.set( dest, udataCur ); + } +} + +// Fix IE bugs, see support tests +function fixInput( src, dest ) { + var nodeName = dest.nodeName.toLowerCase(); + + // Fails to persist the checked state of a cloned checkbox or radio button. + if ( nodeName === "input" && rcheckableType.test( src.type ) ) { + dest.checked = src.checked; + + // Fails to return the selected option to the default selected state when cloning options + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + } +} + +function domManip( collection, args, callback, ignored ) { + + // Flatten any nested arrays + args = flat( args ); + + var fragment, first, scripts, hasScripts, node, doc, + i = 0, + l = collection.length, + iNoClone = l - 1, + value = args[ 0 ], + valueIsFunction = isFunction( value ); + + // We can't cloneNode fragments that contain checked, in WebKit + if ( valueIsFunction || + ( l > 1 && typeof value === "string" && + !support.checkClone && rchecked.test( value ) ) ) { + return collection.each( function( index ) { + var self = collection.eq( index ); + if ( valueIsFunction ) { + args[ 0 ] = value.call( this, index, self.html() ); + } + domManip( self, args, callback, ignored ); + } ); + } + + if ( l ) { + fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); + first = fragment.firstChild; + + if ( fragment.childNodes.length === 1 ) { + fragment = first; + } + + // Require either new content or an interest in ignored elements to invoke the callback + if ( first || ignored ) { + scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); + hasScripts = scripts.length; + + // Use the original fragment for the last item + // instead of the first because it can end up + // being emptied incorrectly in certain situations (#8070). + for ( ; i < l; i++ ) { + node = fragment; + + if ( i !== iNoClone ) { + node = jQuery.clone( node, true, true ); + + // Keep references to cloned scripts for later restoration + if ( hasScripts ) { + + // Support: Android <=4.0 only, PhantomJS 1 only + // push.apply(_, arraylike) throws on ancient WebKit + jQuery.merge( scripts, getAll( node, "script" ) ); + } + } + + callback.call( collection[ i ], node, i ); + } + + if ( hasScripts ) { + doc = scripts[ scripts.length - 1 ].ownerDocument; + + // Reenable scripts + jQuery.map( scripts, restoreScript ); + + // Evaluate executable scripts on first document insertion + for ( i = 0; i < hasScripts; i++ ) { + node = scripts[ i ]; + if ( rscriptType.test( node.type || "" ) && + !dataPriv.access( node, "globalEval" ) && + jQuery.contains( doc, node ) ) { + + if ( node.src && ( node.type || "" ).toLowerCase() !== "module" ) { + + // Optional AJAX dependency, but won't run scripts if not present + if ( jQuery._evalUrl && !node.noModule ) { + jQuery._evalUrl( node.src, { + nonce: node.nonce || node.getAttribute( "nonce" ) + }, doc ); + } + } else { + DOMEval( node.textContent.replace( rcleanScript, "" ), node, doc ); + } + } + } + } + } + } + + return collection; +} + +function remove( elem, selector, keepData ) { + var node, + nodes = selector ? jQuery.filter( selector, elem ) : elem, + i = 0; + + for ( ; ( node = nodes[ i ] ) != null; i++ ) { + if ( !keepData && node.nodeType === 1 ) { + jQuery.cleanData( getAll( node ) ); + } + + if ( node.parentNode ) { + if ( keepData && isAttached( node ) ) { + setGlobalEval( getAll( node, "script" ) ); + } + node.parentNode.removeChild( node ); + } + } + + return elem; +} + +jQuery.extend( { + htmlPrefilter: function( html ) { + return html; + }, + + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var i, l, srcElements, destElements, + clone = elem.cloneNode( true ), + inPage = isAttached( elem ); + + // Fix IE cloning issues + if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && + !jQuery.isXMLDoc( elem ) ) { + + // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 + destElements = getAll( clone ); + srcElements = getAll( elem ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + fixInput( srcElements[ i ], destElements[ i ] ); + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + if ( deepDataAndEvents ) { + srcElements = srcElements || getAll( elem ); + destElements = destElements || getAll( clone ); + + for ( i = 0, l = srcElements.length; i < l; i++ ) { + cloneCopyEvent( srcElements[ i ], destElements[ i ] ); + } + } else { + cloneCopyEvent( elem, clone ); + } + } + + // Preserve script evaluation history + destElements = getAll( clone, "script" ); + if ( destElements.length > 0 ) { + setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); + } + + // Return the cloned set + return clone; + }, + + cleanData: function( elems ) { + var data, elem, type, + special = jQuery.event.special, + i = 0; + + for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { + if ( acceptData( elem ) ) { + if ( ( data = elem[ dataPriv.expando ] ) ) { + if ( data.events ) { + for ( type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + } + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataPriv.expando ] = undefined; + } + if ( elem[ dataUser.expando ] ) { + + // Support: Chrome <=35 - 45+ + // Assign undefined instead of using delete, see Data#remove + elem[ dataUser.expando ] = undefined; + } + } + } + } +} ); + +jQuery.fn.extend( { + detach: function( selector ) { + return remove( this, selector, true ); + }, + + remove: function( selector ) { + return remove( this, selector ); + }, + + text: function( value ) { + return access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().each( function() { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + this.textContent = value; + } + } ); + }, null, value, arguments.length ); + }, + + append: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.appendChild( elem ); + } + } ); + }, + + prepend: function() { + return domManip( this, arguments, function( elem ) { + if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { + var target = manipulationTarget( this, elem ); + target.insertBefore( elem, target.firstChild ); + } + } ); + }, + + before: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this ); + } + } ); + }, + + after: function() { + return domManip( this, arguments, function( elem ) { + if ( this.parentNode ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + } + } ); + }, + + empty: function() { + var elem, + i = 0; + + for ( ; ( elem = this[ i ] ) != null; i++ ) { + if ( elem.nodeType === 1 ) { + + // Prevent memory leaks + jQuery.cleanData( getAll( elem, false ) ); + + // Remove any remaining nodes + elem.textContent = ""; + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function() { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + } ); + }, + + html: function( value ) { + return access( this, function( value ) { + var elem = this[ 0 ] || {}, + i = 0, + l = this.length; + + if ( value === undefined && elem.nodeType === 1 ) { + return elem.innerHTML; + } + + // See if we can take a shortcut and just use innerHTML + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { + + value = jQuery.htmlPrefilter( value ); + + try { + for ( ; i < l; i++ ) { + elem = this[ i ] || {}; + + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( getAll( elem, false ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch ( e ) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function() { + var ignored = []; + + // Make the changes, replacing each non-ignored context element with the new content + return domManip( this, arguments, function( elem ) { + var parent = this.parentNode; + + if ( jQuery.inArray( this, ignored ) < 0 ) { + jQuery.cleanData( getAll( this ) ); + if ( parent ) { + parent.replaceChild( elem, this ); + } + } + + // Force callback invocation + }, ignored ); + } +} ); + +jQuery.each( { + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var elems, + ret = [], + insert = jQuery( selector ), + last = insert.length - 1, + i = 0; + + for ( ; i <= last; i++ ) { + elems = i === last ? this : this.clone( true ); + jQuery( insert[ i ] )[ original ]( elems ); + + // Support: Android <=4.0 only, PhantomJS 1 only + // .get() because push.apply(_, arraylike) throws on ancient WebKit + push.apply( ret, elems.get() ); + } + + return this.pushStack( ret ); + }; +} ); +var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); + +var getStyles = function( elem ) { + + // Support: IE <=11 only, Firefox <=30 (#15098, #14150) + // IE throws on elements created in popups + // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" + var view = elem.ownerDocument.defaultView; + + if ( !view || !view.opener ) { + view = window; + } + + return view.getComputedStyle( elem ); + }; + +var swap = function( elem, options, callback ) { + var ret, name, + old = {}; + + // Remember the old values, and insert the new ones + for ( name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + ret = callback.call( elem ); + + // Revert the old values + for ( name in options ) { + elem.style[ name ] = old[ name ]; + } + + return ret; +}; + + +var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" ); + + + +( function() { + + // Executing both pixelPosition & boxSizingReliable tests require only one layout + // so they're executed at the same time to save the second computation. + function computeStyleTests() { + + // This is a singleton, we need to execute it only once + if ( !div ) { + return; + } + + container.style.cssText = "position:absolute;left:-11111px;width:60px;" + + "margin-top:1px;padding:0;border:0"; + div.style.cssText = + "position:relative;display:block;box-sizing:border-box;overflow:scroll;" + + "margin:auto;border:1px;padding:1px;" + + "width:60%;top:1%"; + documentElement.appendChild( container ).appendChild( div ); + + var divStyle = window.getComputedStyle( div ); + pixelPositionVal = divStyle.top !== "1%"; + + // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 + reliableMarginLeftVal = roundPixelMeasures( divStyle.marginLeft ) === 12; + + // Support: Android 4.0 - 4.3 only, Safari <=9.1 - 10.1, iOS <=7.0 - 9.3 + // Some styles come back with percentage values, even though they shouldn't + div.style.right = "60%"; + pixelBoxStylesVal = roundPixelMeasures( divStyle.right ) === 36; + + // Support: IE 9 - 11 only + // Detect misreporting of content dimensions for box-sizing:border-box elements + boxSizingReliableVal = roundPixelMeasures( divStyle.width ) === 36; + + // Support: IE 9 only + // Detect overflow:scroll screwiness (gh-3699) + // Support: Chrome <=64 + // Don't get tricked when zoom affects offsetWidth (gh-4029) + div.style.position = "absolute"; + scrollboxSizeVal = roundPixelMeasures( div.offsetWidth / 3 ) === 12; + + documentElement.removeChild( container ); + + // Nullify the div so it wouldn't be stored in the memory and + // it will also be a sign that checks already performed + div = null; + } + + function roundPixelMeasures( measure ) { + return Math.round( parseFloat( measure ) ); + } + + var pixelPositionVal, boxSizingReliableVal, scrollboxSizeVal, pixelBoxStylesVal, + reliableTrDimensionsVal, reliableMarginLeftVal, + container = document.createElement( "div" ), + div = document.createElement( "div" ); + + // Finish early in limited (non-browser) environments + if ( !div.style ) { + return; + } + + // Support: IE <=9 - 11 only + // Style of cloned element affects source element cloned (#8908) + div.style.backgroundClip = "content-box"; + div.cloneNode( true ).style.backgroundClip = ""; + support.clearCloneStyle = div.style.backgroundClip === "content-box"; + + jQuery.extend( support, { + boxSizingReliable: function() { + computeStyleTests(); + return boxSizingReliableVal; + }, + pixelBoxStyles: function() { + computeStyleTests(); + return pixelBoxStylesVal; + }, + pixelPosition: function() { + computeStyleTests(); + return pixelPositionVal; + }, + reliableMarginLeft: function() { + computeStyleTests(); + return reliableMarginLeftVal; + }, + scrollboxSize: function() { + computeStyleTests(); + return scrollboxSizeVal; + }, + + // Support: IE 9 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Behavior in IE 9 is more subtle than in newer versions & it passes + // some versions of this test; make sure not to make it pass there! + // + // Support: Firefox 70+ + // Only Firefox includes border widths + // in computed dimensions. (gh-4529) + reliableTrDimensions: function() { + var table, tr, trChild, trStyle; + if ( reliableTrDimensionsVal == null ) { + table = document.createElement( "table" ); + tr = document.createElement( "tr" ); + trChild = document.createElement( "div" ); + + table.style.cssText = "position:absolute;left:-11111px;border-collapse:separate"; + tr.style.cssText = "border:1px solid"; + + // Support: Chrome 86+ + // Height set through cssText does not get applied. + // Computed height then comes back as 0. + tr.style.height = "1px"; + trChild.style.height = "9px"; + + // Support: Android 8 Chrome 86+ + // In our bodyBackground.html iframe, + // display for all div elements is set to "inline", + // which causes a problem only in Android 8 Chrome 86. + // Ensuring the div is display: block + // gets around this issue. + trChild.style.display = "block"; + + documentElement + .appendChild( table ) + .appendChild( tr ) + .appendChild( trChild ); + + trStyle = window.getComputedStyle( tr ); + reliableTrDimensionsVal = ( parseInt( trStyle.height, 10 ) + + parseInt( trStyle.borderTopWidth, 10 ) + + parseInt( trStyle.borderBottomWidth, 10 ) ) === tr.offsetHeight; + + documentElement.removeChild( table ); + } + return reliableTrDimensionsVal; + } + } ); +} )(); + + +function curCSS( elem, name, computed ) { + var width, minWidth, maxWidth, ret, + + // Support: Firefox 51+ + // Retrieving style before computed somehow + // fixes an issue with getting wrong values + // on detached elements + style = elem.style; + + computed = computed || getStyles( elem ); + + // getPropertyValue is needed for: + // .css('filter') (IE 9 only, #12537) + // .css('--customProperty) (#3144) + if ( computed ) { + ret = computed.getPropertyValue( name ) || computed[ name ]; + + if ( ret === "" && !isAttached( elem ) ) { + ret = jQuery.style( elem, name ); + } + + // A tribute to the "awesome hack by Dean Edwards" + // Android Browser returns percentage for some values, + // but width seems to be reliably pixels. + // This is against the CSSOM draft spec: + // https://drafts.csswg.org/cssom/#resolved-values + if ( !support.pixelBoxStyles() && rnumnonpx.test( ret ) && rboxStyle.test( name ) ) { + + // Remember the original values + width = style.width; + minWidth = style.minWidth; + maxWidth = style.maxWidth; + + // Put in the new values to get a computed value out + style.minWidth = style.maxWidth = style.width = ret; + ret = computed.width; + + // Revert the changed values + style.width = width; + style.minWidth = minWidth; + style.maxWidth = maxWidth; + } + } + + return ret !== undefined ? + + // Support: IE <=9 - 11 only + // IE returns zIndex value as an integer. + ret + "" : + ret; +} + + +function addGetHookIf( conditionFn, hookFn ) { + + // Define the hook, we'll check on the first run if it's really needed. + return { + get: function() { + if ( conditionFn() ) { + + // Hook not needed (or it's not possible to use it due + // to missing dependency), remove it. + delete this.get; + return; + } + + // Hook needed; redefine it so that the support test is not executed again. + return ( this.get = hookFn ).apply( this, arguments ); + } + }; +} + + +var cssPrefixes = [ "Webkit", "Moz", "ms" ], + emptyStyle = document.createElement( "div" ).style, + vendorProps = {}; + +// Return a vendor-prefixed property or undefined +function vendorPropName( name ) { + + // Check for vendor prefixed names + var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), + i = cssPrefixes.length; + + while ( i-- ) { + name = cssPrefixes[ i ] + capName; + if ( name in emptyStyle ) { + return name; + } + } +} + +// Return a potentially-mapped jQuery.cssProps or vendor prefixed property +function finalPropName( name ) { + var final = jQuery.cssProps[ name ] || vendorProps[ name ]; + + if ( final ) { + return final; + } + if ( name in emptyStyle ) { + return name; + } + return vendorProps[ name ] = vendorPropName( name ) || name; +} + + +var + + // Swappable if display is none or starts with table + // except "table", "table-cell", or "table-caption" + // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display + rdisplayswap = /^(none|table(?!-c[ea]).+)/, + rcustomProp = /^--/, + cssShow = { position: "absolute", visibility: "hidden", display: "block" }, + cssNormalTransform = { + letterSpacing: "0", + fontWeight: "400" + }; + +function setPositiveNumber( _elem, value, subtract ) { + + // Any relative (+/-) values have already been + // normalized at this point + var matches = rcssNum.exec( value ); + return matches ? + + // Guard against undefined "subtract", e.g., when used as in cssHooks + Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : + value; +} + +function boxModelAdjustment( elem, dimension, box, isBorderBox, styles, computedVal ) { + var i = dimension === "width" ? 1 : 0, + extra = 0, + delta = 0; + + // Adjustment may not be necessary + if ( box === ( isBorderBox ? "border" : "content" ) ) { + return 0; + } + + for ( ; i < 4; i += 2 ) { + + // Both box models exclude margin + if ( box === "margin" ) { + delta += jQuery.css( elem, box + cssExpand[ i ], true, styles ); + } + + // If we get here with a content-box, we're seeking "padding" or "border" or "margin" + if ( !isBorderBox ) { + + // Add padding + delta += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + + // For "border" or "margin", add border + if ( box !== "padding" ) { + delta += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + + // But still keep track of it otherwise + } else { + extra += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + + // If we get here with a border-box (content + padding + border), we're seeking "content" or + // "padding" or "margin" + } else { + + // For "content", subtract padding + if ( box === "content" ) { + delta -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); + } + + // For "content" or "padding", subtract border + if ( box !== "margin" ) { + delta -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); + } + } + } + + // Account for positive content-box scroll gutter when requested by providing computedVal + if ( !isBorderBox && computedVal >= 0 ) { + + // offsetWidth/offsetHeight is a rounded sum of content, padding, scroll gutter, and border + // Assuming integer scroll gutter, subtract the rest and round down + delta += Math.max( 0, Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + computedVal - + delta - + extra - + 0.5 + + // If offsetWidth/offsetHeight is unknown, then we can't determine content-box scroll gutter + // Use an explicit zero to avoid NaN (gh-3964) + ) ) || 0; + } + + return delta; +} + +function getWidthOrHeight( elem, dimension, extra ) { + + // Start with computed style + var styles = getStyles( elem ), + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-4322). + // Fake content-box until we know it's needed to know the true value. + boxSizingNeeded = !support.boxSizingReliable() || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + valueIsBorderBox = isBorderBox, + + val = curCSS( elem, dimension, styles ), + offsetProp = "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ); + + // Support: Firefox <=54 + // Return a confounding non-pixel value or feign ignorance, as appropriate. + if ( rnumnonpx.test( val ) ) { + if ( !extra ) { + return val; + } + val = "auto"; + } + + + // Support: IE 9 - 11 only + // Use offsetWidth/offsetHeight for when box sizing is unreliable. + // In those cases, the computed value can be trusted to be border-box. + if ( ( !support.boxSizingReliable() && isBorderBox || + + // Support: IE 10 - 11+, Edge 15 - 18+ + // IE/Edge misreport `getComputedStyle` of table rows with width/height + // set in CSS while `offset*` properties report correct values. + // Interestingly, in some cases IE 9 doesn't suffer from this issue. + !support.reliableTrDimensions() && nodeName( elem, "tr" ) || + + // Fall back to offsetWidth/offsetHeight when value is "auto" + // This happens for inline elements with no explicit setting (gh-3571) + val === "auto" || + + // Support: Android <=4.1 - 4.3 only + // Also use offsetWidth/offsetHeight for misreported inline dimensions (gh-3602) + !parseFloat( val ) && jQuery.css( elem, "display", false, styles ) === "inline" ) && + + // Make sure the element is visible & connected + elem.getClientRects().length ) { + + isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; + + // Where available, offsetWidth/offsetHeight approximate border box dimensions. + // Where not available (e.g., SVG), assume unreliable box-sizing and interpret the + // retrieved value as a content box dimension. + valueIsBorderBox = offsetProp in elem; + if ( valueIsBorderBox ) { + val = elem[ offsetProp ]; + } + } + + // Normalize "" and auto + val = parseFloat( val ) || 0; + + // Adjust for the element's box model + return ( val + + boxModelAdjustment( + elem, + dimension, + extra || ( isBorderBox ? "border" : "content" ), + valueIsBorderBox, + styles, + + // Provide the current computed size to request scroll gutter calculation (gh-3589) + val + ) + ) + "px"; +} + +jQuery.extend( { + + // Add in style property hooks for overriding the default + // behavior of getting and setting a style property + cssHooks: { + opacity: { + get: function( elem, computed ) { + if ( computed ) { + + // We should always get a number back from opacity + var ret = curCSS( elem, "opacity" ); + return ret === "" ? "1" : ret; + } + } + } + }, + + // Don't automatically add "px" to these possibly-unitless properties + cssNumber: { + "animationIterationCount": true, + "columnCount": true, + "fillOpacity": true, + "flexGrow": true, + "flexShrink": true, + "fontWeight": true, + "gridArea": true, + "gridColumn": true, + "gridColumnEnd": true, + "gridColumnStart": true, + "gridRow": true, + "gridRowEnd": true, + "gridRowStart": true, + "lineHeight": true, + "opacity": true, + "order": true, + "orphans": true, + "widows": true, + "zIndex": true, + "zoom": true + }, + + // Add in properties whose names you wish to fix before + // setting or getting the value + cssProps: {}, + + // Get and set the style property on a DOM Node + style: function( elem, name, value, extra ) { + + // Don't set styles on text and comment nodes + if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { + return; + } + + // Make sure that we're working with the right name + var ret, type, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ), + style = elem.style; + + // Make sure that we're working with the right name. We don't + // want to query the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Gets hook for the prefixed version, then unprefixed version + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // Check if we're setting a value + if ( value !== undefined ) { + type = typeof value; + + // Convert "+=" or "-=" to relative numbers (#7345) + if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { + value = adjustCSS( elem, name, ret ); + + // Fixes bug #9237 + type = "number"; + } + + // Make sure that null and NaN values aren't set (#7116) + if ( value == null || value !== value ) { + return; + } + + // If a number was passed in, add the unit (except for certain CSS properties) + // The isCustomProp check can be removed in jQuery 4.0 when we only auto-append + // "px" to a few hardcoded values. + if ( type === "number" && !isCustomProp ) { + value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); + } + + // background-* props affect original clone's values + if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { + style[ name ] = "inherit"; + } + + // If a hook was provided, use that value, otherwise just set the specified value + if ( !hooks || !( "set" in hooks ) || + ( value = hooks.set( elem, value, extra ) ) !== undefined ) { + + if ( isCustomProp ) { + style.setProperty( name, value ); + } else { + style[ name ] = value; + } + } + + } else { + + // If a hook was provided get the non-computed value from there + if ( hooks && "get" in hooks && + ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { + + return ret; + } + + // Otherwise just get the value from the style object + return style[ name ]; + } + }, + + css: function( elem, name, extra, styles ) { + var val, num, hooks, + origName = camelCase( name ), + isCustomProp = rcustomProp.test( name ); + + // Make sure that we're working with the right name. We don't + // want to modify the value if it is a CSS custom property + // since they are user-defined. + if ( !isCustomProp ) { + name = finalPropName( origName ); + } + + // Try prefixed name followed by the unprefixed name + hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; + + // If a hook was provided get the computed value from there + if ( hooks && "get" in hooks ) { + val = hooks.get( elem, true, extra ); + } + + // Otherwise, if a way to get the computed value exists, use that + if ( val === undefined ) { + val = curCSS( elem, name, styles ); + } + + // Convert "normal" to computed value + if ( val === "normal" && name in cssNormalTransform ) { + val = cssNormalTransform[ name ]; + } + + // Make numeric if forced or a qualifier was provided and val looks numeric + if ( extra === "" || extra ) { + num = parseFloat( val ); + return extra === true || isFinite( num ) ? num || 0 : val; + } + + return val; + } +} ); + +jQuery.each( [ "height", "width" ], function( _i, dimension ) { + jQuery.cssHooks[ dimension ] = { + get: function( elem, computed, extra ) { + if ( computed ) { + + // Certain elements can have dimension info if we invisibly show them + // but it must have a current display style that would benefit + return rdisplayswap.test( jQuery.css( elem, "display" ) ) && + + // Support: Safari 8+ + // Table columns in Safari have non-zero offsetWidth & zero + // getBoundingClientRect().width unless display is changed. + // Support: IE <=11 only + // Running getBoundingClientRect on a disconnected node + // in IE throws an error. + ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? + swap( elem, cssShow, function() { + return getWidthOrHeight( elem, dimension, extra ); + } ) : + getWidthOrHeight( elem, dimension, extra ); + } + }, + + set: function( elem, value, extra ) { + var matches, + styles = getStyles( elem ), + + // Only read styles.position if the test has a chance to fail + // to avoid forcing a reflow. + scrollboxSizeBuggy = !support.scrollboxSize() && + styles.position === "absolute", + + // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-3991) + boxSizingNeeded = scrollboxSizeBuggy || extra, + isBorderBox = boxSizingNeeded && + jQuery.css( elem, "boxSizing", false, styles ) === "border-box", + subtract = extra ? + boxModelAdjustment( + elem, + dimension, + extra, + isBorderBox, + styles + ) : + 0; + + // Account for unreliable border-box dimensions by comparing offset* to computed and + // faking a content-box to get border and padding (gh-3699) + if ( isBorderBox && scrollboxSizeBuggy ) { + subtract -= Math.ceil( + elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - + parseFloat( styles[ dimension ] ) - + boxModelAdjustment( elem, dimension, "border", false, styles ) - + 0.5 + ); + } + + // Convert to pixels if value adjustment is needed + if ( subtract && ( matches = rcssNum.exec( value ) ) && + ( matches[ 3 ] || "px" ) !== "px" ) { + + elem.style[ dimension ] = value; + value = jQuery.css( elem, dimension ); + } + + return setPositiveNumber( elem, value, subtract ); + } + }; +} ); + +jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, + function( elem, computed ) { + if ( computed ) { + return ( parseFloat( curCSS( elem, "marginLeft" ) ) || + elem.getBoundingClientRect().left - + swap( elem, { marginLeft: 0 }, function() { + return elem.getBoundingClientRect().left; + } ) + ) + "px"; + } + } +); + +// These hooks are used by animate to expand properties +jQuery.each( { + margin: "", + padding: "", + border: "Width" +}, function( prefix, suffix ) { + jQuery.cssHooks[ prefix + suffix ] = { + expand: function( value ) { + var i = 0, + expanded = {}, + + // Assumes a single number if not a string + parts = typeof value === "string" ? value.split( " " ) : [ value ]; + + for ( ; i < 4; i++ ) { + expanded[ prefix + cssExpand[ i ] + suffix ] = + parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; + } + + return expanded; + } + }; + + if ( prefix !== "margin" ) { + jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; + } +} ); + +jQuery.fn.extend( { + css: function( name, value ) { + return access( this, function( elem, name, value ) { + var styles, len, + map = {}, + i = 0; + + if ( Array.isArray( name ) ) { + styles = getStyles( elem ); + len = name.length; + + for ( ; i < len; i++ ) { + map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); + } + + return map; + } + + return value !== undefined ? + jQuery.style( elem, name, value ) : + jQuery.css( elem, name ); + }, name, value, arguments.length > 1 ); + } +} ); + + +function Tween( elem, options, prop, end, easing ) { + return new Tween.prototype.init( elem, options, prop, end, easing ); +} +jQuery.Tween = Tween; + +Tween.prototype = { + constructor: Tween, + init: function( elem, options, prop, end, easing, unit ) { + this.elem = elem; + this.prop = prop; + this.easing = easing || jQuery.easing._default; + this.options = options; + this.start = this.now = this.cur(); + this.end = end; + this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); + }, + cur: function() { + var hooks = Tween.propHooks[ this.prop ]; + + return hooks && hooks.get ? + hooks.get( this ) : + Tween.propHooks._default.get( this ); + }, + run: function( percent ) { + var eased, + hooks = Tween.propHooks[ this.prop ]; + + if ( this.options.duration ) { + this.pos = eased = jQuery.easing[ this.easing ]( + percent, this.options.duration * percent, 0, 1, this.options.duration + ); + } else { + this.pos = eased = percent; + } + this.now = ( this.end - this.start ) * eased + this.start; + + if ( this.options.step ) { + this.options.step.call( this.elem, this.now, this ); + } + + if ( hooks && hooks.set ) { + hooks.set( this ); + } else { + Tween.propHooks._default.set( this ); + } + return this; + } +}; + +Tween.prototype.init.prototype = Tween.prototype; + +Tween.propHooks = { + _default: { + get: function( tween ) { + var result; + + // Use a property on the element directly when it is not a DOM element, + // or when there is no matching style property that exists. + if ( tween.elem.nodeType !== 1 || + tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { + return tween.elem[ tween.prop ]; + } + + // Passing an empty string as a 3rd parameter to .css will automatically + // attempt a parseFloat and fallback to a string if the parse fails. + // Simple values such as "10px" are parsed to Float; + // complex values such as "rotate(1rad)" are returned as-is. + result = jQuery.css( tween.elem, tween.prop, "" ); + + // Empty strings, null, undefined and "auto" are converted to 0. + return !result || result === "auto" ? 0 : result; + }, + set: function( tween ) { + + // Use step hook for back compat. + // Use cssHook if its there. + // Use .style if available and use plain properties where available. + if ( jQuery.fx.step[ tween.prop ] ) { + jQuery.fx.step[ tween.prop ]( tween ); + } else if ( tween.elem.nodeType === 1 && ( + jQuery.cssHooks[ tween.prop ] || + tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) { + jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); + } else { + tween.elem[ tween.prop ] = tween.now; + } + } + } +}; + +// Support: IE <=9 only +// Panic based approach to setting things on disconnected nodes +Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { + set: function( tween ) { + if ( tween.elem.nodeType && tween.elem.parentNode ) { + tween.elem[ tween.prop ] = tween.now; + } + } +}; + +jQuery.easing = { + linear: function( p ) { + return p; + }, + swing: function( p ) { + return 0.5 - Math.cos( p * Math.PI ) / 2; + }, + _default: "swing" +}; + +jQuery.fx = Tween.prototype.init; + +// Back compat <1.8 extension point +jQuery.fx.step = {}; + + + + +var + fxNow, inProgress, + rfxtypes = /^(?:toggle|show|hide)$/, + rrun = /queueHooks$/; + +function schedule() { + if ( inProgress ) { + if ( document.hidden === false && window.requestAnimationFrame ) { + window.requestAnimationFrame( schedule ); + } else { + window.setTimeout( schedule, jQuery.fx.interval ); + } + + jQuery.fx.tick(); + } +} + +// Animations created synchronously will run synchronously +function createFxNow() { + window.setTimeout( function() { + fxNow = undefined; + } ); + return ( fxNow = Date.now() ); +} + +// Generate parameters to create a standard animation +function genFx( type, includeWidth ) { + var which, + i = 0, + attrs = { height: type }; + + // If we include width, step value is 1 to do all cssExpand values, + // otherwise step value is 2 to skip over Left and Right + includeWidth = includeWidth ? 1 : 0; + for ( ; i < 4; i += 2 - includeWidth ) { + which = cssExpand[ i ]; + attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; + } + + if ( includeWidth ) { + attrs.opacity = attrs.width = type; + } + + return attrs; +} + +function createTween( value, prop, animation ) { + var tween, + collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), + index = 0, + length = collection.length; + for ( ; index < length; index++ ) { + if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { + + // We're done with this property + return tween; + } + } +} + +function defaultPrefilter( elem, props, opts ) { + var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, + isBox = "width" in props || "height" in props, + anim = this, + orig = {}, + style = elem.style, + hidden = elem.nodeType && isHiddenWithinTree( elem ), + dataShow = dataPriv.get( elem, "fxshow" ); + + // Queue-skipping animations hijack the fx hooks + if ( !opts.queue ) { + hooks = jQuery._queueHooks( elem, "fx" ); + if ( hooks.unqueued == null ) { + hooks.unqueued = 0; + oldfire = hooks.empty.fire; + hooks.empty.fire = function() { + if ( !hooks.unqueued ) { + oldfire(); + } + }; + } + hooks.unqueued++; + + anim.always( function() { + + // Ensure the complete handler is called before this completes + anim.always( function() { + hooks.unqueued--; + if ( !jQuery.queue( elem, "fx" ).length ) { + hooks.empty.fire(); + } + } ); + } ); + } + + // Detect show/hide animations + for ( prop in props ) { + value = props[ prop ]; + if ( rfxtypes.test( value ) ) { + delete props[ prop ]; + toggle = toggle || value === "toggle"; + if ( value === ( hidden ? "hide" : "show" ) ) { + + // Pretend to be hidden if this is a "show" and + // there is still data from a stopped show/hide + if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { + hidden = true; + + // Ignore all other no-op show/hide data + } else { + continue; + } + } + orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); + } + } + + // Bail out if this is a no-op like .hide().hide() + propTween = !jQuery.isEmptyObject( props ); + if ( !propTween && jQuery.isEmptyObject( orig ) ) { + return; + } + + // Restrict "overflow" and "display" styles during box animations + if ( isBox && elem.nodeType === 1 ) { + + // Support: IE <=9 - 11, Edge 12 - 15 + // Record all 3 overflow attributes because IE does not infer the shorthand + // from identically-valued overflowX and overflowY and Edge just mirrors + // the overflowX value there. + opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; + + // Identify a display type, preferring old show/hide data over the CSS cascade + restoreDisplay = dataShow && dataShow.display; + if ( restoreDisplay == null ) { + restoreDisplay = dataPriv.get( elem, "display" ); + } + display = jQuery.css( elem, "display" ); + if ( display === "none" ) { + if ( restoreDisplay ) { + display = restoreDisplay; + } else { + + // Get nonempty value(s) by temporarily forcing visibility + showHide( [ elem ], true ); + restoreDisplay = elem.style.display || restoreDisplay; + display = jQuery.css( elem, "display" ); + showHide( [ elem ] ); + } + } + + // Animate inline elements as inline-block + if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { + if ( jQuery.css( elem, "float" ) === "none" ) { + + // Restore the original display value at the end of pure show/hide animations + if ( !propTween ) { + anim.done( function() { + style.display = restoreDisplay; + } ); + if ( restoreDisplay == null ) { + display = style.display; + restoreDisplay = display === "none" ? "" : display; + } + } + style.display = "inline-block"; + } + } + } + + if ( opts.overflow ) { + style.overflow = "hidden"; + anim.always( function() { + style.overflow = opts.overflow[ 0 ]; + style.overflowX = opts.overflow[ 1 ]; + style.overflowY = opts.overflow[ 2 ]; + } ); + } + + // Implement show/hide animations + propTween = false; + for ( prop in orig ) { + + // General show/hide setup for this element animation + if ( !propTween ) { + if ( dataShow ) { + if ( "hidden" in dataShow ) { + hidden = dataShow.hidden; + } + } else { + dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); + } + + // Store hidden/visible for toggle so `.stop().toggle()` "reverses" + if ( toggle ) { + dataShow.hidden = !hidden; + } + + // Show elements before animating them + if ( hidden ) { + showHide( [ elem ], true ); + } + + /* eslint-disable no-loop-func */ + + anim.done( function() { + + /* eslint-enable no-loop-func */ + + // The final step of a "hide" animation is actually hiding the element + if ( !hidden ) { + showHide( [ elem ] ); + } + dataPriv.remove( elem, "fxshow" ); + for ( prop in orig ) { + jQuery.style( elem, prop, orig[ prop ] ); + } + } ); + } + + // Per-property setup + propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); + if ( !( prop in dataShow ) ) { + dataShow[ prop ] = propTween.start; + if ( hidden ) { + propTween.end = propTween.start; + propTween.start = 0; + } + } + } +} + +function propFilter( props, specialEasing ) { + var index, name, easing, value, hooks; + + // camelCase, specialEasing and expand cssHook pass + for ( index in props ) { + name = camelCase( index ); + easing = specialEasing[ name ]; + value = props[ index ]; + if ( Array.isArray( value ) ) { + easing = value[ 1 ]; + value = props[ index ] = value[ 0 ]; + } + + if ( index !== name ) { + props[ name ] = value; + delete props[ index ]; + } + + hooks = jQuery.cssHooks[ name ]; + if ( hooks && "expand" in hooks ) { + value = hooks.expand( value ); + delete props[ name ]; + + // Not quite $.extend, this won't overwrite existing keys. + // Reusing 'index' because we have the correct "name" + for ( index in value ) { + if ( !( index in props ) ) { + props[ index ] = value[ index ]; + specialEasing[ index ] = easing; + } + } + } else { + specialEasing[ name ] = easing; + } + } +} + +function Animation( elem, properties, options ) { + var result, + stopped, + index = 0, + length = Animation.prefilters.length, + deferred = jQuery.Deferred().always( function() { + + // Don't match elem in the :animated selector + delete tick.elem; + } ), + tick = function() { + if ( stopped ) { + return false; + } + var currentTime = fxNow || createFxNow(), + remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), + + // Support: Android 2.3 only + // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) + temp = remaining / animation.duration || 0, + percent = 1 - temp, + index = 0, + length = animation.tweens.length; + + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( percent ); + } + + deferred.notifyWith( elem, [ animation, percent, remaining ] ); + + // If there's more to do, yield + if ( percent < 1 && length ) { + return remaining; + } + + // If this was an empty animation, synthesize a final progress notification + if ( !length ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + } + + // Resolve the animation and report its conclusion + deferred.resolveWith( elem, [ animation ] ); + return false; + }, + animation = deferred.promise( { + elem: elem, + props: jQuery.extend( {}, properties ), + opts: jQuery.extend( true, { + specialEasing: {}, + easing: jQuery.easing._default + }, options ), + originalProperties: properties, + originalOptions: options, + startTime: fxNow || createFxNow(), + duration: options.duration, + tweens: [], + createTween: function( prop, end ) { + var tween = jQuery.Tween( elem, animation.opts, prop, end, + animation.opts.specialEasing[ prop ] || animation.opts.easing ); + animation.tweens.push( tween ); + return tween; + }, + stop: function( gotoEnd ) { + var index = 0, + + // If we are going to the end, we want to run all the tweens + // otherwise we skip this part + length = gotoEnd ? animation.tweens.length : 0; + if ( stopped ) { + return this; + } + stopped = true; + for ( ; index < length; index++ ) { + animation.tweens[ index ].run( 1 ); + } + + // Resolve when we played the last frame; otherwise, reject + if ( gotoEnd ) { + deferred.notifyWith( elem, [ animation, 1, 0 ] ); + deferred.resolveWith( elem, [ animation, gotoEnd ] ); + } else { + deferred.rejectWith( elem, [ animation, gotoEnd ] ); + } + return this; + } + } ), + props = animation.props; + + propFilter( props, animation.opts.specialEasing ); + + for ( ; index < length; index++ ) { + result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); + if ( result ) { + if ( isFunction( result.stop ) ) { + jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = + result.stop.bind( result ); + } + return result; + } + } + + jQuery.map( props, createTween, animation ); + + if ( isFunction( animation.opts.start ) ) { + animation.opts.start.call( elem, animation ); + } + + // Attach callbacks from options + animation + .progress( animation.opts.progress ) + .done( animation.opts.done, animation.opts.complete ) + .fail( animation.opts.fail ) + .always( animation.opts.always ); + + jQuery.fx.timer( + jQuery.extend( tick, { + elem: elem, + anim: animation, + queue: animation.opts.queue + } ) + ); + + return animation; +} + +jQuery.Animation = jQuery.extend( Animation, { + + tweeners: { + "*": [ function( prop, value ) { + var tween = this.createTween( prop, value ); + adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); + return tween; + } ] + }, + + tweener: function( props, callback ) { + if ( isFunction( props ) ) { + callback = props; + props = [ "*" ]; + } else { + props = props.match( rnothtmlwhite ); + } + + var prop, + index = 0, + length = props.length; + + for ( ; index < length; index++ ) { + prop = props[ index ]; + Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; + Animation.tweeners[ prop ].unshift( callback ); + } + }, + + prefilters: [ defaultPrefilter ], + + prefilter: function( callback, prepend ) { + if ( prepend ) { + Animation.prefilters.unshift( callback ); + } else { + Animation.prefilters.push( callback ); + } + } +} ); + +jQuery.speed = function( speed, easing, fn ) { + var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { + complete: fn || !fn && easing || + isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !isFunction( easing ) && easing + }; + + // Go to the end state if fx are off + if ( jQuery.fx.off ) { + opt.duration = 0; + + } else { + if ( typeof opt.duration !== "number" ) { + if ( opt.duration in jQuery.fx.speeds ) { + opt.duration = jQuery.fx.speeds[ opt.duration ]; + + } else { + opt.duration = jQuery.fx.speeds._default; + } + } + } + + // Normalize opt.queue - true/undefined/null -> "fx" + if ( opt.queue == null || opt.queue === true ) { + opt.queue = "fx"; + } + + // Queueing + opt.old = opt.complete; + + opt.complete = function() { + if ( isFunction( opt.old ) ) { + opt.old.call( this ); + } + + if ( opt.queue ) { + jQuery.dequeue( this, opt.queue ); + } + }; + + return opt; +}; + +jQuery.fn.extend( { + fadeTo: function( speed, to, easing, callback ) { + + // Show any hidden elements after setting opacity to 0 + return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() + + // Animate to the value specified + .end().animate( { opacity: to }, speed, easing, callback ); + }, + animate: function( prop, speed, easing, callback ) { + var empty = jQuery.isEmptyObject( prop ), + optall = jQuery.speed( speed, easing, callback ), + doAnimation = function() { + + // Operate on a copy of prop so per-property easing won't be lost + var anim = Animation( this, jQuery.extend( {}, prop ), optall ); + + // Empty animations, or finishing resolves immediately + if ( empty || dataPriv.get( this, "finish" ) ) { + anim.stop( true ); + } + }; + + doAnimation.finish = doAnimation; + + return empty || optall.queue === false ? + this.each( doAnimation ) : + this.queue( optall.queue, doAnimation ); + }, + stop: function( type, clearQueue, gotoEnd ) { + var stopQueue = function( hooks ) { + var stop = hooks.stop; + delete hooks.stop; + stop( gotoEnd ); + }; + + if ( typeof type !== "string" ) { + gotoEnd = clearQueue; + clearQueue = type; + type = undefined; + } + if ( clearQueue ) { + this.queue( type || "fx", [] ); + } + + return this.each( function() { + var dequeue = true, + index = type != null && type + "queueHooks", + timers = jQuery.timers, + data = dataPriv.get( this ); + + if ( index ) { + if ( data[ index ] && data[ index ].stop ) { + stopQueue( data[ index ] ); + } + } else { + for ( index in data ) { + if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { + stopQueue( data[ index ] ); + } + } + } + + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && + ( type == null || timers[ index ].queue === type ) ) { + + timers[ index ].anim.stop( gotoEnd ); + dequeue = false; + timers.splice( index, 1 ); + } + } + + // Start the next in the queue if the last step wasn't forced. + // Timers currently will call their complete callbacks, which + // will dequeue but only if they were gotoEnd. + if ( dequeue || !gotoEnd ) { + jQuery.dequeue( this, type ); + } + } ); + }, + finish: function( type ) { + if ( type !== false ) { + type = type || "fx"; + } + return this.each( function() { + var index, + data = dataPriv.get( this ), + queue = data[ type + "queue" ], + hooks = data[ type + "queueHooks" ], + timers = jQuery.timers, + length = queue ? queue.length : 0; + + // Enable finishing flag on private data + data.finish = true; + + // Empty the queue first + jQuery.queue( this, type, [] ); + + if ( hooks && hooks.stop ) { + hooks.stop.call( this, true ); + } + + // Look for any active animations, and finish them + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && timers[ index ].queue === type ) { + timers[ index ].anim.stop( true ); + timers.splice( index, 1 ); + } + } + + // Look for any animations in the old queue and finish them + for ( index = 0; index < length; index++ ) { + if ( queue[ index ] && queue[ index ].finish ) { + queue[ index ].finish.call( this ); + } + } + + // Turn off finishing flag + delete data.finish; + } ); + } +} ); + +jQuery.each( [ "toggle", "show", "hide" ], function( _i, name ) { + var cssFn = jQuery.fn[ name ]; + jQuery.fn[ name ] = function( speed, easing, callback ) { + return speed == null || typeof speed === "boolean" ? + cssFn.apply( this, arguments ) : + this.animate( genFx( name, true ), speed, easing, callback ); + }; +} ); + +// Generate shortcuts for custom animations +jQuery.each( { + slideDown: genFx( "show" ), + slideUp: genFx( "hide" ), + slideToggle: genFx( "toggle" ), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" }, + fadeToggle: { opacity: "toggle" } +}, function( name, props ) { + jQuery.fn[ name ] = function( speed, easing, callback ) { + return this.animate( props, speed, easing, callback ); + }; +} ); + +jQuery.timers = []; +jQuery.fx.tick = function() { + var timer, + i = 0, + timers = jQuery.timers; + + fxNow = Date.now(); + + for ( ; i < timers.length; i++ ) { + timer = timers[ i ]; + + // Run the timer and safely remove it when done (allowing for external removal) + if ( !timer() && timers[ i ] === timer ) { + timers.splice( i--, 1 ); + } + } + + if ( !timers.length ) { + jQuery.fx.stop(); + } + fxNow = undefined; +}; + +jQuery.fx.timer = function( timer ) { + jQuery.timers.push( timer ); + jQuery.fx.start(); +}; + +jQuery.fx.interval = 13; +jQuery.fx.start = function() { + if ( inProgress ) { + return; + } + + inProgress = true; + schedule(); +}; + +jQuery.fx.stop = function() { + inProgress = null; +}; + +jQuery.fx.speeds = { + slow: 600, + fast: 200, + + // Default speed + _default: 400 +}; + + +// Based off of the plugin by Clint Helfers, with permission. +// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ +jQuery.fn.delay = function( time, type ) { + time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; + type = type || "fx"; + + return this.queue( type, function( next, hooks ) { + var timeout = window.setTimeout( next, time ); + hooks.stop = function() { + window.clearTimeout( timeout ); + }; + } ); +}; + + +( function() { + var input = document.createElement( "input" ), + select = document.createElement( "select" ), + opt = select.appendChild( document.createElement( "option" ) ); + + input.type = "checkbox"; + + // Support: Android <=4.3 only + // Default value for a checkbox should be "on" + support.checkOn = input.value !== ""; + + // Support: IE <=11 only + // Must access selectedIndex to make default options select + support.optSelected = opt.selected; + + // Support: IE <=11 only + // An input loses its value after becoming a radio + input = document.createElement( "input" ); + input.value = "t"; + input.type = "radio"; + support.radioValue = input.value === "t"; +} )(); + + +var boolHook, + attrHandle = jQuery.expr.attrHandle; + +jQuery.fn.extend( { + attr: function( name, value ) { + return access( this, jQuery.attr, name, value, arguments.length > 1 ); + }, + + removeAttr: function( name ) { + return this.each( function() { + jQuery.removeAttr( this, name ); + } ); + } +} ); + +jQuery.extend( { + attr: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set attributes on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + // Fallback to prop when attributes are not supported + if ( typeof elem.getAttribute === "undefined" ) { + return jQuery.prop( elem, name, value ); + } + + // Attribute hooks are determined by the lowercase version + // Grab necessary hook if one is defined + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + hooks = jQuery.attrHooks[ name.toLowerCase() ] || + ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); + } + + if ( value !== undefined ) { + if ( value === null ) { + jQuery.removeAttr( elem, name ); + return; + } + + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + elem.setAttribute( name, value + "" ); + return value; + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + ret = jQuery.find.attr( elem, name ); + + // Non-existent attributes return null, we normalize to undefined + return ret == null ? undefined : ret; + }, + + attrHooks: { + type: { + set: function( elem, value ) { + if ( !support.radioValue && value === "radio" && + nodeName( elem, "input" ) ) { + var val = elem.value; + elem.setAttribute( "type", value ); + if ( val ) { + elem.value = val; + } + return value; + } + } + } + }, + + removeAttr: function( elem, value ) { + var name, + i = 0, + + // Attribute names can contain non-HTML whitespace characters + // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 + attrNames = value && value.match( rnothtmlwhite ); + + if ( attrNames && elem.nodeType === 1 ) { + while ( ( name = attrNames[ i++ ] ) ) { + elem.removeAttribute( name ); + } + } + } +} ); + +// Hooks for boolean attributes +boolHook = { + set: function( elem, value, name ) { + if ( value === false ) { + + // Remove boolean attributes when set to false + jQuery.removeAttr( elem, name ); + } else { + elem.setAttribute( name, name ); + } + return name; + } +}; + +jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( _i, name ) { + var getter = attrHandle[ name ] || jQuery.find.attr; + + attrHandle[ name ] = function( elem, name, isXML ) { + var ret, handle, + lowercaseName = name.toLowerCase(); + + if ( !isXML ) { + + // Avoid an infinite loop by temporarily removing this function from the getter + handle = attrHandle[ lowercaseName ]; + attrHandle[ lowercaseName ] = ret; + ret = getter( elem, name, isXML ) != null ? + lowercaseName : + null; + attrHandle[ lowercaseName ] = handle; + } + return ret; + }; +} ); + + + + +var rfocusable = /^(?:input|select|textarea|button)$/i, + rclickable = /^(?:a|area)$/i; + +jQuery.fn.extend( { + prop: function( name, value ) { + return access( this, jQuery.prop, name, value, arguments.length > 1 ); + }, + + removeProp: function( name ) { + return this.each( function() { + delete this[ jQuery.propFix[ name ] || name ]; + } ); + } +} ); + +jQuery.extend( { + prop: function( elem, name, value ) { + var ret, hooks, + nType = elem.nodeType; + + // Don't get/set properties on text, comment and attribute nodes + if ( nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { + + // Fix name and attach hooks + name = jQuery.propFix[ name ] || name; + hooks = jQuery.propHooks[ name ]; + } + + if ( value !== undefined ) { + if ( hooks && "set" in hooks && + ( ret = hooks.set( elem, value, name ) ) !== undefined ) { + return ret; + } + + return ( elem[ name ] = value ); + } + + if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { + return ret; + } + + return elem[ name ]; + }, + + propHooks: { + tabIndex: { + get: function( elem ) { + + // Support: IE <=9 - 11 only + // elem.tabIndex doesn't always return the + // correct value when it hasn't been explicitly set + // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + // Use proper attribute retrieval(#12072) + var tabindex = jQuery.find.attr( elem, "tabindex" ); + + if ( tabindex ) { + return parseInt( tabindex, 10 ); + } + + if ( + rfocusable.test( elem.nodeName ) || + rclickable.test( elem.nodeName ) && + elem.href + ) { + return 0; + } + + return -1; + } + } + }, + + propFix: { + "for": "htmlFor", + "class": "className" + } +} ); + +// Support: IE <=11 only +// Accessing the selectedIndex property +// forces the browser to respect setting selected +// on the option +// The getter ensures a default option is selected +// when in an optgroup +// eslint rule "no-unused-expressions" is disabled for this code +// since it considers such accessions noop +if ( !support.optSelected ) { + jQuery.propHooks.selected = { + get: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent && parent.parentNode ) { + parent.parentNode.selectedIndex; + } + return null; + }, + set: function( elem ) { + + /* eslint no-unused-expressions: "off" */ + + var parent = elem.parentNode; + if ( parent ) { + parent.selectedIndex; + + if ( parent.parentNode ) { + parent.parentNode.selectedIndex; + } + } + } + }; +} + +jQuery.each( [ + "tabIndex", + "readOnly", + "maxLength", + "cellSpacing", + "cellPadding", + "rowSpan", + "colSpan", + "useMap", + "frameBorder", + "contentEditable" +], function() { + jQuery.propFix[ this.toLowerCase() ] = this; +} ); + + + + + // Strip and collapse whitespace according to HTML spec + // https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace + function stripAndCollapse( value ) { + var tokens = value.match( rnothtmlwhite ) || []; + return tokens.join( " " ); + } + + +function getClass( elem ) { + return elem.getAttribute && elem.getAttribute( "class" ) || ""; +} + +function classesToArray( value ) { + if ( Array.isArray( value ) ) { + return value; + } + if ( typeof value === "string" ) { + return value.match( rnothtmlwhite ) || []; + } + return []; +} + +jQuery.fn.extend( { + addClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + if ( cur.indexOf( " " + clazz + " " ) < 0 ) { + cur += clazz + " "; + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + removeClass: function( value ) { + var classes, elem, cur, curValue, clazz, j, finalValue, + i = 0; + + if ( isFunction( value ) ) { + return this.each( function( j ) { + jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); + } ); + } + + if ( !arguments.length ) { + return this.attr( "class", "" ); + } + + classes = classesToArray( value ); + + if ( classes.length ) { + while ( ( elem = this[ i++ ] ) ) { + curValue = getClass( elem ); + + // This expression is here for better compressibility (see addClass) + cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); + + if ( cur ) { + j = 0; + while ( ( clazz = classes[ j++ ] ) ) { + + // Remove *all* instances + while ( cur.indexOf( " " + clazz + " " ) > -1 ) { + cur = cur.replace( " " + clazz + " ", " " ); + } + } + + // Only assign if different to avoid unneeded rendering. + finalValue = stripAndCollapse( cur ); + if ( curValue !== finalValue ) { + elem.setAttribute( "class", finalValue ); + } + } + } + } + + return this; + }, + + toggleClass: function( value, stateVal ) { + var type = typeof value, + isValidValue = type === "string" || Array.isArray( value ); + + if ( typeof stateVal === "boolean" && isValidValue ) { + return stateVal ? this.addClass( value ) : this.removeClass( value ); + } + + if ( isFunction( value ) ) { + return this.each( function( i ) { + jQuery( this ).toggleClass( + value.call( this, i, getClass( this ), stateVal ), + stateVal + ); + } ); + } + + return this.each( function() { + var className, i, self, classNames; + + if ( isValidValue ) { + + // Toggle individual class names + i = 0; + self = jQuery( this ); + classNames = classesToArray( value ); + + while ( ( className = classNames[ i++ ] ) ) { + + // Check each className given, space separated list + if ( self.hasClass( className ) ) { + self.removeClass( className ); + } else { + self.addClass( className ); + } + } + + // Toggle whole class name + } else if ( value === undefined || type === "boolean" ) { + className = getClass( this ); + if ( className ) { + + // Store className if set + dataPriv.set( this, "__className__", className ); + } + + // If the element has a class name or if we're passed `false`, + // then remove the whole classname (if there was one, the above saved it). + // Otherwise bring back whatever was previously saved (if anything), + // falling back to the empty string if nothing was stored. + if ( this.setAttribute ) { + this.setAttribute( "class", + className || value === false ? + "" : + dataPriv.get( this, "__className__" ) || "" + ); + } + } + } ); + }, + + hasClass: function( selector ) { + var className, elem, + i = 0; + + className = " " + selector + " "; + while ( ( elem = this[ i++ ] ) ) { + if ( elem.nodeType === 1 && + ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { + return true; + } + } + + return false; + } +} ); + + + + +var rreturn = /\r/g; + +jQuery.fn.extend( { + val: function( value ) { + var hooks, ret, valueIsFunction, + elem = this[ 0 ]; + + if ( !arguments.length ) { + if ( elem ) { + hooks = jQuery.valHooks[ elem.type ] || + jQuery.valHooks[ elem.nodeName.toLowerCase() ]; + + if ( hooks && + "get" in hooks && + ( ret = hooks.get( elem, "value" ) ) !== undefined + ) { + return ret; + } + + ret = elem.value; + + // Handle most common string cases + if ( typeof ret === "string" ) { + return ret.replace( rreturn, "" ); + } + + // Handle cases where value is null/undef or number + return ret == null ? "" : ret; + } + + return; + } + + valueIsFunction = isFunction( value ); + + return this.each( function( i ) { + var val; + + if ( this.nodeType !== 1 ) { + return; + } + + if ( valueIsFunction ) { + val = value.call( this, i, jQuery( this ).val() ); + } else { + val = value; + } + + // Treat null/undefined as ""; convert numbers to string + if ( val == null ) { + val = ""; + + } else if ( typeof val === "number" ) { + val += ""; + + } else if ( Array.isArray( val ) ) { + val = jQuery.map( val, function( value ) { + return value == null ? "" : value + ""; + } ); + } + + hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; + + // If set returns undefined, fall back to normal setting + if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { + this.value = val; + } + } ); + } +} ); + +jQuery.extend( { + valHooks: { + option: { + get: function( elem ) { + + var val = jQuery.find.attr( elem, "value" ); + return val != null ? + val : + + // Support: IE <=10 - 11 only + // option.text throws exceptions (#14686, #14858) + // Strip and collapse whitespace + // https://html.spec.whatwg.org/#strip-and-collapse-whitespace + stripAndCollapse( jQuery.text( elem ) ); + } + }, + select: { + get: function( elem ) { + var value, option, i, + options = elem.options, + index = elem.selectedIndex, + one = elem.type === "select-one", + values = one ? null : [], + max = one ? index + 1 : options.length; + + if ( index < 0 ) { + i = max; + + } else { + i = one ? index : 0; + } + + // Loop through all the selected options + for ( ; i < max; i++ ) { + option = options[ i ]; + + // Support: IE <=9 only + // IE8-9 doesn't update selected after form reset (#2551) + if ( ( option.selected || i === index ) && + + // Don't return options that are disabled or in a disabled optgroup + !option.disabled && + ( !option.parentNode.disabled || + !nodeName( option.parentNode, "optgroup" ) ) ) { + + // Get the specific value for the option + value = jQuery( option ).val(); + + // We don't need an array for one selects + if ( one ) { + return value; + } + + // Multi-Selects return an array + values.push( value ); + } + } + + return values; + }, + + set: function( elem, value ) { + var optionSet, option, + options = elem.options, + values = jQuery.makeArray( value ), + i = options.length; + + while ( i-- ) { + option = options[ i ]; + + /* eslint-disable no-cond-assign */ + + if ( option.selected = + jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 + ) { + optionSet = true; + } + + /* eslint-enable no-cond-assign */ + } + + // Force browsers to behave consistently when non-matching value is set + if ( !optionSet ) { + elem.selectedIndex = -1; + } + return values; + } + } + } +} ); + +// Radios and checkboxes getter/setter +jQuery.each( [ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = { + set: function( elem, value ) { + if ( Array.isArray( value ) ) { + return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); + } + } + }; + if ( !support.checkOn ) { + jQuery.valHooks[ this ].get = function( elem ) { + return elem.getAttribute( "value" ) === null ? "on" : elem.value; + }; + } +} ); + + + + +// Return jQuery for attributes-only inclusion + + +support.focusin = "onfocusin" in window; + + +var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, + stopPropagationCallback = function( e ) { + e.stopPropagation(); + }; + +jQuery.extend( jQuery.event, { + + trigger: function( event, data, elem, onlyHandlers ) { + + var i, cur, tmp, bubbleType, ontype, handle, special, lastElement, + eventPath = [ elem || document ], + type = hasOwn.call( event, "type" ) ? event.type : event, + namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; + + cur = lastElement = tmp = elem = elem || document; + + // Don't do events on text and comment nodes + if ( elem.nodeType === 3 || elem.nodeType === 8 ) { + return; + } + + // focus/blur morphs to focusin/out; ensure we're not firing them right now + if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { + return; + } + + if ( type.indexOf( "." ) > -1 ) { + + // Namespaced trigger; create a regexp to match event type in handle() + namespaces = type.split( "." ); + type = namespaces.shift(); + namespaces.sort(); + } + ontype = type.indexOf( ":" ) < 0 && "on" + type; + + // Caller can pass in a jQuery.Event object, Object, or just an event type string + event = event[ jQuery.expando ] ? + event : + new jQuery.Event( type, typeof event === "object" && event ); + + // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) + event.isTrigger = onlyHandlers ? 2 : 3; + event.namespace = namespaces.join( "." ); + event.rnamespace = event.namespace ? + new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : + null; + + // Clean up the event in case it is being reused + event.result = undefined; + if ( !event.target ) { + event.target = elem; + } + + // Clone any incoming data and prepend the event, creating the handler arg list + data = data == null ? + [ event ] : + jQuery.makeArray( data, [ event ] ); + + // Allow special events to draw outside the lines + special = jQuery.event.special[ type ] || {}; + if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { + return; + } + + // Determine event propagation path in advance, per W3C events spec (#9951) + // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) + if ( !onlyHandlers && !special.noBubble && !isWindow( elem ) ) { + + bubbleType = special.delegateType || type; + if ( !rfocusMorph.test( bubbleType + type ) ) { + cur = cur.parentNode; + } + for ( ; cur; cur = cur.parentNode ) { + eventPath.push( cur ); + tmp = cur; + } + + // Only add window if we got to document (e.g., not plain obj or detached DOM) + if ( tmp === ( elem.ownerDocument || document ) ) { + eventPath.push( tmp.defaultView || tmp.parentWindow || window ); + } + } + + // Fire handlers on the event path + i = 0; + while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { + lastElement = cur; + event.type = i > 1 ? + bubbleType : + special.bindType || type; + + // jQuery handler + handle = ( dataPriv.get( cur, "events" ) || Object.create( null ) )[ event.type ] && + dataPriv.get( cur, "handle" ); + if ( handle ) { + handle.apply( cur, data ); + } + + // Native handler + handle = ontype && cur[ ontype ]; + if ( handle && handle.apply && acceptData( cur ) ) { + event.result = handle.apply( cur, data ); + if ( event.result === false ) { + event.preventDefault(); + } + } + } + event.type = type; + + // If nobody prevented the default action, do it now + if ( !onlyHandlers && !event.isDefaultPrevented() ) { + + if ( ( !special._default || + special._default.apply( eventPath.pop(), data ) === false ) && + acceptData( elem ) ) { + + // Call a native DOM method on the target with the same name as the event. + // Don't do default actions on window, that's where global variables be (#6170) + if ( ontype && isFunction( elem[ type ] ) && !isWindow( elem ) ) { + + // Don't re-trigger an onFOO event when we call its FOO() method + tmp = elem[ ontype ]; + + if ( tmp ) { + elem[ ontype ] = null; + } + + // Prevent re-triggering of the same event, since we already bubbled it above + jQuery.event.triggered = type; + + if ( event.isPropagationStopped() ) { + lastElement.addEventListener( type, stopPropagationCallback ); + } + + elem[ type ](); + + if ( event.isPropagationStopped() ) { + lastElement.removeEventListener( type, stopPropagationCallback ); + } + + jQuery.event.triggered = undefined; + + if ( tmp ) { + elem[ ontype ] = tmp; + } + } + } + } + + return event.result; + }, + + // Piggyback on a donor event to simulate a different one + // Used only for `focus(in | out)` events + simulate: function( type, elem, event ) { + var e = jQuery.extend( + new jQuery.Event(), + event, + { + type: type, + isSimulated: true + } + ); + + jQuery.event.trigger( e, null, elem ); + } + +} ); + +jQuery.fn.extend( { + + trigger: function( type, data ) { + return this.each( function() { + jQuery.event.trigger( type, data, this ); + } ); + }, + triggerHandler: function( type, data ) { + var elem = this[ 0 ]; + if ( elem ) { + return jQuery.event.trigger( type, data, elem, true ); + } + } +} ); + + +// Support: Firefox <=44 +// Firefox doesn't have focus(in | out) events +// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 +// +// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 +// focus(in | out) events fire after focus & blur events, +// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order +// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 +if ( !support.focusin ) { + jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { + + // Attach a single capturing handler on the document while someone wants focusin/focusout + var handler = function( event ) { + jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); + }; + + jQuery.event.special[ fix ] = { + setup: function() { + + // Handle: regular nodes (via `this.ownerDocument`), window + // (via `this.document`) & document (via `this`). + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ); + + if ( !attaches ) { + doc.addEventListener( orig, handler, true ); + } + dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); + }, + teardown: function() { + var doc = this.ownerDocument || this.document || this, + attaches = dataPriv.access( doc, fix ) - 1; + + if ( !attaches ) { + doc.removeEventListener( orig, handler, true ); + dataPriv.remove( doc, fix ); + + } else { + dataPriv.access( doc, fix, attaches ); + } + } + }; + } ); +} +var location = window.location; + +var nonce = { guid: Date.now() }; + +var rquery = ( /\?/ ); + + + +// Cross-browser xml parsing +jQuery.parseXML = function( data ) { + var xml, parserErrorElem; + if ( !data || typeof data !== "string" ) { + return null; + } + + // Support: IE 9 - 11 only + // IE throws on parseFromString with invalid input. + try { + xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); + } catch ( e ) {} + + parserErrorElem = xml && xml.getElementsByTagName( "parsererror" )[ 0 ]; + if ( !xml || parserErrorElem ) { + jQuery.error( "Invalid XML: " + ( + parserErrorElem ? + jQuery.map( parserErrorElem.childNodes, function( el ) { + return el.textContent; + } ).join( "\n" ) : + data + ) ); + } + return xml; +}; + + +var + rbracket = /\[\]$/, + rCRLF = /\r?\n/g, + rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, + rsubmittable = /^(?:input|select|textarea|keygen)/i; + +function buildParams( prefix, obj, traditional, add ) { + var name; + + if ( Array.isArray( obj ) ) { + + // Serialize array item. + jQuery.each( obj, function( i, v ) { + if ( traditional || rbracket.test( prefix ) ) { + + // Treat each array item as a scalar. + add( prefix, v ); + + } else { + + // Item is non-scalar (array or object), encode its numeric index. + buildParams( + prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", + v, + traditional, + add + ); + } + } ); + + } else if ( !traditional && toType( obj ) === "object" ) { + + // Serialize object item. + for ( name in obj ) { + buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); + } + + } else { + + // Serialize scalar item. + add( prefix, obj ); + } +} + +// Serialize an array of form elements or a set of +// key/values into a query string +jQuery.param = function( a, traditional ) { + var prefix, + s = [], + add = function( key, valueOrFunction ) { + + // If value is a function, invoke it and use its return value + var value = isFunction( valueOrFunction ) ? + valueOrFunction() : + valueOrFunction; + + s[ s.length ] = encodeURIComponent( key ) + "=" + + encodeURIComponent( value == null ? "" : value ); + }; + + if ( a == null ) { + return ""; + } + + // If an array was passed in, assume that it is an array of form elements. + if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { + + // Serialize the form elements + jQuery.each( a, function() { + add( this.name, this.value ); + } ); + + } else { + + // If traditional, encode the "old" way (the way 1.3.2 or older + // did it), otherwise encode params recursively. + for ( prefix in a ) { + buildParams( prefix, a[ prefix ], traditional, add ); + } + } + + // Return the resulting serialization + return s.join( "&" ); +}; + +jQuery.fn.extend( { + serialize: function() { + return jQuery.param( this.serializeArray() ); + }, + serializeArray: function() { + return this.map( function() { + + // Can add propHook for "elements" to filter or add form elements + var elements = jQuery.prop( this, "elements" ); + return elements ? jQuery.makeArray( elements ) : this; + } ).filter( function() { + var type = this.type; + + // Use .is( ":disabled" ) so that fieldset[disabled] works + return this.name && !jQuery( this ).is( ":disabled" ) && + rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && + ( this.checked || !rcheckableType.test( type ) ); + } ).map( function( _i, elem ) { + var val = jQuery( this ).val(); + + if ( val == null ) { + return null; + } + + if ( Array.isArray( val ) ) { + return jQuery.map( val, function( val ) { + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ); + } + + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + } ).get(); + } +} ); + + +var + r20 = /%20/g, + rhash = /#.*$/, + rantiCache = /([?&])_=[^&]*/, + rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, + + // #7653, #8125, #8152: local protocol detection + rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, + rnoContent = /^(?:GET|HEAD)$/, + rprotocol = /^\/\//, + + /* Prefilters + * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) + * 2) These are called: + * - BEFORE asking for a transport + * - AFTER param serialization (s.data is a string if s.processData is true) + * 3) key is the dataType + * 4) the catchall symbol "*" can be used + * 5) execution will start with transport dataType and THEN continue down to "*" if needed + */ + prefilters = {}, + + /* Transports bindings + * 1) key is the dataType + * 2) the catchall symbol "*" can be used + * 3) selection will start with transport dataType and THEN go to "*" if needed + */ + transports = {}, + + // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression + allTypes = "*/".concat( "*" ), + + // Anchor tag for parsing the document origin + originAnchor = document.createElement( "a" ); + +originAnchor.href = location.href; + +// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport +function addToPrefiltersOrTransports( structure ) { + + // dataTypeExpression is optional and defaults to "*" + return function( dataTypeExpression, func ) { + + if ( typeof dataTypeExpression !== "string" ) { + func = dataTypeExpression; + dataTypeExpression = "*"; + } + + var dataType, + i = 0, + dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; + + if ( isFunction( func ) ) { + + // For each dataType in the dataTypeExpression + while ( ( dataType = dataTypes[ i++ ] ) ) { + + // Prepend if requested + if ( dataType[ 0 ] === "+" ) { + dataType = dataType.slice( 1 ) || "*"; + ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); + + // Otherwise append + } else { + ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); + } + } + } + }; +} + +// Base inspection function for prefilters and transports +function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { + + var inspected = {}, + seekingTransport = ( structure === transports ); + + function inspect( dataType ) { + var selected; + inspected[ dataType ] = true; + jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { + var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); + if ( typeof dataTypeOrTransport === "string" && + !seekingTransport && !inspected[ dataTypeOrTransport ] ) { + + options.dataTypes.unshift( dataTypeOrTransport ); + inspect( dataTypeOrTransport ); + return false; + } else if ( seekingTransport ) { + return !( selected = dataTypeOrTransport ); + } + } ); + return selected; + } + + return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); +} + +// A special extend for ajax options +// that takes "flat" options (not to be deep extended) +// Fixes #9887 +function ajaxExtend( target, src ) { + var key, deep, + flatOptions = jQuery.ajaxSettings.flatOptions || {}; + + for ( key in src ) { + if ( src[ key ] !== undefined ) { + ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; + } + } + if ( deep ) { + jQuery.extend( true, target, deep ); + } + + return target; +} + +/* Handles responses to an ajax request: + * - finds the right dataType (mediates between content-type and expected dataType) + * - returns the corresponding response + */ +function ajaxHandleResponses( s, jqXHR, responses ) { + + var ct, type, finalDataType, firstDataType, + contents = s.contents, + dataTypes = s.dataTypes; + + // Remove auto dataType and get content-type in the process + while ( dataTypes[ 0 ] === "*" ) { + dataTypes.shift(); + if ( ct === undefined ) { + ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); + } + } + + // Check if we're dealing with a known content-type + if ( ct ) { + for ( type in contents ) { + if ( contents[ type ] && contents[ type ].test( ct ) ) { + dataTypes.unshift( type ); + break; + } + } + } + + // Check to see if we have a response for the expected dataType + if ( dataTypes[ 0 ] in responses ) { + finalDataType = dataTypes[ 0 ]; + } else { + + // Try convertible dataTypes + for ( type in responses ) { + if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { + finalDataType = type; + break; + } + if ( !firstDataType ) { + firstDataType = type; + } + } + + // Or just use first one + finalDataType = finalDataType || firstDataType; + } + + // If we found a dataType + // We add the dataType to the list if needed + // and return the corresponding response + if ( finalDataType ) { + if ( finalDataType !== dataTypes[ 0 ] ) { + dataTypes.unshift( finalDataType ); + } + return responses[ finalDataType ]; + } +} + +/* Chain conversions given the request and the original response + * Also sets the responseXXX fields on the jqXHR instance + */ +function ajaxConvert( s, response, jqXHR, isSuccess ) { + var conv2, current, conv, tmp, prev, + converters = {}, + + // Work with a copy of dataTypes in case we need to modify it for conversion + dataTypes = s.dataTypes.slice(); + + // Create converters map with lowercased keys + if ( dataTypes[ 1 ] ) { + for ( conv in s.converters ) { + converters[ conv.toLowerCase() ] = s.converters[ conv ]; + } + } + + current = dataTypes.shift(); + + // Convert to each sequential dataType + while ( current ) { + + if ( s.responseFields[ current ] ) { + jqXHR[ s.responseFields[ current ] ] = response; + } + + // Apply the dataFilter if provided + if ( !prev && isSuccess && s.dataFilter ) { + response = s.dataFilter( response, s.dataType ); + } + + prev = current; + current = dataTypes.shift(); + + if ( current ) { + + // There's only work to do if current dataType is non-auto + if ( current === "*" ) { + + current = prev; + + // Convert response if prev dataType is non-auto and differs from current + } else if ( prev !== "*" && prev !== current ) { + + // Seek a direct converter + conv = converters[ prev + " " + current ] || converters[ "* " + current ]; + + // If none found, seek a pair + if ( !conv ) { + for ( conv2 in converters ) { + + // If conv2 outputs current + tmp = conv2.split( " " ); + if ( tmp[ 1 ] === current ) { + + // If prev can be converted to accepted input + conv = converters[ prev + " " + tmp[ 0 ] ] || + converters[ "* " + tmp[ 0 ] ]; + if ( conv ) { + + // Condense equivalence converters + if ( conv === true ) { + conv = converters[ conv2 ]; + + // Otherwise, insert the intermediate dataType + } else if ( converters[ conv2 ] !== true ) { + current = tmp[ 0 ]; + dataTypes.unshift( tmp[ 1 ] ); + } + break; + } + } + } + } + + // Apply converter (if not an equivalence) + if ( conv !== true ) { + + // Unless errors are allowed to bubble, catch and return them + if ( conv && s.throws ) { + response = conv( response ); + } else { + try { + response = conv( response ); + } catch ( e ) { + return { + state: "parsererror", + error: conv ? e : "No conversion from " + prev + " to " + current + }; + } + } + } + } + } + } + + return { state: "success", data: response }; +} + +jQuery.extend( { + + // Counter for holding the number of active queries + active: 0, + + // Last-Modified header cache for next request + lastModified: {}, + etag: {}, + + ajaxSettings: { + url: location.href, + type: "GET", + isLocal: rlocalProtocol.test( location.protocol ), + global: true, + processData: true, + async: true, + contentType: "application/x-www-form-urlencoded; charset=UTF-8", + + /* + timeout: 0, + data: null, + dataType: null, + username: null, + password: null, + cache: null, + throws: false, + traditional: false, + headers: {}, + */ + + accepts: { + "*": allTypes, + text: "text/plain", + html: "text/html", + xml: "application/xml, text/xml", + json: "application/json, text/javascript" + }, + + contents: { + xml: /\bxml\b/, + html: /\bhtml/, + json: /\bjson\b/ + }, + + responseFields: { + xml: "responseXML", + text: "responseText", + json: "responseJSON" + }, + + // Data converters + // Keys separate source (or catchall "*") and destination types with a single space + converters: { + + // Convert anything to text + "* text": String, + + // Text to html (true = no transformation) + "text html": true, + + // Evaluate text as a json expression + "text json": JSON.parse, + + // Parse text as xml + "text xml": jQuery.parseXML + }, + + // For options that shouldn't be deep extended: + // you can add your own custom options here if + // and when you create one that shouldn't be + // deep extended (see ajaxExtend) + flatOptions: { + url: true, + context: true + } + }, + + // Creates a full fledged settings object into target + // with both ajaxSettings and settings fields. + // If target is omitted, writes into ajaxSettings. + ajaxSetup: function( target, settings ) { + return settings ? + + // Building a settings object + ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : + + // Extending ajaxSettings + ajaxExtend( jQuery.ajaxSettings, target ); + }, + + ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), + ajaxTransport: addToPrefiltersOrTransports( transports ), + + // Main method + ajax: function( url, options ) { + + // If url is an object, simulate pre-1.5 signature + if ( typeof url === "object" ) { + options = url; + url = undefined; + } + + // Force options to be an object + options = options || {}; + + var transport, + + // URL without anti-cache param + cacheURL, + + // Response headers + responseHeadersString, + responseHeaders, + + // timeout handle + timeoutTimer, + + // Url cleanup var + urlAnchor, + + // Request state (becomes false upon send and true upon completion) + completed, + + // To know if global events are to be dispatched + fireGlobals, + + // Loop variable + i, + + // uncached part of the url + uncached, + + // Create the final options object + s = jQuery.ajaxSetup( {}, options ), + + // Callbacks context + callbackContext = s.context || s, + + // Context for global events is callbackContext if it is a DOM node or jQuery collection + globalEventContext = s.context && + ( callbackContext.nodeType || callbackContext.jquery ) ? + jQuery( callbackContext ) : + jQuery.event, + + // Deferreds + deferred = jQuery.Deferred(), + completeDeferred = jQuery.Callbacks( "once memory" ), + + // Status-dependent callbacks + statusCode = s.statusCode || {}, + + // Headers (they are sent all at once) + requestHeaders = {}, + requestHeadersNames = {}, + + // Default abort message + strAbort = "canceled", + + // Fake xhr + jqXHR = { + readyState: 0, + + // Builds headers hashtable if needed + getResponseHeader: function( key ) { + var match; + if ( completed ) { + if ( !responseHeaders ) { + responseHeaders = {}; + while ( ( match = rheaders.exec( responseHeadersString ) ) ) { + responseHeaders[ match[ 1 ].toLowerCase() + " " ] = + ( responseHeaders[ match[ 1 ].toLowerCase() + " " ] || [] ) + .concat( match[ 2 ] ); + } + } + match = responseHeaders[ key.toLowerCase() + " " ]; + } + return match == null ? null : match.join( ", " ); + }, + + // Raw string + getAllResponseHeaders: function() { + return completed ? responseHeadersString : null; + }, + + // Caches the header + setRequestHeader: function( name, value ) { + if ( completed == null ) { + name = requestHeadersNames[ name.toLowerCase() ] = + requestHeadersNames[ name.toLowerCase() ] || name; + requestHeaders[ name ] = value; + } + return this; + }, + + // Overrides response content-type header + overrideMimeType: function( type ) { + if ( completed == null ) { + s.mimeType = type; + } + return this; + }, + + // Status-dependent callbacks + statusCode: function( map ) { + var code; + if ( map ) { + if ( completed ) { + + // Execute the appropriate callbacks + jqXHR.always( map[ jqXHR.status ] ); + } else { + + // Lazy-add the new callbacks in a way that preserves old ones + for ( code in map ) { + statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; + } + } + } + return this; + }, + + // Cancel the request + abort: function( statusText ) { + var finalText = statusText || strAbort; + if ( transport ) { + transport.abort( finalText ); + } + done( 0, finalText ); + return this; + } + }; + + // Attach deferreds + deferred.promise( jqXHR ); + + // Add protocol if not provided (prefilters might expect it) + // Handle falsy url in the settings object (#10093: consistency with old signature) + // We also use the url parameter if available + s.url = ( ( url || s.url || location.href ) + "" ) + .replace( rprotocol, location.protocol + "//" ); + + // Alias method option to type as per ticket #12004 + s.type = options.method || options.type || s.method || s.type; + + // Extract dataTypes list + s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; + + // A cross-domain request is in order when the origin doesn't match the current origin. + if ( s.crossDomain == null ) { + urlAnchor = document.createElement( "a" ); + + // Support: IE <=8 - 11, Edge 12 - 15 + // IE throws exception on accessing the href property if url is malformed, + // e.g. http://example.com:80x/ + try { + urlAnchor.href = s.url; + + // Support: IE <=8 - 11 only + // Anchor's host property isn't correctly set when s.url is relative + urlAnchor.href = urlAnchor.href; + s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== + urlAnchor.protocol + "//" + urlAnchor.host; + } catch ( e ) { + + // If there is an error parsing the URL, assume it is crossDomain, + // it can be rejected by the transport if it is invalid + s.crossDomain = true; + } + } + + // Convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) { + s.data = jQuery.param( s.data, s.traditional ); + } + + // Apply prefilters + inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); + + // If request was aborted inside a prefilter, stop there + if ( completed ) { + return jqXHR; + } + + // We can fire global events as of now if asked to + // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) + fireGlobals = jQuery.event && s.global; + + // Watch for a new set of requests + if ( fireGlobals && jQuery.active++ === 0 ) { + jQuery.event.trigger( "ajaxStart" ); + } + + // Uppercase the type + s.type = s.type.toUpperCase(); + + // Determine if request has content + s.hasContent = !rnoContent.test( s.type ); + + // Save the URL in case we're toying with the If-Modified-Since + // and/or If-None-Match header later on + // Remove hash to simplify url manipulation + cacheURL = s.url.replace( rhash, "" ); + + // More options handling for requests with no content + if ( !s.hasContent ) { + + // Remember the hash so we can put it back + uncached = s.url.slice( cacheURL.length ); + + // If data is available and should be processed, append data to url + if ( s.data && ( s.processData || typeof s.data === "string" ) ) { + cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; + + // #9682: remove data so that it's not used in an eventual retry + delete s.data; + } + + // Add or update anti-cache param if needed + if ( s.cache === false ) { + cacheURL = cacheURL.replace( rantiCache, "$1" ); + uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce.guid++ ) + + uncached; + } + + // Put hash and anti-cache on the URL that will be requested (gh-1732) + s.url = cacheURL + uncached; + + // Change '%20' to '+' if this is encoded form body content (gh-2658) + } else if ( s.data && s.processData && + ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { + s.data = s.data.replace( r20, "+" ); + } + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + if ( jQuery.lastModified[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); + } + if ( jQuery.etag[ cacheURL ] ) { + jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); + } + } + + // Set the correct header, if data is being sent + if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { + jqXHR.setRequestHeader( "Content-Type", s.contentType ); + } + + // Set the Accepts header for the server, depending on the dataType + jqXHR.setRequestHeader( + "Accept", + s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? + s.accepts[ s.dataTypes[ 0 ] ] + + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : + s.accepts[ "*" ] + ); + + // Check for headers option + for ( i in s.headers ) { + jqXHR.setRequestHeader( i, s.headers[ i ] ); + } + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && + ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { + + // Abort if not done already and return + return jqXHR.abort(); + } + + // Aborting is no longer a cancellation + strAbort = "abort"; + + // Install callbacks on deferreds + completeDeferred.add( s.complete ); + jqXHR.done( s.success ); + jqXHR.fail( s.error ); + + // Get transport + transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); + + // If no transport, we auto-abort + if ( !transport ) { + done( -1, "No Transport" ); + } else { + jqXHR.readyState = 1; + + // Send global event + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); + } + + // If request was aborted inside ajaxSend, stop there + if ( completed ) { + return jqXHR; + } + + // Timeout + if ( s.async && s.timeout > 0 ) { + timeoutTimer = window.setTimeout( function() { + jqXHR.abort( "timeout" ); + }, s.timeout ); + } + + try { + completed = false; + transport.send( requestHeaders, done ); + } catch ( e ) { + + // Rethrow post-completion exceptions + if ( completed ) { + throw e; + } + + // Propagate others as results + done( -1, e ); + } + } + + // Callback for when everything is done + function done( status, nativeStatusText, responses, headers ) { + var isSuccess, success, error, response, modified, + statusText = nativeStatusText; + + // Ignore repeat invocations + if ( completed ) { + return; + } + + completed = true; + + // Clear timeout if it exists + if ( timeoutTimer ) { + window.clearTimeout( timeoutTimer ); + } + + // Dereference transport for early garbage collection + // (no matter how long the jqXHR object will be used) + transport = undefined; + + // Cache response headers + responseHeadersString = headers || ""; + + // Set readyState + jqXHR.readyState = status > 0 ? 4 : 0; + + // Determine if successful + isSuccess = status >= 200 && status < 300 || status === 304; + + // Get response data + if ( responses ) { + response = ajaxHandleResponses( s, jqXHR, responses ); + } + + // Use a noop converter for missing script but not if jsonp + if ( !isSuccess && + jQuery.inArray( "script", s.dataTypes ) > -1 && + jQuery.inArray( "json", s.dataTypes ) < 0 ) { + s.converters[ "text script" ] = function() {}; + } + + // Convert no matter what (that way responseXXX fields are always set) + response = ajaxConvert( s, response, jqXHR, isSuccess ); + + // If successful, handle type chaining + if ( isSuccess ) { + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + modified = jqXHR.getResponseHeader( "Last-Modified" ); + if ( modified ) { + jQuery.lastModified[ cacheURL ] = modified; + } + modified = jqXHR.getResponseHeader( "etag" ); + if ( modified ) { + jQuery.etag[ cacheURL ] = modified; + } + } + + // if no content + if ( status === 204 || s.type === "HEAD" ) { + statusText = "nocontent"; + + // if not modified + } else if ( status === 304 ) { + statusText = "notmodified"; + + // If we have data, let's convert it + } else { + statusText = response.state; + success = response.data; + error = response.error; + isSuccess = !error; + } + } else { + + // Extract error from statusText and normalize for non-aborts + error = statusText; + if ( status || !statusText ) { + statusText = "error"; + if ( status < 0 ) { + status = 0; + } + } + } + + // Set data for the fake xhr object + jqXHR.status = status; + jqXHR.statusText = ( nativeStatusText || statusText ) + ""; + + // Success/Error + if ( isSuccess ) { + deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); + } else { + deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); + } + + // Status-dependent callbacks + jqXHR.statusCode( statusCode ); + statusCode = undefined; + + if ( fireGlobals ) { + globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", + [ jqXHR, s, isSuccess ? success : error ] ); + } + + // Complete + completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); + + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); + + // Handle the global AJAX counter + if ( !( --jQuery.active ) ) { + jQuery.event.trigger( "ajaxStop" ); + } + } + } + + return jqXHR; + }, + + getJSON: function( url, data, callback ) { + return jQuery.get( url, data, callback, "json" ); + }, + + getScript: function( url, callback ) { + return jQuery.get( url, undefined, callback, "script" ); + } +} ); + +jQuery.each( [ "get", "post" ], function( _i, method ) { + jQuery[ method ] = function( url, data, callback, type ) { + + // Shift arguments if data argument was omitted + if ( isFunction( data ) ) { + type = type || callback; + callback = data; + data = undefined; + } + + // The url can be an options object (which then must have .url) + return jQuery.ajax( jQuery.extend( { + url: url, + type: method, + dataType: type, + data: data, + success: callback + }, jQuery.isPlainObject( url ) && url ) ); + }; +} ); + +jQuery.ajaxPrefilter( function( s ) { + var i; + for ( i in s.headers ) { + if ( i.toLowerCase() === "content-type" ) { + s.contentType = s.headers[ i ] || ""; + } + } +} ); + + +jQuery._evalUrl = function( url, options, doc ) { + return jQuery.ajax( { + url: url, + + // Make this explicit, since user can override this through ajaxSetup (#11264) + type: "GET", + dataType: "script", + cache: true, + async: false, + global: false, + + // Only evaluate the response if it is successful (gh-4126) + // dataFilter is not invoked for failure responses, so using it instead + // of the default converter is kludgy but it works. + converters: { + "text script": function() {} + }, + dataFilter: function( response ) { + jQuery.globalEval( response, options, doc ); + } + } ); +}; + + +jQuery.fn.extend( { + wrapAll: function( html ) { + var wrap; + + if ( this[ 0 ] ) { + if ( isFunction( html ) ) { + html = html.call( this[ 0 ] ); + } + + // The elements to wrap the target around + wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); + + if ( this[ 0 ].parentNode ) { + wrap.insertBefore( this[ 0 ] ); + } + + wrap.map( function() { + var elem = this; + + while ( elem.firstElementChild ) { + elem = elem.firstElementChild; + } + + return elem; + } ).append( this ); + } + + return this; + }, + + wrapInner: function( html ) { + if ( isFunction( html ) ) { + return this.each( function( i ) { + jQuery( this ).wrapInner( html.call( this, i ) ); + } ); + } + + return this.each( function() { + var self = jQuery( this ), + contents = self.contents(); + + if ( contents.length ) { + contents.wrapAll( html ); + + } else { + self.append( html ); + } + } ); + }, + + wrap: function( html ) { + var htmlIsFunction = isFunction( html ); + + return this.each( function( i ) { + jQuery( this ).wrapAll( htmlIsFunction ? html.call( this, i ) : html ); + } ); + }, + + unwrap: function( selector ) { + this.parent( selector ).not( "body" ).each( function() { + jQuery( this ).replaceWith( this.childNodes ); + } ); + return this; + } +} ); + + +jQuery.expr.pseudos.hidden = function( elem ) { + return !jQuery.expr.pseudos.visible( elem ); +}; +jQuery.expr.pseudos.visible = function( elem ) { + return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); +}; + + + + +jQuery.ajaxSettings.xhr = function() { + try { + return new window.XMLHttpRequest(); + } catch ( e ) {} +}; + +var xhrSuccessStatus = { + + // File protocol always yields status code 0, assume 200 + 0: 200, + + // Support: IE <=9 only + // #1450: sometimes IE returns 1223 when it should be 204 + 1223: 204 + }, + xhrSupported = jQuery.ajaxSettings.xhr(); + +support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); +support.ajax = xhrSupported = !!xhrSupported; + +jQuery.ajaxTransport( function( options ) { + var callback, errorCallback; + + // Cross domain only allowed if supported through XMLHttpRequest + if ( support.cors || xhrSupported && !options.crossDomain ) { + return { + send: function( headers, complete ) { + var i, + xhr = options.xhr(); + + xhr.open( + options.type, + options.url, + options.async, + options.username, + options.password + ); + + // Apply custom fields if provided + if ( options.xhrFields ) { + for ( i in options.xhrFields ) { + xhr[ i ] = options.xhrFields[ i ]; + } + } + + // Override mime type if needed + if ( options.mimeType && xhr.overrideMimeType ) { + xhr.overrideMimeType( options.mimeType ); + } + + // X-Requested-With header + // For cross-domain requests, seeing as conditions for a preflight are + // akin to a jigsaw puzzle, we simply never set it to be sure. + // (it can always be set on a per-request basis or even using ajaxSetup) + // For same-domain requests, won't change header if already provided. + if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { + headers[ "X-Requested-With" ] = "XMLHttpRequest"; + } + + // Set headers + for ( i in headers ) { + xhr.setRequestHeader( i, headers[ i ] ); + } + + // Callback + callback = function( type ) { + return function() { + if ( callback ) { + callback = errorCallback = xhr.onload = + xhr.onerror = xhr.onabort = xhr.ontimeout = + xhr.onreadystatechange = null; + + if ( type === "abort" ) { + xhr.abort(); + } else if ( type === "error" ) { + + // Support: IE <=9 only + // On a manual native abort, IE9 throws + // errors on any property access that is not readyState + if ( typeof xhr.status !== "number" ) { + complete( 0, "error" ); + } else { + complete( + + // File: protocol always yields status 0; see #8605, #14207 + xhr.status, + xhr.statusText + ); + } + } else { + complete( + xhrSuccessStatus[ xhr.status ] || xhr.status, + xhr.statusText, + + // Support: IE <=9 only + // IE9 has no XHR2 but throws on binary (trac-11426) + // For XHR2 non-text, let the caller handle it (gh-2498) + ( xhr.responseType || "text" ) !== "text" || + typeof xhr.responseText !== "string" ? + { binary: xhr.response } : + { text: xhr.responseText }, + xhr.getAllResponseHeaders() + ); + } + } + }; + }; + + // Listen to events + xhr.onload = callback(); + errorCallback = xhr.onerror = xhr.ontimeout = callback( "error" ); + + // Support: IE 9 only + // Use onreadystatechange to replace onabort + // to handle uncaught aborts + if ( xhr.onabort !== undefined ) { + xhr.onabort = errorCallback; + } else { + xhr.onreadystatechange = function() { + + // Check readyState before timeout as it changes + if ( xhr.readyState === 4 ) { + + // Allow onerror to be called first, + // but that will not handle a native abort + // Also, save errorCallback to a variable + // as xhr.onerror cannot be accessed + window.setTimeout( function() { + if ( callback ) { + errorCallback(); + } + } ); + } + }; + } + + // Create the abort callback + callback = callback( "abort" ); + + try { + + // Do send the request (this may raise an exception) + xhr.send( options.hasContent && options.data || null ); + } catch ( e ) { + + // #14683: Only rethrow if this hasn't been notified as an error yet + if ( callback ) { + throw e; + } + } + }, + + abort: function() { + if ( callback ) { + callback(); + } + } + }; + } +} ); + + + + +// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) +jQuery.ajaxPrefilter( function( s ) { + if ( s.crossDomain ) { + s.contents.script = false; + } +} ); + +// Install script dataType +jQuery.ajaxSetup( { + accepts: { + script: "text/javascript, application/javascript, " + + "application/ecmascript, application/x-ecmascript" + }, + contents: { + script: /\b(?:java|ecma)script\b/ + }, + converters: { + "text script": function( text ) { + jQuery.globalEval( text ); + return text; + } + } +} ); + +// Handle cache's special case and crossDomain +jQuery.ajaxPrefilter( "script", function( s ) { + if ( s.cache === undefined ) { + s.cache = false; + } + if ( s.crossDomain ) { + s.type = "GET"; + } +} ); + +// Bind script tag hack transport +jQuery.ajaxTransport( "script", function( s ) { + + // This transport only deals with cross domain or forced-by-attrs requests + if ( s.crossDomain || s.scriptAttrs ) { + var script, callback; + return { + send: function( _, complete ) { + script = jQuery( " + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

A Basic Introduction to GSSAPI

+

GSSAPI (which stands for “Generic Security Service API”) is an +standard layer for interfacing with security services. While it +supports multiple different mechanisms, it is most commonly used +with Kerberos 5 (“krb5” for short).

+

This tutorial will provide a basic introduction to interacting with +GSSAPI through Python.

+

Note: This file is designed to be runnable using +[YALPT](https://github.com/directxman12/yalpt). You can also just +read it normally.

+

To start out, we’ll import python-gssapi, and save the current FQDN +for later:

+
>>> import gssapi, socket
+>>> FQDN = socket.getfqdn()
+>>>
+
+
+

Note that this assumes you have a KRB5 realm set up, and some relevant +functions available in the REALM object (see gssapi-console.py in +[gssapi_console](https://pypi.python.org/pypi/gssapi_console)), or +try $ run-lit -e gssapi basic-tutorial.md when you have both +gssapi_console and yalpt installed). Any actions performed using the +REALM object are not part of the GSSAPI library; the REALM object +simply contains wrappers to krb5 commands generally run separately from +the application using GSSAPI.

+
+

Names and Credentials

+

Two important concepts in GSSAPI are names and credentials.

+

Names, as the name suggests, identify different entities, be they +users or services. GSSAPI has the concept of different name types. +These represent different types of names and corresponding syntax +for representing names as strings.

+

Suppose we wanted to refer to an HTTP server on the current host. +We could refer to it as a host-based service, or in the default +mechanism form (in this case, for krb5):

+
>>> server_hostbased_name = gssapi.Name(f"HTTP@{FQDN}", name_type=gssapi.NameType.hostbased_service)
+>>> server_hostbased_name
+Name(b'HTTP@seton.mivehind.net', <OID 1.2.840.113554.1.2.1.4>)
+>>> server_name = gssapi.Name(f"HTTP/{FQDN}@")
+>>> server_name
+Name(b'HTTP/seton.mivehind.net@', None)
+>>>
+
+
+

These are both effectively the same, but if we canonicalize both +names with respect to krb5, we’ll see that GSSAPI knows they’re the +same:

+
>>> server_name == server_hostbased_name
+False
+>>> server_canon_name = server_name.canonicalize(gssapi.MechType.kerberos)
+>>> server_hostbased_canon_name = server_hostbased_name.canonicalize(gssapi.MechType.kerberos)
+>>> server_canon_name == server_hostbased_canon_name
+True
+>>>
+
+
+

To compare two names of different name types, you should canonicalize +them first.

+

Credentials represent identification for a user or service. In +order to establish secure communication with other entities, a user +or service first needs credentials. For the krb5 mechanism, +credentials generally represent a handle to the TGT.

+

Credentials may be acquired for a particular name, or the default set +of credentials may be acquired.

+

For instance, suppose that we are writing a server, and wish to +communicate accept connections as the ‘HTTP’ service. We would need +to acquire credentials as such:

+
>>> REALM.addprinc('HTTP/%s@%s' % (FQDN, REALM.realm))
+>>> REALM.extract_keytab('HTTP/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
+>>> server_creds = gssapi.Credentials(usage='accept', name=server_name)
+>>>
+
+
+

Note that for the krb5 mechanism, in order to acquire credentials with +the GSSAPI, the system must already have a way to access those credentials. +For users, this generally means that they have already performed a kinit +(i.e. have cached a TGT), while for services (like above), having a keytab +is sufficient. This process is generally performed outside the application +using the GSSAPI.

+

Credentials have a usage: ‘accept’ for accepting security contexts, +‘initiate’ for initiating security contexts, or ‘both’ for +credentials used for both initiating and accepting security contexts.

+

Credentials also have an associated name, lifetime (which may +be None for indefinite), and set of mechanisms with which the +credentials are usable:

+
>>> server_creds.usage
+'accept'
+>>> server_creds.name == server_name
+True
+>>> server_creds.lifetime is None
+True
+>>> gssapi.MechType.kerberos in server_creds.mechs
+True
+>>> gssapi.MechType.kerberos in server_creds.mechs
+True
+>>>
+
+
+

Each of these settings is setable from the constructor as usage, +name, lifetime, and mechs.

+
+
+

Security Contexts

+

Security contexts represent active sessions between two different +entities. Security contexts are used to verify identities, as well +as ensure integrity (message signing), confidentiality (message +encryption), or both for messages exchanged between the two parties.

+

When establishing a security context, the default credentials are +used unless otherwise specified. This allows applications to use +the user’s already acquired credentials:

+
>>> client_ctx = gssapi.SecurityContext(name=server_name, usage='initiate')
+>>> initial_client_token = client_ctx.step()
+>>> client_ctx.complete
+False
+>>>
+
+
+

Just like credentials, security contexts are either initiating +contexts, or accepting contexts (they cannot be both). Initiating +contexts must specify at least a target name. In this case, +we indicate that we wish to establish a context with the HTTP server +from above. The http server can then accept that context:

+
>>> server_ctx = gssapi.SecurityContext(creds=server_creds, usage='accept')
+>>> initial_server_token = server_ctx.step(initial_client_token)
+>>>
+
+
+

As you can see, creating an accepting security context is similar. +Here, we specify a set of accepting credentials to use, although +this is optional (the defaults will be used if no credentials are +specified).

+

Let’s finish up the exchange:

+
>>> server_tok = initial_server_token
+>>>
+>>> while not (client_ctx.complete and server_ctx.complete):
+...     client_tok = client_ctx.step(server_tok)
+...     if not client_tok:
+...         break
+...     server_tok = server_ctx.step(client_tok)
+...
+>>> client_ctx.complete and server_ctx.complete
+True
+>>>
+
+
+

We can now wrap and unwrap messages, using the wrap and unwrap methods +on SecurityContext:

+
>>> message = b'some message here'
+>>> wrapped_message, msg_encrypted = client_ctx.wrap(message, True)
+>>> message not in wrapped_message
+True
+>>> msg_encrypted
+True
+>>> server_ctx.unwrap(wrapped_message)
+UnwrapResult(message=b'some message here', encrypted=True, qop=0)
+>>>
+
+
+

We can use the second parameter to control whether or not we encrypt the +messages, or just sign them:

+
>>> signed_message, msg_encrypted = client_ctx.wrap(message, False)
+>>> msg_encrypted
+False
+>>> message in signed_message
+True
+>>> server_ctx.unwrap(signed_message)
+UnwrapResult(message=b'some message here', encrypted=False, qop=0)
+>>>
+
+
+

Manually passing in a second parameter and checking whether or not encryption +was used can get tedious, so python-gssapi provides two convenience methods +to help with this: encrypt and decrypt. If the context is set up to use +encryption, they will call wrap with encryption. If not, they will +call wrap without encryption.

+
>>> encrypted_message = client_ctx.encrypt(message)
+>>> encrypted_message != message
+True
+>>> server_ctx.decrypt(encrypted_message)
+b'some message here'
+>>>
+
+
+

Notice that if we try to use decrypt a signed message, and exception will be raised, +since the context was set up to use encryption (the default):

+
>>> signed_message, _ = client_ctx.wrap(message, False)
+>>> server_ctx.decrypt(signed_message)
+Traceback (most recent call last):
+  File "<stdin>", line 1, in <module>
+  File "<string>", line 2, in decrypt
+  File "/usr/lib/python3.4/site-packages/gssapi/_utils.py", line 167, in check_last_err
+    return func(self, *args, **kwargs)
+  File "/usr/lib/python3.4/site-packages/gssapi/sec_contexts.py", line 295, in decrypt
+    unwrapped_message=res.message)
+gssapi.exceptions.EncryptionNotUsed: Confidentiality was requested, but not used: The context was established with encryption, but unwrapped message was not encrypted.
+>>>
+
+
+

There you have it: the basics of GSSAPI. You can use the help function +at the interpreter, or check the [docs](http://pythonhosted.org/gssapi/) +for more information.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/ci/before-docs-deploy.sh b/ci/before-docs-deploy.sh deleted file mode 100755 index d7c719ed..00000000 --- a/ci/before-docs-deploy.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -ex - -source ./ci/lib.sh - -lib::setup::install - -lib::deploy::build_docs diff --git a/ci/create-release-tar.sh b/ci/create-release-tar.sh deleted file mode 100755 index 52410f04..00000000 --- a/ci/create-release-tar.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -ex - -source ./ci/lib.sh - -lib::setup::install - -yum -y install tar git - -# Git complains if this isn't owned by the user which is the case when running -# through the run-on-linux.sh -if [ -f /.dockerenv ]; then - git config --global --add safe.directory "${PWD}" -fi - -# build the docs -lib::deploy::build_docs - -# Save the sdist and venv dirs before the clean -mv dist dist_saved -mv .venv /tmp/.venv - -# for the tarball upload -# clean up -git clean -Xdf - -# restore the saved "dist"/".venv" directory -mv dist_saved dist -mv /tmp/.venv .venv - -# make the dir -rm -rf ./tag_build || true -mkdir ./tag_build - -# create and checksum the tarball - -set +e -tag=$(git describe --tags) -if [ "${?}" -ne 0 ]; then - tag=$(git rev-parse --short HEAD) -fi -set -e - -if [ x"${tag#v[0-9]}" = "x${tag}" ]; then - PYTHON_GSSAPI_VERSION=${tag} -else - PYTHON_GSSAPI_VERSION=${tag#v} -fi - -PKG_NAME_VER="python-gssapi-${PYTHON_GSSAPI_VERSION}" - -tar -cvf ./tag_build/${PKG_NAME_VER}.tar \ - --exclude='dist' \ - --exclude='tag_build' \ - --exclude='.git' \ - --exclude='ci_docs_build' \ - --exclude='.venv' \ - --exclude='README.rst' \ - --transform="s,^\.,${PKG_NAME_VER}," . - -# --transform clobbers symlink so add it last using Python -python - << EOF -import tarfile - -with tarfile.open("tag_build/${PKG_NAME_VER}.tar", mode="a:") as tf: - tf.add("README.rst", arcname="${PKG_NAME_VER}/README.rst") -EOF - -pushd ./tag_build -gzip ${PKG_NAME_VER}.tar - -sha512sum --binary ${PKG_NAME_VER}.tar.gz > ${PKG_NAME_VER}.sha512sum -popd diff --git a/ci/lib.sh b/ci/lib.sh deleted file mode 100755 index a8d29852..00000000 --- a/ci/lib.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/bash - -lib::setup::debian_install() { - export DEBIAN_FRONTEND=noninteractive - apt-get update - - if [ x"$KRB5_VER" = "xheimdal" ]; then - apt-get -y install heimdal-{clients,dev,kdc} - - export GSSAPI_KRB5_MAIN_LIB="/usr/lib/x86_64-linux-gnu/libkrb5.so.26" - export PATH="/usr/lib/heimdal-servers:${PATH}" - else - apt-get -y install krb5-{user,kdc,admin-server,multidev} libkrb5-dev \ - gss-ntlmssp - - export GSSAPI_KRB5_MAIN_LIB="/usr/lib/x86_64-linux-gnu/libkrb5.so" - fi - - apt-get -y install gcc python3-{venv,dev} - - python3 -m venv .venv - source ./.venv/bin/activate -} - -lib::setup::rh_dnfinst() { - # dnf has no update-only verb. - dnf -y --nogpgcheck install $@ -} - -lib::setup::centos_install() { - lib::setup::rh_dnfinst python3-devel - python3 -m venv .venv - source ./.venv/bin/activate -} - -lib::setup::fedora_install() { - # path to binary here in case Rawhide changes it - lib::setup::rh_dnfinst redhat-rpm-config \ - python3-devel - python3 -m venv .venv - source ./.venv/bin/activate -} - -lib::setup::gssntlmssp_install() { - lib::setup::rh_dnfinst dnf-plugins-core - dnf config-manager --set-enabled crb - - lib::setup::rh_dnfinst autoconf automake gettext libtool \ - libunistring-devel openssl-devel zlib-devel - - curl -L -s https://github.com/gssapi/gss-ntlmssp/releases/download/v1.1.0/gssntlmssp-1.1.0.tar.gz --output /tmp/gssntlmssp.tar.gz - tar xf /tmp/gssntlmssp.tar.gz -C /tmp - - pushd /tmp/gssntlmssp-1.1.0 - - autoreconf -f -i - ./configure --with-wbclient=no --with-manpages=no - make - make install - - popd - - echo "gssntlmssp_v1 1.3.6.1.4.1.311.2.2.10 /usr/local/lib/gssntlmssp/gssntlmssp.so" > /etc/gss/mech.d/gssntlmssp.conf -} - -lib::setup::rh_install() { - lib::setup::rh_dnfinst krb5-{devel,libs,server,workstation} \ - which gcc findutils - - if grep -q 'release 9' /etc/redhat-release; then - # CentOS 9 Stream doesn't have a dnf package for gssntlmssp - lib::setup::gssntlmssp_install - else - lib::setup::rh_dnfinst gssntlmssp - fi - - export GSSAPI_KRB5_MAIN_LIB="/usr/lib64/libkrb5.so" - - if [ -f /etc/fedora-release ]; then - lib::setup::fedora_install - else - lib::setup::centos_install - fi -} - -lib::setup::macos_install() { - python3 -m venv .venv - source .venv/bin/activate - - export GSSAPI_KRB5_MAIN_LIB="/System/Library/PrivateFrameworks/Heimdal.framework/Heimdal" - - # macOS's Heimdal version is buggy, it will only use KRB5_KTNAME if the - # env var was set when GSSAPI creates the context. Setting it here to any - # value solves that problem for CI. - export KRB5_KTNAME=initial -} - -lib::setup::windows_install() { - CHINST="choco install --no-progress --yes --ignore-detected-reboot --allow-downgrade" - - # Install the 32bit version if Python is 32bit - if python -c "assert __import__('sys').maxsize <= 2**32"; then - CHINST="$CHINST --x86" - PF="Program Files (x86)" - else - PF="Program Files" - fi - - # Install MIT Kerberos. choco will fail despite the installation working. - $CHINST mitkerberos --install-arguments "'ADDLOCAL=ALL'" || true - - # Update path to include it - export PATH="/c/$PF/MIT/Kerberos/bin:$PATH" -} - -lib::setup::install() { - if [ -f /etc/debian_version ]; then - lib::setup::debian_install - elif [ -f /etc/redhat-release ]; then - lib::setup::rh_install - elif [ "$(uname)" == "Darwin" ]; then - lib::setup::macos_install - elif [ "$OS_NAME" == "windows" ]; then - lib::setup::windows_install - else - echo "Distro not found!" - false - fi - - # Get the explicit version to force pip to install from our local dir in - # case this is a pre-release and/or PyPi has a later version - echo "Installing gssapi" - GSSAPI_VER="$( grep 'version=' setup.py | cut -d "'" -f2 )" - - if [ "$(expr substr $(uname -s) 1 5)" == "MINGW" ]; then - DIST_LINK_PATH="$( echo "${PWD}/dist" | sed -e 's/^\///' -e 's/\//\\/g' -e 's/^./\0:/' )" - else - DIST_LINK_PATH="${PWD}/dist" - fi - - python -m pip install gssapi=="${GSSAPI_VER}" \ - --find-links "file://${DIST_LINK_PATH}" \ - --verbose - - echo "Installing dev dependencies" - python -m pip install -r test-requirements.txt -} - -lib::deploy::build_docs() { - # the first run is for the docs build, so don't clean up - pip install -r docs-requirements.txt - - # Don't run in root to make sure the local copies aren't imported - pushd docs - - # place in a non-standard location so that they don't get cleaned up - sphinx-build source ../ci_docs_build -a -W -n - - popd - - echo "docs_build" -} diff --git a/ci/run-on-linux.sh b/ci/run-on-linux.sh deleted file mode 100755 index 2025db8a..00000000 --- a/ci/run-on-linux.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -ex - -docker run \ - --rm \ - --hostname test.krbtest.com \ - --volume "$( pwd )":/tmp/build \ - --workdir /tmp/build \ - --env KRB5_VER=${KRB5_VER:-mit} \ - --env FLAKE=${FLAKE:no} \ - ${DISTRO} /bin/bash -ex $@ diff --git a/ci/test.sh b/ci/test.sh deleted file mode 100755 index c953f207..00000000 --- a/ci/test.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -ex - -# set up dependencies, etc -source ./ci/lib.sh - -if [ x"${GITHUB_ACTIONS}" = "xtrue" ]; then - echo "::group::Installing Requirements" -fi - -lib::setup::install - -if [ x"${GITHUB_ACTIONS}" = "xtrue" ]; then - echo "::endgroup::" - echo "::group::Running Sanity Checks" -fi - -if [ x"$FLAKE" = "xyes" ]; then - flake8 setup.py - F8_SETUP=$? - - flake8 gssapi - F8_PY=$? - - # Cython requires special flags since it is not proper Python: - # - E225: missing whitespace around operator - # - E226: missing whitespace around arithmetic operator - # - E227: missing whitespace around bitwise or shift operator - # - E402: module level import not at top of file (needed for the `GSSAPI="blah" lines) - # - E901: SyntaxError or IndentationError - # - E999: Internal AST compilation error (flake8 specific) - flake8 gssapi --filename='*.pyx,*.pxd' --ignore=E225,E226,E227,E402,E901,E999 - F8_MAIN_CYTHON=$? - - if [ $F8_SETUP -ne 0 -o $F8_PY -ne 0 -o $F8_MAIN_CYTHON -ne 0 ]; then - exit 1 - fi -fi - -python -m mypy . -MYPY_RES=$? -if [ $MYPY_RES -ne 0 ]; then - exit $MYPY_RES -fi - -if [ x"${GITHUB_ACTIONS}" = "xtrue" ]; then - echo "::endgroup::" - echo "::group::Running Tests" -fi - -# Ensure we don't run in the normal dir so that unittest imports our installed -# package and not the source code -pushd gssapi/tests - -# Only call exit on failures so we can source this script -if [ "$OS_NAME" = "windows" ]; then - # Windows can't run the tests yet, so just make sure it imports and exit - python -c "import gssapi" || exit $? -else - python -m unittest -v || exit $? -fi - -popd - -if [ x"${GITHUB_ACTIONS}" = "xtrue" ]; then - echo "::endgroup::" -fi diff --git a/credstore.html b/credstore.html new file mode 100644 index 00000000..63fd1b27 --- /dev/null +++ b/credstore.html @@ -0,0 +1,192 @@ + + + + + + + Common Values for Credentials Store Extensions — Python-GSSAPI 1.8.2 documentation + + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+
+
+ +
+
+
+
+ +
+

Common Values for Credentials Store Extensions

+

The credentials store extension is an extension introduced by the MIT krb5 +library implementation of GSSAPI. It allows for finer control of credentials +from within a GSSAPI application. Each mechanism can define keywords to +manipulate various aspects of their credentials for storage or retrieval +operations.

+
+

The krb5 mechanism in MIT libraries

+

The krb5 mechanism as implemented by MIT libraries supports the credentials +store extension with a number of keywords.

+
+

client_keytab

+

The client_keytab keyword can be used in a credential store when it is used +with the gssapi.raw.ext_cred_store.acquire_cred_from() / +gssapi.raw.ext_cred_store.add_cred_from() functions to indicate a custom +location for a keytab containing client keys. It is not used in the context +of calls used to store credentials.

+

The value is a string in the form type:residual where type can be any +keytab storage type understood by the implementation and residual is the +keytab identifier (usually something like a path). If the string is a path, +then the type is defaulted to FILE.

+
+
+

keytab

+

The keytab keyword can be used in a credential store when it is used with +the gssapi.raw.ext_cred_store.acquire_cred_from() / +gssapi.raw.ext_cred_store.add_cred_from() functions to indicate a custom +location for a keytab containing service keys. It is not used in the context +of calls used to store credentials.

+

The value is a string in the form type:residual where type can be any +keytab storage type understood by the implementation and residual is the +keytab identifier (usually something like a path). If the string is a path, +then the type is defaulted to FILE.

+
+
+

ccache

+

The ccache keyword can be used to reference a specific credential storage. +It can be used both to indicate the source of existing credentials for the +gssapi.raw.ext_cred_store.acquire_cred_from() / +gssapi.raw.ext_cred_store.add_cred_from() functions, as well as the +destination storage for the gssapi.raw.ext_cred_store.store_cred_into() +function.

+

The value is a string in the form type:residual where type can be any +credential cache storage type understood by the implementation and +residual is the ccache identifier. If the string is a path, then the type +is defaulted to FILE. Other commonly used types are DIR, KEYRING, +KCM, and MEMORY. Each type has a different format for the residual; +refer to the MIT krb5 documentation for more details.

+
+
+

rcache

+

The rcache keyword can be used to reference a custom replay cache storage. +It is used only with the gssapi.raw.ext_cred_store.acquire_cred_from() / +gssapi.raw.ext_cred_store.add_cred_from() functions for credentials used +to accept context establishments, not to initiate contexts.

+

The value is a string in the form type:residual where type can be any +replay cache storage type understood by the implementation and residual is +the cache identifier (usually something like a path). If the string is a +path, then the type is defaulted to FILE.

+
+
+
+

The krb5 mechanism in Heimdal

+

Heimdal has recently implemented the credential store extensions with the same +interface as MIT krb5. However, it is not yet present in any released +version.

+
+
+ + +
+
+ +
+
+
+
+ + + + \ No newline at end of file diff --git a/docs-requirements.txt b/docs-requirements.txt deleted file mode 100644 index 8a0d1c8e..00000000 --- a/docs-requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -myst-parser # For parsing markdown docs instead of rst -Sphinx >= 1.3.1 -sphinx-autoapi -sphinx-rtd-theme >= 0.2.5b1 diff --git a/docs/Makefile b/docs/Makefile deleted file mode 100644 index 3f26e5e7..00000000 --- a/docs/Makefile +++ /dev/null @@ -1,177 +0,0 @@ -# Makefile for Sphinx documentation -# - -# You can set these variables from the command line. -SPHINXOPTS = -SPHINXBUILD = sphinx-build -PAPER = -BUILDDIR = build - -# User-friendly check for sphinx-build -ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) -$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) -endif - -# Internal variables. -PAPEROPT_a4 = -D latex_paper_size=a4 -PAPEROPT_letter = -D latex_paper_size=letter -ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source -# the i18n builder cannot share the environment and doctrees with the others -I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source - -.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext - -help: - @echo "Please use \`make ' where is one of" - @echo " html to make standalone HTML files" - @echo " dirhtml to make HTML files named index.html in directories" - @echo " singlehtml to make a single large HTML file" - @echo " pickle to make pickle files" - @echo " json to make JSON files" - @echo " htmlhelp to make HTML files and a HTML help project" - @echo " qthelp to make HTML files and a qthelp project" - @echo " devhelp to make HTML files and a Devhelp project" - @echo " epub to make an epub" - @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" - @echo " latexpdf to make LaTeX files and run them through pdflatex" - @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" - @echo " text to make text files" - @echo " man to make manual pages" - @echo " texinfo to make Texinfo files" - @echo " info to make Texinfo files and run them through makeinfo" - @echo " gettext to make PO message catalogs" - @echo " changes to make an overview of all changed/added/deprecated items" - @echo " xml to make Docutils-native XML files" - @echo " pseudoxml to make pseudoxml-XML files for display purposes" - @echo " linkcheck to check all external links for integrity" - @echo " doctest to run all doctests embedded in the documentation (if enabled)" - -clean: - rm -rf $(BUILDDIR)/* - -html: - $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." - -dirhtml: - $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml - @echo - @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." - -singlehtml: - $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml - @echo - @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." - -pickle: - $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle - @echo - @echo "Build finished; now you can process the pickle files." - -json: - $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json - @echo - @echo "Build finished; now you can process the JSON files." - -htmlhelp: - $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp - @echo - @echo "Build finished; now you can run HTML Help Workshop with the" \ - ".hhp project file in $(BUILDDIR)/htmlhelp." - -qthelp: - $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp - @echo - @echo "Build finished; now you can run "qcollectiongenerator" with the" \ - ".qhcp project file in $(BUILDDIR)/qthelp, like this:" - @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Python-GSSAPI.qhcp" - @echo "To view the help file:" - @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Python-GSSAPI.qhc" - -devhelp: - $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp - @echo - @echo "Build finished." - @echo "To view the help file:" - @echo "# mkdir -p $$HOME/.local/share/devhelp/Python-GSSAPI" - @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Python-GSSAPI" - @echo "# devhelp" - -epub: - $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub - @echo - @echo "Build finished. The epub file is in $(BUILDDIR)/epub." - -latex: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo - @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." - @echo "Run \`make' in that directory to run these through (pdf)latex" \ - "(use \`make latexpdf' here to do that automatically)." - -latexpdf: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through pdflatex..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -latexpdfja: - $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex - @echo "Running LaTeX files through platex and dvipdfmx..." - $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja - @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." - -text: - $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text - @echo - @echo "Build finished. The text files are in $(BUILDDIR)/text." - -man: - $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man - @echo - @echo "Build finished. The manual pages are in $(BUILDDIR)/man." - -texinfo: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo - @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." - @echo "Run \`make' in that directory to run these through makeinfo" \ - "(use \`make info' here to do that automatically)." - -info: - $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo - @echo "Running Texinfo files through makeinfo..." - make -C $(BUILDDIR)/texinfo info - @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." - -gettext: - $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale - @echo - @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." - -changes: - $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes - @echo - @echo "The overview file is in $(BUILDDIR)/changes." - -linkcheck: - $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck - @echo - @echo "Link check complete; look for any errors in the above output " \ - "or in $(BUILDDIR)/linkcheck/output.txt." - -doctest: - $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest - @echo "Testing of doctests in the sources finished, look at the " \ - "results in $(BUILDDIR)/doctest/output.txt." - -xml: - $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml - @echo - @echo "Build finished. The XML files are in $(BUILDDIR)/xml." - -pseudoxml: - $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml - @echo - @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." diff --git a/docs/custom_extensions/gssapi_find_missing.py b/docs/custom_extensions/gssapi_find_missing.py deleted file mode 100644 index 1f2ba0c3..00000000 --- a/docs/custom_extensions/gssapi_find_missing.py +++ /dev/null @@ -1,66 +0,0 @@ -from docutils import nodes -from sphinx.util.nodes import make_refnode - -MATCH_RE_RAW = r'\b(([A-Z][A-Za-z0-9]+)+)\b' - - -def setup(app): - app.connect('missing-reference', _missing_ref) - - -def _missing_ref(app, env, node, contnode): - # skip non-elements - if not isinstance(contnode, nodes.Element): - return - - if node.get('refdomain') != 'py': - return - - options = env.domains['py'].find_obj( - env, None, None, node.get('reftarget'), node.get('reftype'), 1) - - if not options: - return - - is_raw = node.get('py:module').startswith('gssapi.raw') - - if len(options) > 1: - raw_opts = [] - non_raw_opts = [] - for opt in options: - type_info = opt[1] - mod_name = type_info.docname - - if mod_name.startswith('gssapi.raw'): - raw_opts.append(opt) - else: - non_raw_opts.append(opt) - - if is_raw: - if raw_opts: - choice = raw_opts[0] - elif non_raw_opts: - choice = non_raw_opts[0] - else: - return - else: - if non_raw_opts: - choice = non_raw_opts[0] - elif raw_opts: - choice = raw_opts[0] - else: - return - else: - choice = options[0] - - choice_name = choice[0] - choice_info = choice[1] - choice_mod = choice_info.node_id - choice_type = choice_info.objtype - - if choice_type == 'module': - return env.domains['py']._make_module_refnode( - app.builder, node.get('refdoc'), choice_name, contnode) - else: - return make_refnode(app.builder, node.get('refdoc'), choice_mod, - choice_name, contnode, choice_name) diff --git a/docs/custom_extensions/requires_rfc.py b/docs/custom_extensions/requires_rfc.py deleted file mode 100644 index d7bb8a7d..00000000 --- a/docs/custom_extensions/requires_rfc.py +++ /dev/null @@ -1,61 +0,0 @@ -import sys - -from docutils import nodes -from docutils.parsers.rst import roles - - -def setup(app): - app.add_role('requires-ext', RequiresExtRole(app)) - - -class RequiresExtRole(object): - def __init__(self, app): - self.app = app - - def __call__(self, name, rawtext, text, lineno, inliner, - options={}, content=[]): - if text.startswith('rfc'): - rfc_text = text[3:] - - rfc_node, rfc_msg = roles.rfc_reference_role( - 'rfc', ':rfc:`%s`' % rfc_text, rfc_text, lineno, - inliner, options, content) - - if rfc_msg: - # error - return (rfc_node, rfc_msg) - else: - middle_parts = rfc_node + [nodes.Text(" extension", - " extension")] - else: - ext_name = 'gssapi.raw.ext_%s' % text - # autodoc has already imported everything - try: - ext_module = sys.modules[ext_name] - except KeyError: - ext_title = text + " extension" - else: - if ext_module.__doc__: - ext_title = ext_module.__doc__.splitlines()[0] - else: - ext_title = text + " extension" - ref_nodes, ref_messages = self.app.env.domains['py'].role('mod')( - 'mod', rawtext, ext_name, lineno, inliner) - - if ref_messages: - # error - return (ref_nodes, ref_messages) - - title_node = nodes.Text(ext_title, ext_title) - - ref_nodes[0].clear() - ref_nodes[0].append(title_node) - - middle_parts = ref_nodes - - begin_text = nodes.Text("requires the ", "requires the ") - - main_nodes = [begin_text] + middle_parts - wrapper_node = nodes.emphasis('', '', *main_nodes) - - return ([nodes.Text('', ''), wrapper_node, nodes.Text('', '')], []) diff --git a/docs/make.bat b/docs/make.bat deleted file mode 100644 index b5fa4fda..00000000 --- a/docs/make.bat +++ /dev/null @@ -1,242 +0,0 @@ -@ECHO OFF - -REM Command file for Sphinx documentation - -if "%SPHINXBUILD%" == "" ( - set SPHINXBUILD=sphinx-build -) -set BUILDDIR=build -set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% source -set I18NSPHINXOPTS=%SPHINXOPTS% source -if NOT "%PAPER%" == "" ( - set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% - set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% -) - -if "%1" == "" goto help - -if "%1" == "help" ( - :help - echo.Please use `make ^` where ^ is one of - echo. html to make standalone HTML files - echo. dirhtml to make HTML files named index.html in directories - echo. singlehtml to make a single large HTML file - echo. pickle to make pickle files - echo. json to make JSON files - echo. htmlhelp to make HTML files and a HTML help project - echo. qthelp to make HTML files and a qthelp project - echo. devhelp to make HTML files and a Devhelp project - echo. epub to make an epub - echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter - echo. text to make text files - echo. man to make manual pages - echo. texinfo to make Texinfo files - echo. gettext to make PO message catalogs - echo. changes to make an overview over all changed/added/deprecated items - echo. xml to make Docutils-native XML files - echo. pseudoxml to make pseudoxml-XML files for display purposes - echo. linkcheck to check all external links for integrity - echo. doctest to run all doctests embedded in the documentation if enabled - goto end -) - -if "%1" == "clean" ( - for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i - del /q /s %BUILDDIR%\* - goto end -) - - -%SPHINXBUILD% 2> nul -if errorlevel 9009 ( - echo. - echo.The 'sphinx-build' command was not found. Make sure you have Sphinx - echo.installed, then set the SPHINXBUILD environment variable to point - echo.to the full path of the 'sphinx-build' executable. Alternatively you - echo.may add the Sphinx directory to PATH. - echo. - echo.If you don't have Sphinx installed, grab it from - echo.http://sphinx-doc.org/ - exit /b 1 -) - -if "%1" == "html" ( - %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The HTML pages are in %BUILDDIR%/html. - goto end -) - -if "%1" == "dirhtml" ( - %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. - goto end -) - -if "%1" == "singlehtml" ( - %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. - goto end -) - -if "%1" == "pickle" ( - %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle - if errorlevel 1 exit /b 1 - echo. - echo.Build finished; now you can process the pickle files. - goto end -) - -if "%1" == "json" ( - %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json - if errorlevel 1 exit /b 1 - echo. - echo.Build finished; now you can process the JSON files. - goto end -) - -if "%1" == "htmlhelp" ( - %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp - if errorlevel 1 exit /b 1 - echo. - echo.Build finished; now you can run HTML Help Workshop with the ^ -.hhp project file in %BUILDDIR%/htmlhelp. - goto end -) - -if "%1" == "qthelp" ( - %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp - if errorlevel 1 exit /b 1 - echo. - echo.Build finished; now you can run "qcollectiongenerator" with the ^ -.qhcp project file in %BUILDDIR%/qthelp, like this: - echo.^> qcollectiongenerator %BUILDDIR%\qthelp\Python-GSSAPI.qhcp - echo.To view the help file: - echo.^> assistant -collectionFile %BUILDDIR%\qthelp\Python-GSSAPI.ghc - goto end -) - -if "%1" == "devhelp" ( - %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. - goto end -) - -if "%1" == "epub" ( - %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The epub file is in %BUILDDIR%/epub. - goto end -) - -if "%1" == "latex" ( - %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex - if errorlevel 1 exit /b 1 - echo. - echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. - goto end -) - -if "%1" == "latexpdf" ( - %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex - cd %BUILDDIR%/latex - make all-pdf - cd %BUILDDIR%/.. - echo. - echo.Build finished; the PDF files are in %BUILDDIR%/latex. - goto end -) - -if "%1" == "latexpdfja" ( - %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex - cd %BUILDDIR%/latex - make all-pdf-ja - cd %BUILDDIR%/.. - echo. - echo.Build finished; the PDF files are in %BUILDDIR%/latex. - goto end -) - -if "%1" == "text" ( - %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The text files are in %BUILDDIR%/text. - goto end -) - -if "%1" == "man" ( - %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The manual pages are in %BUILDDIR%/man. - goto end -) - -if "%1" == "texinfo" ( - %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. - goto end -) - -if "%1" == "gettext" ( - %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The message catalogs are in %BUILDDIR%/locale. - goto end -) - -if "%1" == "changes" ( - %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes - if errorlevel 1 exit /b 1 - echo. - echo.The overview file is in %BUILDDIR%/changes. - goto end -) - -if "%1" == "linkcheck" ( - %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck - if errorlevel 1 exit /b 1 - echo. - echo.Link check complete; look for any errors in the above output ^ -or in %BUILDDIR%/linkcheck/output.txt. - goto end -) - -if "%1" == "doctest" ( - %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest - if errorlevel 1 exit /b 1 - echo. - echo.Testing of doctests in the sources finished, look at the ^ -results in %BUILDDIR%/doctest/output.txt. - goto end -) - -if "%1" == "xml" ( - %SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The XML files are in %BUILDDIR%/xml. - goto end -) - -if "%1" == "pseudoxml" ( - %SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml - if errorlevel 1 exit /b 1 - echo. - echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml. - goto end -) - -:end diff --git a/docs/source/conf.py b/docs/source/conf.py deleted file mode 100644 index 8d99409a..00000000 --- a/docs/source/conf.py +++ /dev/null @@ -1,323 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Python-GSSAPI documentation build configuration file, created by -# sphinx-quickstart on Tue Jul 2 19:01:09 2013. -# -# This file is execfile()d with the current directory set to its containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import sys, os, re - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -sys.path.insert(0, os.path.abspath('../custom_extensions')) - -# -- General configuration ----------------------------------------------------- - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = [ - 'myst_parser', - 'sphinx.ext.autodoc', - 'sphinx.ext.intersphinx', - 'sphinx.ext.viewcode', - 'sphinx.ext.napoleon', - 'autoapi.extension', - 'gssapi_find_missing', - 'requires_rfc', -] - -autoapi_generate_api_docs = False -autoapi_type = 'python' -autoapi_dirs = ['../../gssapi'] -autoapi_file_patterns = ['*.pyi'] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = ['.rst', '.md'] - -myst_all_links_external = True - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -# The master toctree document. -master_doc = 'index' - -# General information about the project. -project = u'Python-GSSAPI' -copyright = u'2014, The Python-GSSAPI team' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# https://www.python.org/dev/peps/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions -setup_py_path = os.path.abspath(os.path.join(__file__, '..', '..', '..', 'setup.py')) -version_pattern = re.compile(r""" -^\s*version=['|\"](?P - (?: - (?:(?P[0-9]+)!)? # epoch - (?P[0-9]+(?:\.[0-9]+)*) # release segment - (?P
                                          # pre-release
-            [-_\.]?
-            (?P(a|b|c|rc|alpha|beta|pre|preview))
-            [-_\.]?
-            (?P[0-9]+)?
-        )?
-        (?P                                         # post release
-            (?:-(?P[0-9]+))
-            |
-            (?:
-                [-_\.]?
-                (?Ppost|rev|r)
-                [-_\.]?
-                (?P[0-9]+)?
-            )
-        )?
-        (?P                                          # dev release
-            [-_\.]?
-            (?Pdev)
-            [-_\.]?
-            (?P[0-9]+)?
-        )?
-    )
-    (?:\+(?P[a-z0-9]+(?:[-_\.][a-z0-9]+)*))?       # local version
-)['|\"],?\s*$
-""", re.VERBOSE | re.IGNORECASE)
-
-# The short X.Y version.
-version = ''
-# The full version, including alpha/beta/rc tags.
-release = ''
-
-with open(setup_py_path, mode='r') as fd:
-    for line in fd:
-        version_match = version_pattern.match(line)
-        if version_match:
-            version = version_match.group('release')
-            release = version_match.group('full_version')
-            break
-
-if not version or not release:
-    raise Exception("Failed to find version in setup.py")
-
-# The language for content autogenerated by Sphinx. Refer to documentation
-# for a list of supported languages.
-#language = None
-
-# There are two options for replacing |today|: either, you set today to some
-# non-false value, then it is used:
-#today = ''
-# Else, today_fmt is used as the format for a strftime call.
-#today_fmt = '%B %d, %Y'
-
-# List of patterns, relative to source directory, that match files and
-# directories to ignore when looking for source files.
-exclude_patterns = []
-
-# The reST default role (used for this markup: `text`) to use for all documents.
-#default_role = None
-
-# If true, '()' will be appended to :func: etc. cross-reference text.
-#add_function_parentheses = True
-
-# If true, the current module name will be prepended to all description
-# unit titles (such as .. function::).
-#add_module_names = True
-add_module_names = False
-
-# If true, sectionauthor and moduleauthor directives will be shown in the
-# output. They are ignored by default.
-#show_authors = False
-
-# The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
-
-# A list of ignored prefixes for module index sorting.
-#modindex_common_prefix = []
-
-# If true, keep warnings as "system message" paragraphs in the built documents.
-#keep_warnings = False
-
-
-# -- Options for HTML output ---------------------------------------------------
-
-# The theme to use for HTML and HTML Help pages.  See the documentation for
-# a list of builtin themes.
-html_theme = 'sphinx_rtd_theme'
-
-# Theme options are theme-specific and customize the look and feel of a theme
-# further.  For a list of options available for each theme, see the
-# documentation.
-#html_theme_options = {}
-
-# Add any paths that contain custom themes here, relative to this directory.
-#html_theme_path = []
-
-# The name for this set of Sphinx documents.  If None, it defaults to
-# " v documentation".
-#html_title = None
-
-# A shorter title for the navigation bar.  Default is the same as html_title.
-#html_short_title = None
-
-# The name of an image file (relative to this directory) to place at the top
-# of the sidebar.
-#html_logo = None
-
-# The name of an image file (within the static path) to use as favicon of the
-# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
-# pixels large.
-#html_favicon = None
-
-# Add any paths that contain custom static files (such as style sheets) here,
-# relative to this directory. They are copied after the builtin static files,
-# so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['_static']
-
-# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
-# using the given strftime format.
-#html_last_updated_fmt = '%b %d, %Y'
-
-# If true, SmartyPants will be used to convert quotes and dashes to
-# typographically correct entities.
-#html_use_smartypants = True
-
-# Custom sidebar templates, maps document names to template names.
-#html_sidebars = {}
-
-# Additional templates that should be rendered to pages, maps page names to
-# template names.
-#html_additional_pages = {}
-
-# If false, no module index is generated.
-#html_domain_indices = True
-
-# If false, no index is generated.
-#html_use_index = True
-
-# If true, the index is split into individual pages for each letter.
-#html_split_index = False
-
-# If true, links to the reST sources are added to the pages.
-#html_show_sourcelink = True
-
-# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
-#html_show_sphinx = True
-
-# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
-#html_show_copyright = True
-
-# If true, an OpenSearch description file will be output, and all pages will
-# contain a  tag referring to it.  The value of this option must be the
-# base URL from which the finished HTML is served.
-#html_use_opensearch = ''
-
-# This is the file name suffix for HTML files (e.g. ".xhtml").
-#html_file_suffix = None
-
-# Output file base name for HTML help builder.
-htmlhelp_basename = 'Python-GSSAPIdoc'
-
-
-# -- Options for LaTeX output --------------------------------------------------
-
-latex_elements = {
-# The paper size ('letterpaper' or 'a4paper').
-#'papersize': 'letterpaper',
-
-# The font size ('10pt', '11pt' or '12pt').
-#'pointsize': '10pt',
-
-# Additional stuff for the LaTeX preamble.
-#'preamble': '',
-}
-
-# Grouping the document tree into LaTeX files. List of tuples
-# (source start file, target name, title, author, documentclass [howto/manual]).
-latex_documents = [
-  ('index', 'Python-GSSAPI.tex', u'Python-GSSAPI Documentation',
-   u'The Python-GSSAPI team', 'manual'),
-]
-
-# The name of an image file (relative to this directory) to place at the top of
-# the title page.
-#latex_logo = None
-
-# For "manual" documents, if this is true, then toplevel headings are parts,
-# not chapters.
-#latex_use_parts = False
-
-# If true, show page references after internal links.
-#latex_show_pagerefs = False
-
-# If true, show URL addresses after external links.
-#latex_show_urls = False
-
-# Documents to append as an appendix to all manuals.
-#latex_appendices = []
-
-# If false, no module index is generated.
-#latex_domain_indices = True
-
-
-# -- Options for manual page output --------------------------------------------
-
-# One entry per manual page. List of tuples
-# (source start file, name, description, authors, manual section).
-man_pages = [
-    ('index', 'python-gssapi', u'Python-GSSAPI Documentation',
-     [u'The Python-GSSAPI team'], 1)
-]
-
-# If true, show URL addresses after external links.
-#man_show_urls = False
-
-
-# -- Options for Texinfo output ------------------------------------------------
-
-# Grouping the document tree into Texinfo files. List of tuples
-# (source start file, target name, title, author,
-#  dir menu entry, description, category)
-texinfo_documents = [
-  ('index', 'Python-GSSAPI', u'Python-GSSAPI Documentation',
-   u'The Python-GSSAPI team', 'Python-GSSAPI',
-   'One line description of project.', 'Miscellaneous'),
-]
-
-# Documents to append as an appendix to all manuals.
-#texinfo_appendices = []
-
-# If false, no module index is generated.
-#texinfo_domain_indices = True
-
-# How to display URL addresses: 'footnote', 'no', or 'inline'.
-#texinfo_show_urls = 'footnote'
-
-# If true, do not generate a @detailmenu in the "Top" node's menu.
-#texinfo_no_detailmenu = False
-
-
-# Example configuration for intersphinx: refer to the Python standard library.
-intersphinx_mapping = {'python': ('http://docs.python.org/', None)}
-
-# which docstring to use for the class
-# can be 'class', 'init', or 'both'
-autoclass_content = 'both'
-
-# how to order members -- can 'alphabetical',
-# 'groupwise' (by member type), or 'bysource'
-autodoc_member_order = 'bysource'
diff --git a/genindex.html b/genindex.html
new file mode 100644
index 00000000..4e24df31
--- /dev/null
+++ b/genindex.html
@@ -0,0 +1,1440 @@
+
+
+
+  
+  
+  Index — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Index
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+
+
Index

+
+

+ A
+ | B
+ | C
+ | D
+ | E
+ | F
+ | G
+ | H
+ | I
+ | K
+ | L
+ | M
+ | N
+ | O
+ | P
+ | Q
+ | R
+ | S
+ | T
+ | U
+ | V
+ | W
+ | X
+ 
+

+
A

+
+  
+  
+

+
+
B

+
+  
+  
+

+
+
C

+
+  
+  
+

+
+
D

+
+  
+  
+

+
+
E

+
+  
+  
+

+
+
F

+
+  
+  
+

+
+
G

+
+  
+  
+
    
+      
  • 
+    gssapi.raw.ext_krb5
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_password
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_password_add
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc4178
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5587
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5588
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5801
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc6680
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_s4u
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_set_cred_opt
+
+      
    • 
+      
  • 
+    gssapi.raw.message
+
+      
    • 
+      
  • 
+    gssapi.raw.misc
+
+      
    • 
+      
  • 
+    gssapi.raw.named_tuples
+
+      
    • 
+      
  • 
+    gssapi.raw.names
+
+      
    • 
+      
  • 
+    gssapi.raw.oids
+
+      
    • 
+      
  • 
+    gssapi.raw.sec_contexts
+
+      
    • 
+      
  • 
+    gssapi.raw.types
+
+      
    • 
+      
  • 
+    gssapi.sec_contexts
+
+      
    • 
+      
  • GSSError, [1], [2]
+
    • 
+  

+
+
H

+
+  
+  
+

+
+
I

+
+  
+  
+

+
+
K

+
+  
+  
+

+
+
L

+
+  
+  
+

+
+
M

+
+  
+  
+

+
+
N

+
+  
+  
+

+
+
O

+
+  
+  
+

+
+
P

+
+  
+  
+

+
+
Q

+
+  
+

+
+
R

+
+  
+  
+

+
+
S

+
+  
+  
+

+
+
T

+
+  
+  
+

+
+
U

+
+  
+  
+

+
+
V

+
+  
+  
+

+
+
W

+
+  
+  
+

+
+
X

+
+  
+  
+

+
+
+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/gssapi.html b/gssapi.html
new file mode 100644
index 00000000..52bb3009
--- /dev/null
+++ b/gssapi.html
@@ -0,0 +1,1821 @@
+
+
+
+  
+
+  
+  High-Level API — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
High-Level API

+
The high-level API contains three main classes for interacting with GSSAPI,
+representing the primary abstractions that GSSAPI provides:
+Name, Credentials, and
+SecurityContext.

+

+
Note

+
Classes in the high-level API inherit from the corresponding classes in the
+low-level API, and thus may be passed in to low-level API functions.

+

+

+
Warning

+
All methods in both the high-level and low-level APIs may throw the generic
+GSSError exception.

+

+

+
Main Classes

+

+
Names

+

+

+class Name(base: Optional[Union[Name, bytes, str]] = None, name_type: Optional[OID] = None, token: Optional[bytes] = None, composite: bool = False)[source]

+
A GSSAPI Name

+
This class represents a GSSAPI name which may be used with and/or returned
+by other GSSAPI methods.

+
It inherits from the low-level GSSAPI Name
+class, and thus may used with both low-level and high-level API methods.

+
This class may be pickled and unpickled, as well as copied.

+
The str and bytes methods may be used to retrieve the
+text of the name.

+

+
Note

+
Name strings will be automatically converted to and from unicode
+strings as appropriate.  If a method is listed as returning a
+str object, it will return a unicode string.

+
The encoding used will be python-gssapi’s current encoding, which
+defaults to UTF-8.

+

+
The constructor can be used to “import” a name from a human readable
+representation, or from a token, and can also be used to convert a
+low-level gssapi.raw.names.Name object into a high-level
+object.

+
If a Name object from the low-level API
+is passed as the base argument, it will be converted into a
+high-level object.

+
If the token argument is used, the name will be imported using
+the token.  If the token was exported as a composite token,
+pass composite=True.

+
Otherwise, a new name will be created, using the base argument as
+the human-readable string and the name_type argument to denote the
+name type.

+

+
Raises

+

+

+

+

+

+display_as(name_type: OID)  str[source]

+
Display this name as the given name type.

+
This method attempts to display the current Name
+using the syntax of the given NameType, if
+possible.

+

+
Warning

+
In MIT krb5 versions below 1.13.3, this method can segfault if
+the name was not originally created with a name_type that was
+not None (even in cases when a name_type
+is later “added”, such as via canonicalize()).
+Do not use this method unless you are sure the above
+conditions can never happen in your code.

+

+

+
Warning

+
In addition to the above warning, current versions of MIT krb5 do
+not actually fully implement this method, and it may return
+incorrect results in the case of canonicalized names.

+

+
requires the RFC 6680 extension

+

+
Parameters

+
name_type (OID) – the NameType to
+use to display the given name

+

+
Returns

+
the displayed name

+

+
Return type

+
str

+

+
Raises

+
OperationUnavailableError

+

+

+

+
+

+

+property name_type: Optional[OID]

+
The NameType of this name

+

+
+

+

+export(composite: bool = False)  bytes[source]

+
Export this name as a token.

+
This method exports the name into a byte string which can then be
+imported by using the token argument of the constructor.

+

+
Parameters

+
composite (bool) – whether or not use to a composite token –
+requires the RFC 6680 extension

+

+
Returns

+
the exported name in token form

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+canonicalize(mech: OID)  Name[source]

+
Canonicalize a name with respect to a mechanism.

+
This method returns a new Name that is canonicalized according
+to the given mechanism.

+

+
Parameters

+
mech (OID) – the MechType to use

+

+
Returns

+
the canonicalized name

+

+
Return type

+
Name

+

+
Raises

+

+

+

+

+
+

+

+property is_mech_name: bool

+
Whether or not this name is a mechanism name
+(requires the RFC 6680 extension)

+

+
+

+

+property mech: OID

+
The mechanism associated with this name (requires the RFC 6680 extension)

+

+
+

+

+property attributes: Optional[MutableMapping]

+
The attributes of this name (requires the RFC 6680 extension)

+
The attributes are presenting in the form of a
+MutableMapping (a dict-like object).

+
Retrieved values will always be in the form of frozenset.

+
When assigning values, if iterables are used, they be considered to be
+the set of values for the given attribute.  If a non-iterable is used,
+it will be considered a single value, and automatically wrapped in an
+iterable.

+

+
Note

+
String types (includes bytes) are not considered to
+be iterables in this case.

+

+

+
+

+
+

+

+
Credentials

+

+

+class Credentials(base: Optional[Creds] = None, token: Optional[bytes] = None, name: Optional[Name] = None, lifetime: Optional[int] = None, mechs: Optional[Iterable[OID]] = None, usage: str = 'both', store: Optional[Dict[Union[bytes, str], Union[bytes, str]]] = None)[source]

+
GSSAPI Credentials

+
This class represents a set of GSSAPI credentials which may
+be used with and/or returned by other GSSAPI methods.

+
It inherits from the low-level GSSAPI Creds
+class, and thus may used with both low-level and high-level API methods.

+
If your implementation of GSSAPI supports the credentials import-export
+extension, you may pickle and unpickle this object.

+
The constructor either acquires or imports a set of GSSAPI
+credentials.

+
If the base argument is used, an existing
+Creds object from the low-level API is
+converted into a high-level object.

+
If the token argument is used, the credentials
+are imported using the token, if the credentials import-export
+extension is supported (requires the cred_imp_exp extension).

+
Otherwise, the credentials are acquired as per the
+acquire() method.

+

+
Raises

+

+

+

+

+

+property name: Name

+
Get the name associated with these credentials

+

+
+

+

+property lifetime: int

+
Get the remaining lifetime of these credentials, in seconds

+

+
+

+

+property mechs: Set[OID]

+
Get the mechanisms for these credentials

+

+
+

+

+property usage: str

+
Get the usage (initiate, accept, or both) of these credentials

+

+
+

+

+classmethod acquire(name: Optional[Name] = None, lifetime: Optional[int] = None, mechs: Optional[Iterable[OID]] = None, usage: str = 'both', store: Optional[Dict[Union[bytes, str], Union[bytes, str]]] = None)  AcquireCredResult[source]

+
Acquire GSSAPI credentials

+
This method acquires credentials.  If the store argument is
+used, the credentials will be acquired from the given
+credential store (if supported).  Otherwise, the credentials are
+acquired from the default store.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+
Using a non-default store requires support for the credentials store
+extension.

+

+
Parameters

+
    
+
  • name (Name) – the name associated with the
+credentials, or None for the default name
    • 
+
  • lifetime (int) – the desired lifetime of the credentials in seconds,
+or None for indefinite
    • 
+
  • mechs (list) – the desired MechType OIDs to be used
+with the credentials, or None for the default set
    • 
+
  • usage (str) – the usage for the credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials,
+or None for the default store (requires the cred_store extension)
    • 
+

+

+
Returns

+
the acquired credentials and information about
+them

+

+
Return type

+
AcquireCredResult

+

+
Raises

+

+

+

+

+
+

+

+store(store: Optional[Dict[Union[bytes, str], Union[bytes, str]]] = None, usage: str = 'both', mech: Optional[OID] = None, overwrite: bool = False, set_default: bool = False)  StoreCredResult[source]

+
Store these credentials into the given store

+
This method stores the current credentials into the specified
+credentials store.  If the default store is used, support for
+RFC 5588 is required.  Otherwise, support for the credentials
+store extension is required.

+
requires the RFC 5588 extension or requires the cred_store extension

+

+
Parameters

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the MechType to associate with the
+stored credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns

+
the results of the credential storing operation

+

+
Return type

+
StoreCredResult

+

+
Raises

+

+

+

+

+
+

+

+impersonate(name: Optional[Name] = None, lifetime: Optional[int] = None, mechs: Optional[Iterable[OID]] = None, usage: str = 'initiate')  Credentials[source]

+
Impersonate a name using the current credentials

+
This method acquires credentials by impersonating another
+name using the current credentials.

+
requires the s4u extension

+

+
Parameters

+
    
+
  • name (Name) – the name to impersonate
    • 
+
  • lifetime (int) – the desired lifetime of the new credentials in
+seconds, or None for indefinite
    • 
+
  • mechs (list) – the desired MechType OIDs for the new
+credentials
    • 
+
  • usage (str) – the desired usage for the new credentials – either
+‘both’, ‘initiate’, or ‘accept’.  Note that some mechanisms
+may only support ‘initiate’.
    • 
+

+

+
Returns

+
the new credentials impersonating the given name

+

+
Return type

+
Credentials

+

+

+

+
+

+

+inquire(name: bool = True, lifetime: bool = True, usage: bool = True, mechs: bool = True)  InquireCredResult[source]

+
Inspect these credentials for information

+
This method inspects these credentials for information about them.

+

+
Parameters

+
    
+
  • name (bool) – get the name associated with the credentials
    • 
+
  • lifetime (bool) – get the remaining lifetime for the credentials
    • 
+
  • usage (bool) – get the usage for the credentials
    • 
+
  • mechs (bool) – get the mechanisms associated with the credentials
    • 
+

+

+
Returns

+
the information about the credentials,
+with None used when the corresponding argument was False

+

+
Return type

+
InquireCredResult

+

+
Raises

+

+

+

+

+
+

+

+inquire_by_mech(mech: OID, name: bool = True, init_lifetime: bool = True, accept_lifetime: bool = True, usage: bool = True)  InquireCredByMechResult[source]

+
Inspect these credentials for per-mechanism information

+
This method inspects these credentials for per-mechanism information
+about them.

+

+
Parameters

+
    
+
  • mech (OID) – the mechanism for which to retrieve the
+information
    • 
+
  • name (bool) – get the name associated with the credentials
    • 
+
  • init_lifetime (bool) – get the remaining initiate lifetime for
+the credentials in seconds
    • 
+
  • accept_lifetime (bool) – get the remaining accept lifetime for
+the credentials in seconds
    • 
+
  • usage (bool) – get the usage for the credentials
    • 
+

+

+
Returns

+
the information about the credentials,
+with None used when the corresponding argument was False

+

+
Return type

+
InquireCredByMechResult

+

+

+

+
+

+

+add(name: Name, mech: OID, usage: str = 'both', init_lifetime: Optional[int] = None, accept_lifetime: Optional[int] = None, impersonator: Optional[Creds] = None, store: Optional[Dict[Union[bytes, str], Union[bytes, str]]] = None)  Credentials[source]

+
Acquire more credentials to add to the current set

+
This method works like acquire(), except that it adds the
+acquired credentials for a single mechanism to a copy of the current
+set, instead of creating a new set for multiple mechanisms.
+Unlike acquire(), you cannot pass None desired name or
+mechanism.

+
If the impersonator argument is used, the credentials will
+impersonate the given name using the impersonator credentials
+(requires the s4u extension).

+
If the store argument is used, the credentials will be acquired
+from the given credential store (requires the cred_store extension).
+Otherwise, the credentials are acquired from the default store.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+
Note that the store argument is not compatible with the
+impersonator argument.

+

+
Parameters

+
    
+
  • name (Name) – the name associated with the
+credentials
    • 
+
  • mech (OID) – the desired MechType to be used with
+the credentials
    • 
+
  • usage (str) – the usage for the credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • init_lifetime (int) – the desired initiate lifetime of the
+credentials in seconds, or None for indefinite
    • 
+
  • accept_lifetime (int) – the desired accept lifetime of the
+credentials in seconds, or None for indefinite
    • 
+
  • impersonator (Credentials) – the credentials to use to impersonate
+the given name, or None to not acquire normally
+(requires the s4u extension)
    • 
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials,
+or None for the default store (requires the cred_store extension)
    • 
+

+

+
Returns

+
the credentials set containing the current credentials
+and the newly acquired ones.

+

+
Return type

+
Credentials

+

+
Raises

+

+

+

+

+
+

+

+export()  bytes[source]

+
Export these credentials into a token

+
This method exports the current credentials to a token that can
+then be imported by passing the token argument to the constructor.

+
This is often used to pass credentials between processes.

+
requires the cred_imp_exp extension

+

+
Returns

+
the exported credentials in token form

+

+
Return type

+
bytes

+

+

+

+
+

+
+

+

+
Security Contexts

+

+

+class SecurityContext(base: Optional[SecurityContext] = None, token: Optional[bytes] = None, name: Optional[Name] = None, creds: Optional[Credentials] = None, lifetime: Optional[int] = None, flags: Optional[int] = None, mech: Optional[OID] = None, channel_bindings: Optional[ChannelBindings] = None, usage: Optional[str] = None)[source]

+
A GSSAPI Security Context

+
This class represents a GSSAPI security context that may be used
+with and/or returned by other GSSAPI methods.

+
It inherits from the low-level GSSAPI
+SecurityContext class,
+and thus may used with both low-level and high-level API methods.

+
This class may be pickled and unpickled (the attached delegated
+credentials object will not be preserved, however).

+
The constructor creates a new security context, but does not begin
+the initiate or accept process.

+
If the base argument is used, an existing
+SecurityContext object from
+the low-level API is converted into a high-level object.

+
If the token argument is passed, the security context is imported
+using the token.

+
Otherwise, a new security context is created.

+
If the usage argument is not passed, the constructor will attempt
+to detect what the appropriate usage is based on either the existing
+security context (if base or token are used) or the argument set.

+
For a security context of the initiate usage, the name argument
+must be used, and the creds, mech, flags,
+lifetime, and channel_bindings arguments may be
+used as well.

+
For a security context of the accept usage, the creds and
+channel_bindings arguments may optionally be used.

+

+

+get_signature(message: bytes)  bytes[source]

+
Calculate the signature for a message.

+
This method calculates the signature (called a MIC) for
+the given message, which may be then used with
+verify_signature() to confirm the validity of the
+signature.  This is useful if you wish to transmit the
+message signature and message in your own format.

+

+
Parameters

+
message (bytes) – the input message

+

+
Returns

+
the message signature

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+verify_signature(message: bytes, mic: bytes)  int[source]

+
Verify the signature for a message.

+
This method verifies that a signature (generated by
+get_signature() is valid for the given message.

+
If the signature is valid, the method will return.
+Otherwise, it will raise an error.

+

+
Parameters

+
    
+
  • message (bytes) – the message
    • 
+
  • mic (bytes) – the signature to verify
    • 
+

+

+
Returns

+
the QoP used.

+

+
Return type

+
int

+

+
Raises

+

+

+

+

+
+

+

+wrap(message: bytes, encrypt: bool)  WrapResult[source]

+
Wrap a message, optionally with encryption

+
This wraps a message, signing it and optionally
+encrypting it.

+

+
Parameters

+
    
+
  • message (bytes) – the message to wrap
    • 
+
  • encrypt (bool) – whether or not to encrypt the message
    • 
+

+

+
Returns

+
the wrapped message and details about it
+(e.g. whether encryption was used succesfully)

+

+
Return type

+
WrapResult

+

+
Raises

+

+

+

+

+
+

+

+unwrap(message: bytes)  UnwrapResult[source]

+
Unwrap a wrapped message.

+
This method unwraps/unencrypts a wrapped message,
+verifying the signature along the way.

+

+
Parameters

+
message (bytes) – the message to unwrap/decrypt

+

+
Returns

+
the unwrapped message and details about it
+(e.g. wheter encryption was used)

+

+
Return type

+
UnwrapResult

+

+
Raises

+

+

+

+

+
+

+

+encrypt(message: bytes)  bytes[source]

+
Encrypt a message.

+
This method wraps and encrypts a message, similarly to
+wrap().  The difference is that encryption is always
+used, and the method will raise an exception if this is
+not possible.  Additionally, this method simply returns
+the encrypted message directly.

+

+
Parameters

+
message (bytes) – the message to encrypt

+

+
Returns

+
the encrypted message

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+decrypt(message: bytes)  bytes[source]

+
Decrypt a message.

+
This method decrypts and unwraps a message, verifying the signature
+along the way, similarly to unwrap().  The difference is that
+this method will raise an exception if encryption was established
+by the context and not used, and simply returns the decrypted
+message directly.

+

+
Parameters

+
message (bytes) – the encrypted message

+

+
Returns

+
the decrypted message

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+get_wrap_size_limit(desired_output_size: int, encrypted: bool = True)  int[source]

+
Calculate the maximum message size for a given wrapped message size.

+
This method calculates the maximum input message size for a given
+maximum wrapped/encrypted message size.

+

+
Parameters

+
    
+
  • desired_output_size (int) – the maximum output message size
    • 
+
  • encrypted (bool) – whether or not encryption should be taken
+into account
    • 
+

+

+
Returns

+
the maximum input message size

+

+
Return type

+
int

+

+
Raises

+

+

+

+

+
+

+

+process_token(token: bytes)  None[source]

+
Process an output token asynchronously.

+
This method processes an output token even when the security context
+was not expecting it.

+

+
Warning

+
This method is deprecated.

+

+

+
Parameters

+
token (bytes) – the token to process

+

+
Raises

+

+

+

+

+
+

+

+export()  bytes[source]

+
Export a security context.

+
This method exports a security context, allowing it to be passed
+between processes.

+

+
Returns

+
the exported security context

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+property lifetime: int

+
The amount of time for which this context remains valid

+

+
+

+

+property delegated_creds: Optional[Credentials]

+
The credentials delegated from the initiator to the acceptor

+

+
Warning

+
This value will not be preserved across picklings.  These should
+be separately exported and transfered.

+

+

+
+

+

+property initiator_name: Any

+
The Name of the initiator of this context

+

+
+

+

+property target_name: Any

+
The Name of the target of this context

+

+
+

+

+property mech: Any

+
The mechanism (MechType) in use by this context

+

+
+

+

+property actual_flags: Any

+
The flags set on this context

+

+
+

+

+property locally_initiated: Any

+
Whether this context was locally intiated

+

+
+

+

+property complete: bool

+
Whether negotiation for this context has been completed

+

+
+

+

+step(token: Optional[bytes] = None)  Optional[bytes][source]

+
Perform a negotation step.

+
This method performs a negotiation step based on the usage type
+of this context.  If __DEFER_STEP_ERRORS__ is set to True on
+the class, this method will return a token, even when exceptions
+would be thrown.  The generated exception will be thrown on the next
+method call or property lookup on the context.
+This is the default behavior.

+
This method should be used in a while loop, as such:

+
input_token = None
+try:
+    while not ctx.complete:
+        output_token = ctx.step(input_token)
+        if not output_token:
+            break
+        input_token = send_and_receive(output_token)
+except GSSError as e:
+     handle_the_issue()
+

+

+

+
Tip

+
Disabling __DEFER_STEP_ERRORS__ is rarely necessary.
+When this method is used in a loop (as above),
+__DEFER_STEP_ERRORS__ will ensure that you always
+send an error token when it’s available,
+keeping the other end of the security context updated
+with the status of the negotiation.

+

+

+
Parameters

+
token (bytes) – the input token from the other participant’s step

+

+
Returns

+
the output token to send to the other participant

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+
+

+

+

+
Enums and Helper Classes

+
The following enumerations from the low-level API are also
+used with the high-level API.  For convenience, they are
+imported in the high-level API gssapi module:

+

+

+class NameType[source]

+
Bases: object

+

+

+anonymous = <OID 1.3.6.1.5.6.3>

+

+
+

+

+composite_export = <OID 1.3.6.1.5.6.6>

+

+
+

+

+export = <OID 1.3.6.1.5.6.4>

+

+
+

+

+hostbased_service = <OID 1.2.840.113554.1.2.1.4>

+

+
+

+

+kerberos_principal = <OID 1.2.840.113554.1.2.2.1>

+

+
+

+

+krb5_nt_principal_name = <OID 1.2.840.113554.1.2.2.1>

+

+
+

+

+machine_uid = <OID 1.2.840.113554.1.2.1.2>

+

+
+

+

+string_uid = <OID 1.2.840.113554.1.2.1.3>

+

+
+

+

+user = <OID 1.2.840.113554.1.2.1.1>

+

+
+

+
+

+

+class MechType[source]

+
Bases: object

+

+

+kerberos = <OID 1.2.840.113554.1.2.2>

+

+
+

+
+

+

+class RequirementFlag(value)[source]

+
Bases: IntEnum

+
An enumeration.

+

+
+
The ok_as_delegate flag corresponds to the C level flag
+GSS_C_DELEG_POLICY_FLAG. This flag is similar to delegate_to_peer
+except it only delegates if the KDC delegation policies for the service
+principal allow it to use delegation. This is typically used on Microsoft
+domain environments to control whether constrained or unconstrained delegation
+is allowed for a service principal. By setting this flag, the delegation
+process follows the same behaviour as delegation on SSPI/Windows.

+
Here are the four cases when either of these flags are set or not.

+

+
Neither flag set
No delegation occurs.

+

+
delegate_to_peer
Always try to delegate regardless of the KDC delegation policies.
+delegate_to_peer is set in the return flags if successful.

+

+
ok_as_delegate
Try to delegate but only if the KDC trusts the service principal for
+delegation. delegate_to_peer and ok_as_delegate are set in the
+return flags if successful.

+

+
delegate_to_peer | ok_as_delegate
Acts like delegate_to_peer being set but will also set
+ok_as_delegate in the return flags if the service principal was trusted
+for delegation by the KDC.

+

+

+

+

+class AddressType(value)[source]

+
Bases: IntEnum

+
An enumeration.

+

+
+
Similarly, there are a couple classes from the low-level API
+that are imported into the high-level API module.  These classes
+are less likely to be used directly by a user, but are returned
+by several methods:

+

+

+class OID[source]

+

+
+

+

+class IntEnumFlagSet(enum, flags=None)[source]

+
Bases: GenericFlagSet

+

+
+

+

+
Exceptions

+
The high-level API can raise all of the exceptions that the low-level API
+can raise in addition to several other high-level-specific exceptions:

+

+

+exception GSSError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: Exception

+

+

+MESSAGE = 'Major ({maj_stat}): {maj_str}, Minor ({min_stat}): {min_str}'

+

+
+

+

+gen_message()[source]

+

+
+

+

+get_all_statuses(code, is_maj)[source]

+

+
+

+
+

+

+exception GeneralError(minor_message: str, **kwargs: str)[source]

+
Bases: Exception

+
A General High-Level API Error

+

+

+MAJOR_MESSAGE = 'General error'

+

+
+

+

+FMT_STR = '{maj}: {min}.'

+

+
+

+
+

+

+exception UnknownUsageError(minor_message: str, **kwargs: str)[source]

+
Bases: GeneralError

+
An Error indicating an unknown usage type

+

+

+MAJOR_MESSAGE = 'Unable to determine {obj} usage'

+

+
+

+
+

+

+exception EncryptionNotUsed(minor_message: str, unwrapped_message: Optional[bytes] = None, **kwargs: str)[source]

+
Bases: GeneralError

+
An Error indicating that encryption was requested, but not used

+

+

+MAJOR_MESSAGE = 'Confidentiality was requested, but not used'

+

+
+

+
+

+

+exception BadChannelBindingsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 262144

+

+
+

+
+

+

+exception BadMICError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 393216

+

+
+

+
+

+

+exception BadMechanismError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 65536

+

+
+

+
+

+

+exception BadNameError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 131072

+

+
+

+
+

+

+exception BadNameTypeError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 196608

+

+
+

+
+

+

+exception BadQoPError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 917504

+

+
+

+
+

+

+exception BadStatusError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 327680

+

+
+

+
+

+

+exception ContextReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, MissingContextError

+

+
+

+

+exception ContextWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterWriteError, MissingContextError

+

+
+

+

+exception CredentialsReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, MissingCredentialsError

+

+
+

+

+exception CredentialsWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterWriteError, MissingCredentialsError

+

+
+

+

+exception DuplicateCredentialsElementError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1114112

+

+
+

+
+

+

+exception DuplicateTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+

+SUPPLEMENTARY_CODE = 2

+

+
+

+
+

+

+exception ExpiredContextError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 786432

+

+
+

+
+

+

+exception ExpiredCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 720896

+

+
+

+
+

+

+exception ExpiredTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+

+SUPPLEMENTARY_CODE = 4

+

+
+

+
+

+

+exception InvalidCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 655360

+

+
+

+
+

+

+exception InvalidTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 589824

+

+
+

+
+

+

+exception MalformedParameterError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 50331648

+

+
+

+
+

+

+exception MechanismNameRequiredError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1179648

+

+
+

+
+

+

+exception MissingContextError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 524288

+

+
+

+
+

+

+exception MissingCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 458752

+

+
+

+
+

+

+exception NameReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, BadNameError

+

+
+

+

+exception NameTypeReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, BadNameTypeError

+

+
+

+

+exception OperationUnavailableError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1048576

+

+
+

+
+

+

+exception ParameterReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 16777216

+

+
+

+
+

+

+exception ParameterWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 33554432

+

+
+

+
+

+

+exception SupplementaryError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+
+

+

+exception TokenOutOfSequenceError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+
+

+

+exception TokenReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, InvalidTokenError

+

+
+

+

+exception TokenTooEarlyError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: TokenOutOfSequenceError

+

+

+SUPPLEMENTARY_CODE = 16

+

+
+

+
+

+

+exception TokenTooLateError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: TokenOutOfSequenceError

+

+

+SUPPLEMENTARY_CODE = 8

+

+
+

+
+

+

+exception UnauthorizedError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 983040

+

+
+

+
+

+

+
Utilities

+

+

+set_encoding(enc: str)  None[source]

+
Sets the current encoding used for strings

+
This value is used to encode and decode string
+values like names.

+

+
Parameters

+
enc – the encoding to use

+

+

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/gssapi.raw.html b/gssapi.raw.html
new file mode 100644
index 00000000..d631b69c
--- /dev/null
+++ b/gssapi.raw.html
@@ -0,0 +1,4723 @@
+
+
+
+  
+
+  
+  Low-Level API — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Low-Level API

+
The low-level API contains a variety of Python functions that map directly
+to the corresponding C functions.  Additionally, it contains several basic
+wrapper classes that wrap underlying C structs and automatically deallocate
+them when the Python object itself is deallocated.

+

+
Warning

+
All methods in both the high-level and low-level APIs may throw the generic
+GSSError exception.

+

+

+
Core RFC 2744

+

+
Names

+

+
Note

+
Some functions in the following section will refer to
+“mechanism names”.  These are not names of mechanisms.
+Instead, they are a special form of name specific to
+a given mechanism.

+

+

+

+class Name[source]

+
A GSSAPI Name

+

+
+

+

+canonicalize_name(name: Name, mech: gssapi.raw.oids.OID)[source]

+
Canonicalize an arbitrary GSSAPI Name into a Mechanism Name

+
This method turns any GSSAPI name into a “mechanism name” –
+a full form name specific to a mechanism.

+

+
Parameters

+
    
+
  • name (Name) – the name to canonicalize
    • 
+
  • mech (MechType) – the mechanism type to use to
+canonicalize the name
    • 
+

+

+
Returns

+
a canonicalized version of the input name

+

+
Return type

+
Name

+

+
Raises

+

+

+

+

+
+

+

+compare_name(name1: Name, name2: Name)[source]

+
Check two GSSAPI names to see if they are the same.

+
This method compares two GSSAPI names, checking to
+see if they are equivalent.

+

+
Parameters

+
    
+
  • name1 (Name) – the first name to compare
    • 
+
  • name2 (Name) – the second name to compare
    • 
+

+

+
Returns

+
whether or not the names are equal

+

+
Return type

+
bool

+

+
Raises

+

+

+

+

+
+

+

+display_name(name: Name, name_type: bool = True)[source]

+
Convert a GSSAPI name into its components.

+
This method converts a GSSAPI Name back into its
+text form.  If name_type is True, it also attempts to
+retrieve the NameType of the name (otherwise the
+returned name type will be None).

+

+
Parameters

+
    
+
  • name (Name) – the name in question
    • 
+
  • name_type (MechType) – whether or not to retrieve the
+name type
    • 
+

+

+
Returns

+
the text part of the name and its type

+

+
Return type

+
DisplayNameResult

+

+
Raises

+
BadNameError

+

+

+

+
+

+

+duplicate_name(name: Name)[source]

+
Duplicate a GSSAPI name.

+

+
Parameters

+
name (Name) – the name to duplicate

+

+
Returns

+
a duplicate of the input name

+

+
Return type

+
Name

+

+
Raises

+
BadNameError

+

+

+

+
+

+

+export_name(name: Name)[source]

+
Export a GSSAPI name.

+
This method “produces a canonical contigous string representation
+of a mechanism name, suitable for direct comparison for use in
+authorization functions”.

+
The input name must be a valid GSSAPI mechanism name, as generated by
+canonicalize_name() or
+accept_sec_context().

+

+
Parameters

+
name (Name) – the name to export

+

+
Returns

+
the exported name

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+import_name(name: bytes, name_type: Optional[gssapi.raw.oids.OID] = None)[source]

+
Convert a string and a name type into a GSSAPI name.

+
This method takes a string name and a name type and converts
+them into a GSSAPI Name.

+

+
Parameters

+
    
+
  • name (Name) – the string version of the name
    • 
+
  • name_type (MechType) – the type of this name
    • 
+

+

+
Returns

+
the GSSAPI version of the name

+

+
Return type

+
Name

+

+
Raises

+

+

+

+

+
+

+

+release_name(name: Name)[source]

+
Release a GSSAPI name.

+
This method frees a GSSAPI Name.
+You probably won’t have to do this.

+

+
Warning

+
This method is deprecated.  Names are
+automatically freed by Python.

+

+

+
Parameters

+
name (Name) – the name in question

+

+
Raises

+
BadNameError

+

+

+

+
+

+

+
Credentials

+

+

+class Creds[source]

+
GSSAPI Credentials

+

+
+

+

+acquire_cred(name: Optional[gssapi.raw.names.Name], lifetime: Optional[int] = None, mechs: Optional[Iterable[gssapi.raw.oids.OID]] = None, usage: str = 'both')[source]

+
Get GSSAPI credentials for the given name and mechanisms.

+
This method gets GSSAPI credentials corresponding to the given name
+and mechanims.  The desired TTL and usage for the the credential may also
+be specified.

+

+
Parameters

+
    
+
  • name (Name) – the name for which to acquire the
+credentials (or None for the “no name” functionality)
    • 
+
  • lifetime (int) – the lifetime in seconds for the credentials (or None
+for indefinite)
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work, or None for the default set
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+

+

+
Returns

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not supported)

+

+
Return type

+
AcquireCredResult

+

+
Raises

+

+

+

+

+
+

+

+add_cred(input_cred: Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'initiate', init_lifetime: Optional[int] = None, accept_lifetime: Optional[int] = None, mutate_input: bool = False)[source]

+
Add a credential element to a credential.

+
This method can be used to either compose two credentials (i.e., original
+and new credential), or to add a new element to an existing credential.

+

+
Parameters

+
    
+
  • input_cred (Creds) – the set of credentials to which to add the new
+credentials
    • 
+
  • name (Name) – name of principal to acquire a
+credential for
    • 
+
  • mech (MechType) – the desired security mechanism
+(required).
    • 
+
  • usage (str) – usage type for credentials.  Possible values:
+‘initiate’ (default), ‘accept’, ‘both’ (failsafe).
    • 
+
  • init_lifetime (int) – lifetime of credentials for use in initiating
+security contexts in seconds (None for indefinite)
    • 
+
  • accept_lifetime (int) – lifetime of credentials for use in accepting
+security contexts in seconds (None for indefinite)
    • 
+
  • mutate_input (bool) – whether to mutate the input credentials (True)
+or produce a new set of credentials (False).  Defaults to False
    • 
+

+

+
Returns

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL, and the actual acceptor TTL (None for
+either indefinite or not supported).  Note that the credentials may
+be set to None if mutate_input is set to True.

+

+
Return type

+
AddCredResult

+

+
Raises

+

+

+

+

+
+

+

+inquire_cred(creds: Creds, name: bool = True, lifetime: bool = True, usage: bool = True, mechs: bool = True)[source]

+
Inspect credentials for information.

+
This method inspects a Creds object for information.

+

+
Parameters

+
    
+
  • creds (Creds) – the credentials to inspect
    • 
+
  • name (bool) – get the Name associated with the credentials
    • 
+
  • lifetime (bool) – get the TTL for the credentials
    • 
+
  • usage (bool) – get the usage type of the credentials
    • 
+
  • mechs (bool) – the mechanims used with the credentials
    • 
+

+

+
Returns

+
the information about the credentials,
+with unused fields set to None

+

+
Return type

+
InquireCredResult

+

+
Raises

+

+

+

+

+
+

+

+inquire_cred_by_mech(creds: Creds, mech: gssapi.raw.oids.OID, name: bool = True, init_lifetime: bool = True, accept_lifetime: bool = True, usage: bool = True)[source]

+
Inspect credentials for mechanism-specific information.

+
This method inspects a Creds object for information
+specific to a particular mechanism.  It functions similarly
+to inquire_cred().

+

+
Parameters

+
    
+
  • creds (Creds) – the credentials to inspect
    • 
+
  • mech (OID) – the desired mechanism
    • 
+
  • name (bool) – get the Name associated with the credentials
    • 
+
  • init_lifetime (bool) – get the initiator TTL for the credentials (in
+seconds)
    • 
+
  • accept_lifetime (bool) – get the acceptor TTL for the credentials (in
+seconds)
    • 
+
  • usage (bool) – get the usage type of the credentials
    • 
+

+

+
Returns

+
the information about the credentials,
+with unused fields set to None

+

+
Return type

+
InquireCredByMechResult

+

+
Raises

+

+

+

+

+
+

+

+release_cred(creds)[source]

+
release_cred(creds)
+Release GSSAPI Credentials.

+
This method releases GSSAPI credentials.

+

+
Warning

+
This method is deprecated.  Credentials are
+automatically freed by Python.

+

+

+
Parameters

+
creds (Creds) – the credentials in question

+

+
Raises

+
MissingCredentialsError

+

+

+

+
+

+

+
Security Contexts

+

+

+class SecurityContext[source]

+
A GSSAPI Security Context

+

+
+

+

+accept_sec_context(input_token: bytes, acceptor_creds: Optional[gssapi.raw.creds.Creds] = None, context: Optional[SecurityContext] = None, channel_bindings: Optional[gssapi.raw.chan_bindings.ChannelBindings] = None)[source]

+
Accept a GSSAPI security context.

+
This method accepts a GSSAPI security context using a token sent by the
+initiator, using the given credentials.  It can either be used to accept a
+security context and create a new security context object, or to update an
+existing security context object.

+

+
Warning

+
This changes the input context!

+

+

+
Parameters

+
    
+
  • input_token (bytes) – the token sent by the context initiator
    • 
+
  • acceptor_creds (Creds) – the credentials to be used to accept the
+context (or None to use the default credentials)
    • 
+
  • context (SecurityContext) – the security
+context to update (or None to create a new security context object)
    • 
+
  • channel_bindings (ChannelBindings) – The channel bindings (or None for
+no channel bindings)
    • 
+

+

+
Returns

+
the resulting security context, the initiator
+name, the mechanism being used, the output token, the flags in use,
+the lifetime of the context in seconds (or None for indefinite or not
+supported), the delegated credentials (valid only if the
+delegate_to_peer flag is set), and whether or not further token
+exchanges are needed to finalize the security context.

+

+
Return type

+
AcceptSecContextResult

+

+
Raises

+

+

+

+

+
+

+

+context_time(context: SecurityContext)[source]

+
Get the amount of time for which the given context will remain valid.

+
This method determines the amount of time for which the given
+security context will remain valid.  An expired context will
+give a result of 0.

+

+
Parameters

+
context (SecurityContext) – the security
+context in question

+

+
Returns

+
the number of seconds for which the context will be valid

+

+
Return type

+
int

+

+
Raises

+

+

+

+

+
+

+

+delete_sec_context(context: SecurityContext, local_only: bool = True)[source]

+
Delete a GSSAPI security context.

+
This method deletes a GSSAPI security context,
+returning an output token to send to the other
+holder of the security context to notify them
+of the deletion.

+

+
Note

+
This method generally should not be used.  SecurityContext
+objects will automatically be freed by Python.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the security
+context in question
    • 
+
  • local_only (bool) – should we request local deletion (True), or also
+remote deletion (False), in which case a token is also returned
    • 
+

+

+
Returns

+

+
the output token (if remote deletion is requested).  Generally
this is None, but bytes for compatibility.

+

+

+

+

+
Return type

+
bytes

+

+
Raises

+
MissingContextError

+

+

+

+
+

+

+export_sec_context(context: SecurityContext)[source]

+
Export a context for use in another process.

+
This method exports a security context, deactivating in the current process
+and creating a token which can then be imported into another process
+with import_sec_context().

+
Warning: this modifies the input context

+

+
Parameters

+
context (SecurityContext) – the context to send
+to another process

+

+
Returns

+
the output token to be imported

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+import_sec_context(token: bytes)[source]

+
Import a context from another process.

+
This method imports a security context established in another process
+by reading the specified token which was output by
+export_sec_context().

+

+
Raises

+

+

+

+

+
+

+

+init_sec_context(name: gssapi.raw.names.Name, creds: Optional[gssapi.raw.creds.Creds] = None, context: Optional[SecurityContext] = None, mech: Optional[gssapi.raw.oids.OID] = None, flags: Optional[Union[int, gssapi.raw.types.RequirementFlag, Iterable[int], Iterable[gssapi.raw.types.RequirementFlag]]] = None, lifetime: Optional[int] = None, channel_bindings: Optional[gssapi.raw.chan_bindings.ChannelBindings] = None, input_token: Optional[bytes] = None)[source]

+
Initiate a GSSAPI security context.

+
This method initiates a GSSAPI security context, targeting the given
+target name.  To create a basic context, just provide the target name.
+Further calls used to update the context should pass in the output context
+of the last call, as well as the input token received from the acceptor.

+

+
Warning

+
This changes the input context!

+

+

+
Parameters

+
    
+
  • target_name (Name) – the target for the security
+context
    • 
+
  • creds (Creds) – the credentials to use to initiate the context,
+or None to use the default credentials
    • 
+
  • context (SecurityContext) – the security
+context to update, or None to create a new context
    • 
+
  • mech (MechType) – the mechanism type for this security
+context, or None for the default mechanism type
    • 
+
  • flags (list) – the flags to request for the security context, or
+None to use the default set: mutual_authentication and
+out_of_sequence_detection.  This may also be an
+IntEnumFlagSet
    • 
+
  • lifetime (int) – the request lifetime of the security context in seconds
+(a value of 0 or None means indefinite)
    • 
+
  • channel_bindings (ChannelBindings) – The channel bindings (or None for
+no channel bindings)
    • 
+
  • input_token (bytes) – the token to use to update the security context,
+or None if you are creating a new context
    • 
+

+

+
Returns

+
the output security context, the actual mech
+type, the actual flags used, the output token to send to the acceptor,
+the actual lifetime of the context in seconds (or None if not supported
+or indefinite), and whether or not more calls are needed to finish the
+initiation.

+

+
Return type

+
InitSecContextResult

+

+
Raises

+

+

+

+

+
+

+

+inquire_context(context: SecurityContext, initiator_name: bool = True, target_name: bool = True, lifetime: bool = True, mech: bool = True, flags: bool = True, locally_init: bool = True, complete: bool = True)[source]

+
Get information about a security context.

+
This method obtains information about a security context, including
+the initiator and target names, as well as the TTL, mech,
+flags, and its current state (open vs closed).

+

+
Note

+
the target name may be None if it would have been GSS_C_NO_NAME

+

+

+
Parameters

+
context (SecurityContext) – the context in
+question

+

+
Returns

+
the initiator name, the target name, the TTL
+(can be None for indefinite or not supported), the mech type, the
+flags, whether or not the context was locally initiated,
+and whether or not the context is currently fully established

+

+
Return type

+
InquireContextResult

+

+
Raises

+
MissingContextError

+

+

+

+
+

+

+process_context_token(context: SecurityContext, token: bytes)[source]

+
Process a token asynchronously.

+
This method provides a way to process a token, even if the
+given security context is not expecting one.  For example,
+if the initiator has the initSecContext return that the context
+is complete, but the acceptor is unable to accept the context,
+and wishes to send a token to the initiator, letting the
+initiator know of the error.

+

+
Warning

+
This method has been essentially deprecated by RFC 2744.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the security
+context against which to process the token
    • 
+
  • token (bytes) – the token to process
    • 
+

+

+
Raises

+

+

+

+

+
+

+

+get_mic(context: gssapi.sec_contexts.SecurityContext, message: bytes, qop: Optional[int] = None)[source]

+
Generate a MIC for a message.

+
This method generates a Message Integrity Check token for the
+given message.  This can be separately trasmitted to the other
+entity, unlike wrap, which bundles the MIC and the message
+together.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message for which to generate the MIC
    • 
+
  • qop (int) – the requested Quality of Protection
+(or None to use the default)
    • 
+

+

+
Returns

+
the generated MIC token

+

+
Return type

+
bytes

+

+
Raises

+

+

+

+

+
+

+

+unwrap(context: gssapi.sec_contexts.SecurityContext, message: bytes)[source]

+
Unwrap/Decrypt a message.

+
This method unwraps or decrypts a message, depending
+on whether the sender used confidentiality.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to unwrap/decrypt
    • 
+

+

+
Returns

+

+
the unwrapped/decrypted message, whether or on
encryption was used, and the QoP used

+

+

+

+

+
Return type

+
UnwrapResult

+

+
Raises

+

+

+

+

+
+

+

+verify_mic(context: gssapi.sec_contexts.SecurityContext, message: bytes, token: bytes)[source]

+
Verify that a MIC matches a message.

+
This method verifies that the given MIC matches the given message.
+If the MIC does not match the given message, an exception will
+be raised.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message in question
    • 
+
  • token (bytes) – the MIC token in question
    • 
+

+

+
Returns

+
the QoP used.

+

+
Return type

+
int

+

+
Raises

+

+

+

+

+
+

+

+wrap(context: gssapi.sec_contexts.SecurityContext, message: bytes, confidential: bool = True, qop: Optional[int] = None)[source]

+
Wrap/Encrypt a message.

+
This method wraps or encrypts a message (depending on the value
+of confidential) with the given Quality of Protection.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to wrap or encrypt
    • 
+
  • confidential (bool) – whether or not to encrypt the message (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns

+

+
the wrapped/encrypted message, and whether or not
encryption was actually used

+

+

+

+

+
Return type

+
WrapResult

+

+
Raises

+

+

+

+

+
+

+

+wrap_size_limit(context: gssapi.sec_contexts.SecurityContext, output_size: int, confidential: bool = True, qop: Optional[int] = None)[source]

+
Calculate the max message size.

+
This method calculates the unwrapped/unencrypted message size for
+the given maximum wrapped/encrypted message size.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • output_size (int) – the maximum desired wrapped/encrypted message size
    • 
+
  • confidential (bool) – whether or not confidentiality is being used
    • 
+
  • qop (int) – the QoP that will be when you actually call wrap
+(or None for the default QoP)
    • 
+

+

+
Returns

+
the maximum unencrypted/unwrapped message size

+

+
Return type

+
int

+

+
Raises

+

+

+

+

+
+

+

+
Misc

+

+

+class OID[source]

+
A GSSAPI OID

+
A new OID may be created by passing the elements argument
+to the constructor.  The elements argument should be a
+bytes consisting of the BER-encoded values in the OID.

+
To retrieve the underlying bytes, use the bytes
+function in Python 3.

+
This object is hashable, and may be compared using equality
+operators.

+

+

+property dotted_form[source]

+

+
+

+

+classmethod from_int_seq(integer_sequence: Union[str, Iterable[int]])[source]

+
Create a OID from a sequence of integers.

+
This method creates an OID from a sequence of integers.
+The sequence can either be in dotted form as a string,
+or in list form.

+
This method is not for BER-encoded byte strings, which
+can be passed directly to the OID constructor.

+

+
Parameters

+
integer_sequence – either a list of integers or
+a string in dotted form

+

+
Returns

+
the OID represented by the given integer sequence

+

+
Return type

+
OID

+

+
Raises

+
ValueError – the sequence is less than two elements long

+

+

+

+
+

+
+

+

+exception GSSError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+

+calling_code[source]

+

+
+

+

+gen_message()[source]

+
Retrieves all messages for this error’s status codes

+
This method retrieves all messages for this error’s status codes,
+and forms them into a string for use as an exception message

+

+
Returns

+
a string for use as this error’s message

+

+
Return type

+
str

+

+

+

+
+

+

+get_all_statuses(code: int, is_maj: bool)[source]

+
Retrieve all messages for a status code.

+
This method retrieves all human-readable messages
+available for the given status code.

+

+
Parameters

+
    
+
  • code – the status code in question
    • 
+
  • is_maj – whether this is a major status code (True)
+or minor status code (False)
    • 
+

+

+
Returns

+

+
A list of string messages associated with the
given code

+

+

+

+

+
Return type

+
[str]

+

+

+

+
+

+

+maj_code[source]

+

+
+

+

+min_code[source]

+

+
+

+

+routine_code[source]

+

+
+

+

+supplementary_code[source]

+

+
+

+

+token[source]

+

+
+

+
+

+

+class MechType[source]

+
GSSAPI Mechanism Types

+
This enum-like object contains any mechanism OID
+values registered by imported mechanisms.

+

+

+kerberos

+

+
+

+
+

+

+class Name[source]

+
A GSSAPI Name

+

+
+

+

+class OID[source]

+
A GSSAPI OID

+
A new OID may be created by passing the elements argument
+to the constructor.  The elements argument should be a
+bytes consisting of the BER-encoded values in the OID.

+
To retrieve the underlying bytes, use the bytes
+function in Python 3.

+
This object is hashable, and may be compared using equality
+operators.

+

+

+property dotted_form

+

+
+

+

+classmethod from_int_seq(integer_sequence: Union[str, Iterable[int]])

+
Create a OID from a sequence of integers.

+
This method creates an OID from a sequence of integers.
+The sequence can either be in dotted form as a string,
+or in list form.

+
This method is not for BER-encoded byte strings, which
+can be passed directly to the OID constructor.

+

+
Parameters

+
integer_sequence – either a list of integers or
+a string in dotted form

+

+
Returns

+
the OID represented by the given integer sequence

+

+
Return type

+
OID

+

+
Raises

+
ValueError – the sequence is less than two elements long

+

+

+

+
+

+
+

+

+indicate_mechs()[source]

+
Get the currently supported mechanisms.

+
This method retrieves the currently supported GSSAPI mechanisms.
+Note that if unknown mechanims are found, those will be skipped.

+

+
+

+

+inquire_mechs_for_name(name)[source]

+
inquire_mechs_for_name(name)
+List the mechanisms which can process a name.

+
This method lists the mechanisms which may be able to
+process the given name.

+

+
Parameters

+
name (Name) – the name in question

+

+
Returns

+
The mechanism OIDs able to process the given name

+

+
Raises

+
GSSError

+

+

+

+
+

+

+inquire_names_for_mech(mech)[source]

+
inquire_names_for_mech(mech)
+Get the name types supported by a mechanism.

+
This method retrieves the different name types supported by
+the given mechanism.

+

+
Parameters

+
mech (OID) – the mechanism in question

+

+
Returns

+
the name type OIDs supported by the given mechanism

+

+
Return type

+
list

+

+
Raises

+
GSSError

+

+

+

+
+

+

+class AddressType[source]

+
GSSAPI Channel Bindings Address Types

+
This IntEnum represents the various address
+types used with the ChannelBindings
+structure.

+
The numbers behind the values correspond directly
+to their C counterparts.  There is no value for
+GSS_C_AF_UNSPEC, since this is represented
+by None.

+

+

+appletalk = 16[source]

+

+
+

+

+arpanet = 3[source]

+

+
+

+

+bisync = 17[source]

+

+
+

+

+ccitt = 10[source]

+

+
+

+

+chaos = 5[source]

+

+
+

+

+datakit = 9[source]

+

+
+

+

+decnet = 12[source]

+

+
+

+

+dli = 13[source]

+

+
+

+

+dss = 18[source]

+

+
+

+

+ecma = 8[source]

+

+
+

+

+hyperchannel = 15[source]

+

+
+

+

+ibm_sna = 11[source]

+

+
+

+

+ip = 2[source]

+

+
+

+

+lat = 14[source]

+

+
+

+

+local = 1[source]

+

+
+

+

+nbs = 7[source]

+

+
+

+

+null = 255[source]

+

+
+

+

+osi_tp4 = 19[source]

+

+
+

+

+pup = 4[source]

+

+
+

+

+x25 = 21[source]

+

+
+

+

+xerox_ns = 6[source]

+

+
+

+
+

+

+class GenericFlagSet(flags: Optional[Union[GenericFlagSet, numbers.Integral, int]] = None)[source]

+
A set backed by a 32-bit integer

+
This is a set backed by a 32 bit integer.
+the members are integers where only one
+bit is set.

+
The class supports normal set operations,
+as well as traditional “flag set” operations,
+such as bitwise AND, OR, and XOR.

+

+

+MAX_VAL[source]

+

+
+

+

+add(flag: int)[source]

+
Add an element.

+

+
+

+

+discard(flag: int)[source]

+
Remove an element.  Do not raise an exception if absent.

+

+
+

+
+

+

+class IntEnumFlagSet(enum: Type[enum.IntEnum], flags: Optional[Union[GenericFlagSet, numbers.Integral, int]] = None)[source]

+
A set backed by a 32-bit integer with enum members

+
This class is a GenericFlagSet where the returned
+members are values in an IntEnum.

+
It functions exactly like a GenericFlagSet, except that
+it also supports bitwise operations with the enum values.

+

+
+

+

+class MechType[source]

+
GSSAPI Mechanism Types

+
This enum-like object contains any mechanism OID
+values registered by imported mechanisms.

+

+

+kerberos[source]

+

+
+

+
+

+

+class NameType[source]

+
GSSAPI Name Types

+
This enum-like object represents GSSAPI name
+types (to be used with import_name(), etc)

+

+

+anonymous = Ellipsis[source]

+

+
+

+

+composite_export = Ellipsis[source]

+

+
+

+

+export = Ellipsis[source]

+

+
+

+

+hostbased_service = Ellipsis[source]

+

+
+

+

+kerberos_principal = Ellipsis[source]

+

+
+

+

+krb5_nt_principal_name = Ellipsis[source]

+

+
+

+

+machine_uid = Ellipsis[source]

+

+
+

+

+string_uid = Ellipsis[source]

+

+
+

+

+user = Ellipsis[source]

+

+
+

+
+

+

+class RequirementFlag[source]

+
GSSAPI Requirement Flags

+
This IntEnum represents flags used with the
+SecurityContext-related methods (e.g.
+init_sec_context())

+
The numbers behind the values correspond directly
+to their C counterparts.

+

+

+anonymity = 64[source]

+

+
+

+

+channel_bound = 2048[source]

+

+
+

+

+confidentiality = 16[source]

+

+
+

+

+dce_style = 4096[source]

+

+
+

+

+delegate_to_peer = 1[source]

+

+
+

+

+extended_error = 16384[source]

+

+
+

+

+identify = 8192[source]

+

+
+

+

+integrity = 32[source]

+

+
+

+

+mutual_authentication = 2[source]

+

+
+

+

+ok_as_delegate = 32768[source]

+

+
+

+

+out_of_sequence_detection = 8[source]

+

+
+

+

+protection_ready = 128[source]

+

+
+

+

+replay_detection = 4[source]

+

+
+

+

+transferable = 256[source]

+

+
+

+
+

+

+class ChannelBindings(initiator_address_type: Optional[int] = None, initiator_address: Optional[bytes] = None, acceptor_address_type: Optional[int] = None, acceptor_address: Optional[bytes] = None, application_data: Optional[bytes] = None)[source]

+
GSSAPI Channel Bindings

+
This class represents a set of GSSAPI channel bindings.

+

+
Parameters

+
    
+
  • initiator_address_type – the initiator address type
    • 
+
  • initiator_address – the initiator address
    • 
+
  • acceptor_address_type – the acceptor address type
    • 
+
  • acceptor_address – the acceptor address
    • 
+
  • application_data – additional application-specific data
    • 
+

+

+

+

+

+acceptor_address[source]

+

+
+

+

+acceptor_address_type[source]

+

+
+

+

+application_data[source]

+

+
+

+

+initiator_address[source]

+

+
+

+

+initiator_address_type[source]

+

+
+

+
+

+

+

+
Additional RFCs and Extensions

+
The following is a list of GSSAPI extensions supported by the low-level API.

+

+
Note

+
While all of these extensions have bindings, they may not be supported
+by your particularly GSSAPI implementation.  In this case, they will not
+be compiled, and will simply not be available in the gssapi.raw
+namespace.

+

+

+
RFC 4178 (GSS-API Negotiation Mechanism)

+

+

+set_neg_mechs(cred_handle: gssapi.raw.creds.Creds, mech_set: Iterable[gssapi.raw.oids.OID])[source]

+
Specify the set of security mechanisms that may be negotiated with
+the credential identified by cred_handle.
+If more than one mechanism is specified in mech_set, the order in
+which those mechanisms are specified implies a relative preference.

+

+
Parameters

+
    
+
  • cred_handle (Creds) – credentials to set negotiable mechanisms for
    • 
+
  • mech_set (MechType) – negotiable mechanisms to be set
    • 
+

+

+
Returns

+
None

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
RFC 5587 (GSS-API Extension for Mech Attributes)

+

+

+display_mech_attr(attr: gssapi.raw.oids.OID)[source]

+
Returns information about attributes in human readable form.

+

+
Parameters

+
attr (OID) – Mechanism attribute to retrieve names and
+descriptions of

+

+
Returns

+
the results of displaying the attribute; mech name,
+short description, and long description.

+

+
Return type

+
DisplayAttrResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+indicate_mechs_by_attrs(desired_mech_attrs: Optional[Iterable[gssapi.raw.oids.OID]] = None, except_mech_attrs: Optional[Iterable[gssapi.raw.oids.OID]] = None, critical_mech_attrs: Optional[Iterable[gssapi.raw.oids.OID]] = None)[source]

+
Get a set of mechanisms that have the specified attributes.

+

+
Parameters

+
    
+
  • desired_mech_attrs (OID) – Attributes that the output mechs MUST
+offer
    • 
+
  • except_mech_attrs (OID) – Attributes that the output mechs MUST
+NOT offer
    • 
+
  • critical_mech_attrs (OID) – Attributes that the output mechs
+MUST understand and offer
    • 
+

+

+
Returns

+
a set of mechs which satisfy the given criteria

+

+
Return type

+
MechType

+

+
Raises

+
GSSError

+

+

+

+
+

+

+inquire_attrs_for_mech(mech: gssapi.raw.oids.OID)[source]

+
Gets the set of attrs supported and known by a mechanism.

+

+
Parameters

+
mech (MechType) – Mechanism to inquire about

+

+
Returns

+
the results of inquiry; a mech’s attributes and
+known attributes

+

+
Return type

+
InquireAttrsResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
RFC 5588 (GSS-API Extension for Storing Delegated Credentials)

+

+

+store_cred(creds: gssapi.raw.creds.Creds, usage: str = 'both', mech: Optional[gssapi.raw.oids.OID] = None, overwrite: bool = False, set_default: bool = False)[source]

+
Store credentials into the default store.

+
This method stores the given credentials into the default store.
+They may then be retrieved later using
+acquire_cred().

+

+
Parameters

+
    
+
  • creds (Creds) – the credentials to store
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the mechansim to associate with the stored
+credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns

+
the results of the credential storing operation

+

+
Return type

+
StoreCredResult

+

+
Raises

+

+

+

+

+
+

+

+
RFC 5801 (GSS-API SASL Extensions)

+

+

+inquire_mech_for_saslname(sasl_name: bytes)[source]

+
Gets the OID for the mech specified by SASL name.

+

+
Parameters

+
sasl_name (bytes) – SASL name of the mechanism

+

+
Returns

+
the mechanism with corresponding SASL name.

+

+
Return type

+
OID

+

+
Raises

+
GSSError – An unknown failure occurred

+

+

+

+
+

+

+inquire_saslname_for_mech(mech: gssapi.raw.oids.OID)[source]

+
Gets information about a specified mech, including the SASL name,
+the mech name, and the mech description.

+

+
Parameters

+
mech (OID) – Mechanism to inquire about

+

+
Returns

+
the results of inquiry; a mech’s SASL name,
+name, and description.

+

+
Return type

+
InquireSASLNameResult

+

+
Raises

+
GSSError – an unknown failure occurred

+

+

+

+
+

+

+
Credential Store Extensions

+
Credential Store Extension

+

+

+acquire_cred_from(dict_store: Optional[Dict[Union[bytes, str], Union[bytes, str]]] = None, name: Optional[gssapi.raw.names.Name] = None, lifetime: Optional[int] = None, mechs: Optional[Iterable[gssapi.raw.oids.OID]] = None, usage: str = 'both')[source]

+
Acquire credentials from the given store.

+
This method acquires credentials from the store specified by the
+given credential store information.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters

+
    
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • name (Name) – the name associated with the
+credentials, or None for the default name
    • 
+
  • lifetime (int) – the desired lifetime of the credentials in seconds, or
+None for indefinite
    • 
+
  • mechs (list) – the desired mechanisms to be used with these
+credentials, or None for the default set
    • 
+
  • usage (str) – the usage for these credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+

+

+
Returns

+
the acquired credentials and information about
+them

+

+
Return type

+
AcquireCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+add_cred_from(dict_store: Optional[Dict[Union[bytes, str], Union[bytes, str]]], input_creds: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'both', init_lifetime: Optional[int] = None, accept_lifetime: Optional[int] = None)[source]

+
Acquire credentials to add to the current set from the given store.

+
This method works like acquire_cred_from(), except that it
+adds the acquired credentials for a single mechanism to a copy of
+the current set, instead of creating a new set for multiple mechanisms.
+Unlike acquire_cred(), you cannot pass None for the
+desired name or mechanism.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • name (Name) – the name associated with the credentials
    • 
+
  • mech (OID) – the desired mechanism to be used with these
+credentials
    • 
+
  • usage (str) – the usage for these credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • init_lifetime (int) – the desired initiate lifetime of the credentials
+in seconds, or None for indefinite
    • 
+
  • accept_lifetime (int) – the desired accept lifetime of the credentials
+in seconds, or None for indefinite
    • 
+

+

+
Returns

+
the new credentials set and information about
+it

+

+
Return type

+
AcquireCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+store_cred_into(dict_store: Optional[Dict[Union[bytes, str], Union[bytes, str]]], creds: gssapi.raw.creds.Creds, usage: str = 'both', mech: Optional[gssapi.raw.oids.OID] = None, overwrite: bool = False, set_default: bool = False)[source]

+
Store credentials into the given store.

+
This method stores the given credentials into the store specified
+by the given store information.  They may then be retrieved later using
+acquire_cred_from() or add_cred_from().

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • creds (Creds) – the credentials to store
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the mechansim to associate with the stored
+credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns

+
the results of the credential storing operation

+

+
Return type

+
StoreCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
RFC 6680 (GSS-API Naming Extensions)

+

+

+delete_name_attribute(name: gssapi.raw.names.Name, attr: bytes)[source]

+
Remove an attribute from a name.

+
This method removes an attribute from a Name.  This method may be
+used before set_name_attribute() clear the values of an attribute
+before setting a new value (making the latter method work like a ‘set’
+operation instead of an ‘add’ operation).

+
Note that the removal of certain attributes may not be allowed.

+

+
Parameters

+
    
+
  • name (Name) – the name to remove the attribute from
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+

+

+
Raises

+

+

+

+

+
+

+

+display_name_ext(name: gssapi.raw.names.Name, name_type: gssapi.raw.oids.OID)[source]

+
Display the given Name using the given name type.

+
This method attempts to display the given Name using the syntax of
+the given name type.  If this is not possible, an appropriate error
+will be raised.

+

+
Parameters

+
    
+
  • name (Name) – the name to display
    • 
+
  • name_type (OID) – the name type (see NameType) to use to
+display the given name
    • 
+

+

+
Returns

+
the displayed name

+

+
Return type

+
bytes

+

+
Raises

+
OperationUnavailableError – the given name could not
+be displayed using the given name type

+

+

+

+
+

+

+export_name_composite(name: gssapi.raw.names.Name)[source]

+
Export a name, preserving attribute information.

+
This method functions similarly to export_name(),
+except that it preserves attribute information.  The resulting bytes may be
+imported using import_name() with the
+composite_export name type.

+

+
Note

+
Some versions of MIT Kerberos require you to either canonicalize a name
+once it has been imported with composite-export name type, or to import
+using the normal export name type.

+

+

+
Parameters

+
name (Name) – the name to export

+

+
Returns

+
the exported composite name

+

+
Return type

+
bytes

+

+
Raises

+
GSSError

+

+

+

+
+

+

+get_name_attribute(name: gssapi.raw.names.Name, attr: bytes, more: Optional[int] = None)[source]

+
Get the value(s) of a name attribute.

+
This method retrieves the value(s) of the given attribute
+for the given Name.

+
Note that this functionality matches pseudo-API presented
+in RFC 6680, not the C API (which uses a state variable and
+multiple calls to retrieve multiple values).

+

+
Parameters

+
    
+
  • name (Name) – the Name from which to get the attribute
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+

+

+
Returns

+
the raw version of the value(s),
+the human-readable version of the value(s), whether
+or not the attribute was authenticated, and whether or
+not the attribute’s value set was marked as complete

+

+
Return type

+
GetNameAttributeResult

+

+
Raises

+
OperationUnavailableError – the given attribute is
+unknown or unset

+

+

+

+
+

+

+inquire_name(name: gssapi.raw.names.Name, mech_name: bool = True, attrs: bool = True)[source]

+
Get information about a Name.

+
This method retrieves information about the given name, including
+the set of attribute names for the given name, as well as whether or
+not the name is a mechanism name.  Additionally, if the given name is
+a mechanism name, the associated mechansim is returned as well.

+

+
Parameters

+
    
+
  • name (Name) – the name about which to inquire
    • 
+
  • mech_name (bool) – whether or not to retrieve if this name
+is a mech_name (and the associate mechanism)
    • 
+
  • attrs (bool) – whether or not to retrieve the attribute name list
    • 
+

+

+
Returns

+
the set of attribute names for the given name,
+whether or not the name is a Mechanism Name, and potentially
+the associated mechanism if it is a Mechanism Name

+

+
Return type

+
InquireNameResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+set_name_attribute(name: gssapi.raw.names.Name, attr: bytes, value: Iterable[bytes], complete: bool = False)[source]

+
Set the value(s) of a name attribute.

+
This method sets the value(s) of the given attribute on the given name.

+
Note that this functionality more closely matches the pseudo-API
+presented in RFC 6680, not the C API (which uses multiple calls to
+add multiple values).  However, multiple calls to this method will
+continue adding values, so delete_name_attribute() must be
+used in between calls to “clear” the values.

+

+
Parameters

+
    
+
  • name (Name) – the Name on which to set the attribute
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+
  • value (list) – a list of bytes objects to use as the value(s)
    • 
+
  • complete (bool) – whether or not to mark this attribute’s value
+set as being “complete”
    • 
+

+

+
Raises

+
OperationUnavailableError – the given attribute name
+is unknown or could not be set

+

+

+

+
+

+

+
Credentials Import-Export Extensions

+
Credentials Import/Export Extension

+

+

+export_cred(creds: gssapi.raw.creds.Creds)[source]

+
Export GSSAPI credentials.

+
This method exports GSSSAPI credentials into a token
+which may be transmitted between different processes.

+

+
Parameters

+
creds (Creds) – the credentials object to be exported

+

+
Returns

+
the exported token representing the given credentials object

+

+
Return type

+
bytes

+

+
Raises

+
GSSError

+

+

+

+
+

+

+import_cred(token: bytes)[source]

+
Import GSSAPI credentials from a token.

+
This method imports a credentials object from a token
+previously exported by export_cred().

+

+
Parameters

+
token (bytes) – the token to import

+

+
Returns

+
the imported credentials object

+

+
Return type

+
Creds

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
DCE (IOV/AEAD) Extensions

+

+

+class IOV(*args: Union[IOVBuffer, Tuple[Union[IOVBufferType, int], Optional[bool], Optional[bytes]], Tuple[Union[IOVBufferType, int], Optional[Union[bool, bytes]]], bytes, Union[IOVBufferType, int]], std_layout: bool = True, auto_alloc: bool = True)[source]

+
A GSSAPI IOV

+

+

+count(value: Any)[source]

+

+
+

+

+index(value: Any)[source]

+

+
+

+
+

+

+class IOVBuffer[source]

+

+

+allocate[source]

+

+
+

+

+type[source]

+

+
+

+

+value[source]

+

+
+

+
+

+

+class IOVBufferType[source]

+
IOV Buffer Types

+
This IntEnum represent GSSAPI IOV buffer
+types to be used with the IOV methods.

+
The numbers behind the values correspond directly
+to their C counterparts.

+

+

+data = 1[source]

+

+
+

+

+empty = 0[source]

+

+
+

+

+header = 2[source]

+

+
+

+

+mech_params = 3[source]

+

+
+

+

+mic_token = 12[source]

+

+
+

+

+padding = 9[source]

+

+
+

+

+sign_only = 11[source]

+

+
+

+

+stream = 10[source]

+

+
+

+

+trailer = 7[source]

+

+
+

+
+

+

+unwrap_aead(context: gssapi.raw.sec_contexts.SecurityContext, message: bytes, associated: Optional[bytes] = None)[source]

+
Unwrap/Decrypt an AEAD message.

+
This method takes an encrpyted/wrapped AEAD message and some associated
+data, and returns an unwrapped/decrypted message.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the AEAD message to unwrap or decrypt
    • 
+
  • associated (bytes) – associated data that goes with the message
    • 
+

+

+
Returns

+
the unwrapped/decrypted message, whether or on
+encryption was used, and the QoP used

+

+
Return type

+
UnwrapResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+unwrap_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV)[source]

+
Unwrap/Decrypt an IOV message.

+
This method uwraps or decrypts an IOV message.  The allocate
+parameter of the IOVBuffer objects in the IOV
+indicates whether or not that particular buffer should be
+automatically allocated (for use with padding, header, and
+trailer buffers).

+
As a special case, you may pass an entire IOV message
+as a single ‘stream’.  In this case, pass a buffer type
+of IOVBufferType.stream followed by a buffer type of
+IOVBufferType.data.  The former should contain the
+entire IOV message, while the latter should be empty.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+

+

+
Returns

+
whether or not confidentiality was used,
+and the QoP used.

+

+
Return type

+
IOVUnwrapResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+wrap_aead(context: gssapi.raw.sec_contexts.SecurityContext, message: bytes, associated: Optional[bytes] = None, confidential: bool = True, qop: Optional[int] = None)[source]

+
Wrap/Encrypt an AEAD message.

+
This method takes an input message and associated data,
+and outputs and AEAD message.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to wrap or encrypt
    • 
+
  • associated (bytes) – associated data to go with the message
    • 
+
  • confidential (bool) – whether or not to encrypt the message (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns

+
the wrapped/encrypted total message, and whether or not
+encryption was actually used

+

+
Return type

+
WrapResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+wrap_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV, confidential: bool = True, qop: Optional[int] = None)[source]

+
Wrap/Encrypt an IOV message.

+
This method wraps or encrypts an IOV message.  The allocate
+parameter of the IOVBuffer objects in the IOV
+indicates whether or not that particular buffer should be
+automatically allocated (for use with padding, header, and
+trailer buffers).

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+
  • confidential (bool) – whether or not to encrypt the miovessage (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns

+
whether or not confidentiality was actually used

+

+
Return type

+
bool

+

+
Raises

+
GSSError

+

+

+

+
+

+

+wrap_iov_length(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV, confidential: bool = True, qop: Optional[int] = None)[source]

+
Appropriately size padding, trailer, and header IOV buffers.

+
This method sets the length values on the IOV buffers.  You
+should already have data provided for the data (and sign-only)
+buffer(s) so that padding lengths can be appropriately computed.

+
In Python terms, this will result in an appropriately sized
+bytes object consisting of all zeros.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+

+

+
Returns

+
a list of :class:IOVBuffer` objects, and whether or not
+encryption was actually used

+

+
Return type

+
WrapResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
IOV MIC Extensions

+

+

+get_mic_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: Optional[int] = None)[source]

+
Generate MIC tokens for the given IOV message.

+
This method generates a MIC token for the given IOV message, and places it
+in the mic_token buffer in the
+IOV. This method operates entirely in-place, and returns nothing.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns

+
None

+

+
Raises

+
GSSError

+

+

+

+
+

+

+get_mic_iov_length(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: Optional[int] = None)[source]

+
Allocate space for the MIC buffer in the given IOV message.

+
This method allocates space for the MIC token buffer
+(mic_token) in the given IOV
+message.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns

+
None

+

+
Raises

+
GSSError

+

+

+

+
+

+

+verify_mic_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: Optional[int] = None)[source]

+
Verify that the MIC matches the data in the given IOV message.

+
This method verifies that the MIC token in the MIC buffer
+(mic_token) match the data
+buffer(s) in the given IOV method.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+

+

+
Returns

+
the QoP used to generate the MIC token

+

+
Return type

+
int

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
Global Grid Forum (GGF) Extensions

+
GGF Extensions

+
GGF provides extended credential and security context inquiry that allows
+application to retrieve more information about the client’s credentials and
+security context. One common use case is to use
+inquire_sec_context_by_oid() to retrieve the “session” key that is
+required by the SMB protocol for signing and encrypting a message.

+
Draft IETF document for these extensions can be found at
+https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00

+

+

+inquire_cred_by_oid(cred_handle: gssapi.raw.creds.Creds, desired_aspect: gssapi.raw.oids.OID)[source]

+
This method inspects a Creds object for
+information specific to a particular desired aspect as an OID.

+

+
Parameters

+
    
+
  • cred_handle (Creds) – the Credentials to query
    • 
+
  • desired_aspect (OID) – the desired aspect of the
+Credentials to inquire about.
    • 
+

+

+
Returns

+
A list of zero or more pieces of data (as bytes objects)

+

+
Return type

+
list

+

+
Raises

+
GSSError

+

+

+

+
+

+

+inquire_sec_context_by_oid(context: gssapi.raw.sec_contexts.SecurityContext, desired_aspect: gssapi.raw.oids.OID)[source]

+
This method inspects a SecurityContext
+object for information specific to a particular desired aspect as an OID.

+
This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
+retrieve the required key that is used to derive the SMB/SAMBA signing and
+encryption keys.

+

+
Parameters

+
    
+
  • context (SecurityContext) – the Security
+Context to query
    • 
+
  • desired_aspect (OID) – the desired aspect of the
+Security Context to inquire about.
    • 
+

+

+
Returns

+
A list of zero or more pieces of data (as bytes objects)

+

+
Return type

+
list

+

+
Raises

+
GSSError

+

+

+

+
+

+

+set_sec_context_option(desired_aspect: gssapi.raw.oids.OID, context: gssapi.raw.sec_contexts.SecurityContext, value: Optional[bytes] = None)[source]

+
This method is used to set a value for a specific OID of a
+SecurityContext object. The OID and value
+to pass in depends on the mech the SecurityContext backs.

+
An example of how this can be used would be to reset the NTLM crypto engine
+used in gss-ntlmssp. The OID that controls this value is
+‘1.3.6.1.4.1.7165.655.1.3’ and it takes it a byte value that represents
+an int32 where 1 resets the verifier handle and any other int resets the
+sender handle.

+

+
Parameters

+
    
+
  • desired_aspect (OID) – the desired aspect of the
+Security Context to set the value for.
    • 
+
  • context (SecurityContext) – the Security
+Context to set, or None to create a new context.
    • 
+
  • value (bytes) – the value to set on the desired aspect of the Security
+Context or None to send GSS_C_EMPTY_BUFFER.
    • 
+

+

+
Returns

+
The output security context.

+

+
Return type

+
SecurityContext

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
Services4User Extensions

+
Service4User Extension

+

+

+acquire_cred_impersonate_name(impersonator_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, lifetime: Optional[int] = None, mechs: Optional[Iterable[gssapi.raw.oids.OID]] = None, usage: str = 'initiate')[source]

+
Acquire credentials by impersonating another name.

+
This method is one of the ways to use S4U2Self.  It acquires credentials
+by impersonating another name using a set of proxy credentials.  The
+impersonator credentials must have a usage of ‘both’ or ‘initiate’.

+

+
Parameters

+
    
+
  • impersonator_cred (Creds) – the credentials with
+permissions to impersonate the target name
    • 
+
  • name (Name) – the name to impersonate
    • 
+
  • lifetime (int) – the lifetime for the credentials (or None for
+indefinite) in seconds
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work (or None for the default set)
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+

+

+
Returns

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not support)

+

+
Return type

+
AcquireCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+add_cred_impersonate_name(input_cred: gssapi.raw.creds.Creds, impersonator_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'initiate', init_lifetime: Optional[int] = None, accept_lifetime: Optional[int] = None)[source]

+
Add a credentials element to a credential by impersonating another name.

+
This method is one of the ways to use S4U2Self.  It adds credentials
+to the input credentials by impersonating another name using a set of
+proxy credentials.  The impersonator credentials must have a usage of
+‘both’ or ‘initiate’.

+

+
Parameters

+
    
+
  • input_cred (Creds) – the set of credentials to which
+to add the new credentials
    • 
+
  • impersonator_cred (Creds) – the credentials with
+permissions to impersonate the target name
    • 
+
  • name (Name) – the name to impersonate
    • 
+
  • mech (MechType) – the desired mechanism. Note that
+this is both
+singular and required, unlike acquireCredImpersonateName
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+
  • init_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to initiate security contexts (or None
+for indefinite)
    • 
+
  • accept_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to accept security contexts (or None
+for indefinite)
    • 
+

+

+
Returns

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL in seconds, and the actual acceptor TTL
+in seconds (the TTLs may be None for indefinite or not supported)

+

+
Return type

+
AddCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
Acquiring Credentials With a Password Extensions

+

+

+acquire_cred_with_password(name: gssapi.raw.names.Name, password: bytes, lifetime: Optional[int] = None, mechs: Optional[Iterable[gssapi.raw.oids.OID]] = None, usage: str = 'initiate')[source]

+
Acquire credentials through provided password.

+
This function is originally from Solaris and is not documented by either
+MIT or Heimdal.

+
In general, it functions similarly to
+acquire_cred().

+

+
Parameters

+
    
+
  • name (Name) – the name to acquire credentials for
    • 
+
  • password (bytes) – the password used to acquire credentialss with
    • 
+
  • lifetime (int) – the lifetime for the credentials in seconds (or None
+for indefinite)
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work (or None for the default set)
    • 
+
  • usage (str) – usage type for credentials.  Possible values:
+‘initiate’ (default), ‘accept’, ‘both’ (failsafe).
    • 
+

+

+
Returns

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not supported)

+

+
Return type

+
AcquireCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+add_cred_with_password(input_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, password: bytes, usage: str = 'initiate', init_lifetime: Optional[int] = None, accept_lifetime: Optional[int] = None)[source]

+
Add a credential-element to a credential using provided password.

+
This function is originally from Solaris and is not documented by either
+MIT or Heimdal.

+
In general, it functions similarly to add_cred().

+

+
Parameters

+
    
+
  • input_cred (Creds) – the credentials to add to
    • 
+
  • name (Name) – the name to acquire credentials for
    • 
+
  • mech (MechType) – the desired mechanism.  Note that
+this is both singular and required
    • 
+
  • password (bytes) – the password used to acquire credentialss with
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+
  • init_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to initiate security contexts (or None
+for indefinite)
    • 
+
  • accept_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to accept security contexts (or None
+for indefinite)
    • 
+

+

+
Returns

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL in seconds, and the actual acceptor TTL
+in seconds (the TTLs may be None for indefinite or not supported)

+

+
Return type

+
AddCredResult

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
Kerberos Specific Extensions

+

+

+class Krb5LucidContext[source]

+
The base container returned by krb5_export_lucid_sec_context() when
+an unknown version was requested.

+

+
+

+

+class Krb5LucidContextV1[source]

+
Kerberos context data returned by krb5_export_lucid_sec_context()
+when version 1 was requested.

+

+

+property cfx_kd[source]

+
Key data for protocol 1 (RFC4121)

+
This will be set when protocol is 1.

+

+
Returns

+
the RFC4121 key data

+

+
Return type

+
Optional[CfxKeyData]

+

+

+

+
+

+

+property endtime[source]

+
Expiration time of the context

+

+
Returns

+
the expiration time of the context

+

+
Return type

+
Optional[int]

+

+

+

+
+

+

+property is_initiator[source]

+
Whether the context was the initiator

+

+
Returns

+
True when the exported context was the
+initiator

+

+
Return type

+
Optional[bool]

+

+

+

+
+

+

+property protocol[source]

+
The protocol number

+
If the protocol number is 0 then rfc1964_kd is set and
+cfx_kd is None. If the protocol number is 1 then the opposite
+is true.

+
Protocol 0 refers to RFC1964 and 1 refers to RFC4121.

+

+
Returns

+
the protocol number

+

+
Return type

+
Optional[int]

+

+

+

+
+

+

+property recv_seq[source]

+
Receiver sequence number

+

+
Returns

+
the receiver sequence number

+

+
Return type

+
Optional[int]

+

+

+

+
+

+

+property rfc1964_kd[source]

+
Keydata for protocol 0 (RFC1964)

+
This will be set when protocol is 0.

+

+
Returns

+
the RFC1964 key data

+

+
Return type

+
Optional[Rfc1964KeyData]

+

+

+

+
+

+

+property send_seq[source]

+
Sender sequence number

+

+
Returns

+
the sender sequence number

+

+
Return type

+
Optional[int]

+

+

+

+
+

+

+property version[source]

+
The structure version number

+

+
Returns

+
the structure version number

+

+
Return type

+
Optional[int]

+

+

+

+
+

+
+

+

+krb5_ccache_name(name: Optional[bytes])[source]

+
Set the default Kerberos Protocol credentials cache name.

+
This method sets the default credentials cache name for use by he Kerberos
+mechanism. The default credentials cache is used by
+acquire_cred() to create a GSS-API credential. It
+is also used by init_sec_context() when
+GSS_C_NO_CREDENTIAL is specified.

+

+
Note

+
Heimdal does not return the old name when called. It also does not
+reset the ccache lookup behaviour when setting to None.

+

+

+
Note

+
The return value may not be thread safe.

+

+

+
Parameters

+
name (Optional[bytes]) – the name to set as the new thread specific
+ccache name. Set to None to revert back to getting the ccache
+from the config/environment settings.

+

+
Returns

+
the old name that was previously set

+

+
Return type

+
bytes

+

+
Raises

+
GSSError

+

+

+

+
+

+

+krb5_export_lucid_sec_context(context: gssapi.raw.sec_contexts.SecurityContext, version: int)[source]

+
Returns a non-opaque version of the internal context info.

+
Gets information about the Kerberos security context passed in. Currently
+only version 1 is known and supported by this library.

+

+
Note

+
The context handle must not be used again by the caller after this
+call.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • version (int) – the output structure version to export.  Currently
+only 1 is supported.
    • 
+

+

+
Returns

+
the non-opaque version context info

+

+
Return type

+
Krb5LucidContext

+

+
Raises

+
GSSError

+

+

+

+
+

+

+krb5_extract_authtime_from_sec_context(context: gssapi.raw.sec_contexts.SecurityContext)[source]

+
Get the auth time for the security context.

+
Gets the auth time for the established security context.

+

+
Note

+
Heimdal can only get the authtime on the acceptor security context.
+MIT is able to get the authtime on both initiators and acceptors.

+

+

+
Parameters

+
context (SecurityContext) – the current
+security context

+

+
Returns

+
the authtime

+

+
Return type

+
int

+

+
Raises

+
GSSError

+

+

+

+
+

+

+krb5_extract_authz_data_from_sec_context(context: gssapi.raw.sec_contexts.SecurityContext, ad_type: int)[source]

+
Extracts Kerberos authorization data.

+
Extracts authorization data that may be stored within the context.

+

+
Note

+
Only operates on acceptor contexts.

+

+

+
Parameters

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • ad_type (int) – the type of data to extract
    • 
+

+

+
Returns

+
the raw authz data from the sec context

+

+
Return type

+
bytes

+

+
Raises

+
GSSError

+

+

+

+
+

+

+krb5_get_tkt_flags(context: gssapi.raw.sec_contexts.SecurityContext)[source]

+
Return ticket flags for the kerberos ticket.

+
Return the ticket flags for the kerberos ticket received when
+authenticating the initiator.

+

+
Note

+
Heimdal can only get the tkt flags on the acceptor security context.
+MIT is able to get the tkt flags on initiators and acceptors.

+

+

+
Parameters

+
context (SecurityContext) – the security
+context

+

+
Returns

+
the ticket flags for the received kerberos ticket

+

+
Return type

+
int

+

+
Raises

+
GSSError

+

+

+

+
+

+

+krb5_import_cred(cred_handle: gssapi.raw.creds.Creds, cache: Optional[int] = None, keytab_principal: Optional[int] = None, keytab: Optional[int] = None)[source]

+
Import Krb5 credentials into GSSAPI credential.

+
Imports the krb5 credentials (either or both of the keytab and cache) into
+the GSSAPI credential so it can be used within GSSAPI. The ccache is
+copied by reference and thus shared, so if the credential is destroyed,
+all users of cred_handle will fail.

+

+
Parameters

+
    
+
  • cred_handle (Creds) – the credential handle to import into
    • 
+
  • cache (int) – the krb5_ccache address pointer, as an int, to import
+from
    • 
+
  • keytab_principal (int) – the krb5_principal address pointer, as an int,
+of the credential to import
    • 
+
  • keytab (int) – the krb5_keytab address pointer, as an int, of the
+keytab to import
    • 
+

+

+
Returns

+
None

+

+
Raises

+
GSSError

+

+

+

+
+

+

+krb5_set_allowable_enctypes(cred_handle: gssapi.raw.creds.Creds, ktypes: Iterable[int])[source]

+
Limits the keys that can be exported.

+
Called by a context initiator after acquiring the creds but before calling
+init_sec_context() to restrict the set of
+enctypes which will be negotiated during context establisment to those in
+the provided list.

+

+
Warning

+
The cred_handle should not be GSS_C_NO_CREDENTIAL.

+

+

+
Parameters

+
    
+
  • cred_hande (Creds) – the credential handle
    • 
+
  • ktypes (List[int]) – list of enctypes allowed
    • 
+

+

+
Returns

+
None

+

+
Raises

+
GSSError

+

+

+

+
+

+

+
Other Extensions

+
gss_set_cred_option

+
Provides a way to set options on a credential based on the OID specified. A
+common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
+credential. This is used for interoperability with Microsoft’s SSPI.

+
Note this function is commonly lumped with the GGF extensions but they are not
+part of the GGF IETF draft so it’s separated into it’s own file.

+
Closest draft IETF document for the gss_set_cred_option can be found at
+https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01

+

+

+set_cred_option(desired_aspect: gssapi.raw.oids.OID, creds: Optional[gssapi.raw.creds.Creds] = None, value: Optional[bytes] = None)[source]

+
This method is used to set options of a Creds
+object based on an OID key. The options that can be set depends on the mech
+the credentials were created with.

+
An example of how this can be used would be to set the
+GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
+this flag is ‘1.2.752.43.13.29’ and it requires no value to be set. This
+must be set before the SecurityContext was initialised with the
+credentials.

+

+
Parameters

+
    
+
  • desired_aspect (OID) – the desired aspect of the
+Credential to set.
    • 
+
  • cred_handle (Creds) – the Credentials to set, or None
+to create a new credential.
    • 
+
  • value (bytes) – the value to set on the desired aspect of the Credential
+or None to send GSS_C_EMPTY_BUFFER.
    • 
+

+

+
Returns

+
The output credential.

+

+
Return type

+
Creds

+

+
Raises

+
GSSError

+

+

+

+
+

+

+

+
Results

+

+

+class AcquireCredResult(creds: gssapi.raw.creds.Creds, mechs: Set[OID], lifetime: int)[source]

+
Credential result when acquiring a GSSAPI credential.

+
Create new instance of AcquireCredResult(creds, mechs, lifetime)

+

+

+creds: gssapi.raw.creds.Creds

+
GSSAPI credentials that were acquired

+

+
+

+

+mechs: Set[OID]

+
Set of mechs the cred is for

+

+
+

+

+lifetime: int

+
Number of seconds for which the cred will remain valid

+

+
+

+
+

+

+class InquireCredResult(name: Optional[gssapi.raw.names.Name], lifetime: Optional[int], usage: Optional[str], mechs: Optional[Set[OID]])[source]

+
Information about the credential.

+
Create new instance of InquireCredResult(name, lifetime, usage, mechs)

+

+

+name: Optional[gssapi.raw.names.Name]

+
The principal associated with the credential

+

+
+

+

+lifetime: Optional[int]

+
Number of seconds which the cred is valid for

+

+
+

+

+usage: Optional[str]

+
How the credential can be used

+

+
+

+

+mechs: Optional[Set[OID]]

+
Set of mechs the cred is for

+

+
+

+
+

+

+class InquireCredByMechResult(name: Optional[gssapi.raw.names.Name], init_lifetime: Optional[int], accept_lifetime: Optional[int], usage: Optional[str])[source]

+
Information about the credential for a specific mechanism.

+
Create new instance of InquireCredByMechResult(name, init_lifetime, accept_lifetime, usage)

+

+

+name: Optional[gssapi.raw.names.Name]

+
The principal associated with the credential

+

+
+

+

+init_lifetime: Optional[int]

+
Time valid for initiation, in seconds

+

+
+

+

+accept_lifetime: Optional[int]

+
Time valid for accepting, in seconds

+

+
+

+

+usage: Optional[str]

+
How the credential can be used

+

+
+

+
+

+

+class AddCredResult(creds: Optional[gssapi.raw.creds.Creds], mechs: Set[OID], init_lifetime: int, accept_lifetime: int)[source]

+
Result of adding to a GSSAPI credential.

+
Create new instance of AddCredResult(creds, mechs, init_lifetime, accept_lifetime)

+

+

+creds: Optional[gssapi.raw.creds.Creds]

+
The credential that was generated

+

+
+

+

+mechs: Set[OID]

+
Set of mechs the cred is for

+

+
+

+

+init_lifetime: int

+
Time valid for initiation, in seconds

+

+
+

+

+accept_lifetime: int

+
Time valid for accepting, in seconds

+

+
+

+
+

+

+class DisplayNameResult(name: bytes, name_type: Optional[OID])[source]

+
Textual representation of a GSSAPI name.

+
Create new instance of DisplayNameResult(name, name_type)

+

+

+name: bytes

+
The representation of the GSSAPI name

+

+
+

+

+name_type: Optional[OID]

+
The type of GSSAPI name

+

+
+

+
+

+

+class WrapResult(message: bytes, encrypted: bool)[source]

+
Wrapped message result.

+
Create new instance of WrapResult(message, encrypted)

+

+

+message: bytes

+
The wrapped message

+

+
+

+

+encrypted: bool

+
Whether the message is encrypted and not just signed

+

+
+

+
+

+

+class UnwrapResult(message: bytes, encrypted: bool, qop: int)[source]

+
Unwrapped message result.

+
Create new instance of UnwrapResult(message, encrypted, qop)

+

+

+message: bytes

+
The unwrapped message

+

+
+

+

+encrypted: bool

+
Whether the message was encrypted and not just signed

+

+
+

+

+qop: int

+
The quality of protection applied to the message

+

+
+

+
+

+

+class AcceptSecContextResult(context: gssapi.raw.sec_contexts.SecurityContext, initiator_name: gssapi.raw.names.Name, mech: OID, token: Optional[bytes], flags: RequirementFlag, lifetime: int, delegated_creds: Optional[gssapi.raw.creds.Creds], more_steps: bool)[source]

+
Result when accepting a security context by an initiator.

+
Create new instance of AcceptSecContextResult(context, initiator_name, mech, token, flags, lifetime, delegated_creds, more_steps)

+

+

+context: gssapi.raw.sec_contexts.SecurityContext

+
The acceptor security context

+

+
+

+

+initiator_name: gssapi.raw.names.Name

+
The authenticated name of the initiator

+

+
+

+

+mech: OID

+
Mechanism with which the context was established

+

+
+

+

+token: Optional[bytes]

+
Token to be returned to the initiator

+

+
+

+

+flags: RequirementFlag

+
Services requested by the initiator

+

+
+

+

+lifetime: int

+
Seconds for which the context is valid for

+

+
+

+

+delegated_creds: Optional[gssapi.raw.creds.Creds]

+
Delegated credentials

+

+
+

+

+more_steps: bool

+
More input is required to complete the exchange

+

+
+

+
+

+

+class InitSecContextResult(context: gssapi.raw.sec_contexts.SecurityContext, mech: OID, flags: RequirementFlag, token: Optional[bytes], lifetime: int, more_steps: bool)[source]

+
Result when initiating a security context

+
Create new instance of InitSecContextResult(context, mech, flags, token, lifetime, more_steps)

+

+

+context: gssapi.raw.sec_contexts.SecurityContext

+
The initiator security context

+

+
+

+

+mech: OID

+
Mechanism used in the security context

+

+
+

+

+flags: RequirementFlag

+
Services available for the context

+

+
+

+

+token: Optional[bytes]

+
Token to be sent to the acceptor

+

+
+

+

+lifetime: int

+
Seconds for which the context is valid for

+

+
+

+

+more_steps: bool

+
More input is required to complete the exchange

+

+
+

+
+

+

+class InquireContextResult(initiator_name: Optional[gssapi.raw.names.Name], target_name: Optional[gssapi.raw.names.Name], lifetime: Optional[int], mech: Optional[OID], flags: Optional[RequirementFlag], locally_init: Optional[bool], complete: Optional[bool])[source]

+
Information about the security context.

+
Create new instance of InquireContextResult(initiator_name, target_name, lifetime, mech, flags, locally_init, complete)

+

+

+initiator_name: Optional[gssapi.raw.names.Name]

+
Name of the initiator

+

+
+

+

+target_name: Optional[gssapi.raw.names.Name]

+
Name of the acceptor

+

+
+

+

+lifetime: Optional[int]

+
Time valid for the security context, in seconds

+

+
+

+

+mech: Optional[OID]

+
Mech used to create the security context

+

+
+

+

+flags: Optional[RequirementFlag]

+
Services available for the context

+

+
+

+

+locally_init: Optional[bool]

+
Context was initiated locally

+

+
+

+

+complete: Optional[bool]

+
Context has been established and ready to use

+

+
+

+
+

+

+class StoreCredResult(mechs: List[OID], usage: str)[source]

+
Result of the credential storing operation.

+
Create new instance of StoreCredResult(mechs, usage)

+

+

+mechs: List[OID]

+
Mechs that were stored in the credential store

+

+
+

+

+usage: str

+
How the credential can be used

+

+
+

+
+

+

+class IOVUnwrapResult(encrypted: bool, qop: int)[source]

+
Unwrapped IOV message result.

+
Create new instance of IOVUnwrapResult(encrypted, qop)

+

+

+encrypted: bool

+
Whether the message was encrypted and not just signed

+

+
+

+

+qop: int

+
The quality of protection applied to the message

+

+
+

+
+

+

+class InquireNameResult(attrs: List[bytes], is_mech_name: bool, mech: OID)[source]

+
Information about a GSSAPI Name.

+
Create new instance of InquireNameResult(attrs, is_mech_name, mech)

+

+

+attrs: List[bytes]

+
Set of attribute names

+

+
+

+

+is_mech_name: bool

+
Name is a mechanism name

+

+
+

+

+mech: OID

+
The mechanism if is_name_mech is True

+

+
+

+
+

+

+class GetNameAttributeResult(values: List[bytes], display_values: List[bytes], authenticated: bool, complete: bool)[source]

+
GSSAPI Name attribute values.

+
Create new instance of GetNameAttributeResult(values, display_values, authenticated, complete)

+

+

+values: List[bytes]

+
Raw values

+

+
+

+

+display_values: List[bytes]

+
Human-readable values

+

+
+

+

+authenticated: bool

+
Attribute has been authenticated

+

+
+

+

+complete: bool

+
Attribute value is marked as complete

+

+
+

+
+

+

+class InquireAttrsResult(mech_attrs: Set[OID], known_mech_attrs: Set[OID])[source]

+
Set of attributes supported and known by a mechanism.

+
Create new instance of InquireAttrsResult(mech_attrs, known_mech_attrs)

+

+

+mech_attrs: Set[OID]

+
The mechanisms attributes

+

+
+

+

+known_mech_attrs: Set[OID]

+
Known attributes of the mechanism

+

+
+

+
+

+

+class DisplayAttrResult(name: bytes, short_desc: bytes, long_desc: bytes)[source]

+
Information about an attribute.

+
Create new instance of DisplayAttrResult(name, short_desc, long_desc)

+

+

+name: bytes

+
The mechanism name

+

+
+

+

+short_desc: bytes

+
Short description of the mechanism

+

+
+

+

+long_desc: bytes

+
Long description of the mechanism

+

+
+

+
+

+

+class InquireSASLNameResult(sasl_mech_name: bytes, mech_name: bytes, mech_description: bytes)[source]

+
SASL informmation about a GSSAPI Name.

+
Create new instance of InquireSASLNameResult(sasl_mech_name, mech_name, mech_description)

+

+

+sasl_mech_name: bytes

+
The SASL name

+

+
+

+

+mech_name: bytes

+
The mechanism name

+

+
+

+

+mech_description: bytes

+
The mechanism description

+

+
+

+
+

+

+class Rfc1964KeyData(sign_alg: int, seal_alg: int, key_type: int, key: bytes)[source]

+
Security context key data based on RFC1964.

+
Create new instance of Rfc1964KeyData(sign_alg, seal_alg, key_type, key)

+

+

+sign_alg: int

+
Signing algorithm identifier

+

+
+

+

+seal_alg: int

+
Sealing algorithm identifier

+

+
+

+

+key_type: int

+
Key encryption type identifier

+

+
+

+

+key: bytes

+
Encryption key data

+

+
+

+
+

+

+class CfxKeyData(ctx_key_type: int, ctx_key: bytes, acceptor_subkey_type: Optional[int], acceptor_subkey: Optional[bytes])[source]

+
Securty context key data.

+
Create new instance of CfxKeyData(ctx_key_type, ctx_key, acceptor_subkey_type, acceptor_subkey)

+

+

+ctx_key_type: int

+
Context key encryption type identifier

+

+
+

+

+ctx_key: bytes

+
Context key data - session or sub-session key

+

+
+

+

+acceptor_subkey_type: Optional[int]

+
Acceptor key enc type identifier

+

+
+

+

+acceptor_subkey: Optional[bytes]

+
Acceptor key data

+

+
+

+
+

+

+
Exceptions

+

+

+exception BadChannelBindingsError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadMICError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadMechanismError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadNameError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadNameTypeError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadQoPError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadStatusError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ContextReadError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterReadError, MissingContextError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ContextWriteError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterWriteError, MissingContextError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception CredentialsReadError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterReadError, MissingCredentialsError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception CredentialsWriteError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterWriteError, MissingCredentialsError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception DuplicateCredentialsElementError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception DuplicateTokenError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredContextError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredCredentialsError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredTokenError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception GSSError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: Exception

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+

+calling_code

+

+
+

+

+gen_message()

+
Retrieves all messages for this error’s status codes

+
This method retrieves all messages for this error’s status codes,
+and forms them into a string for use as an exception message

+

+
Returns

+
a string for use as this error’s message

+

+
Return type

+
str

+

+

+

+
+

+

+get_all_statuses(code: int, is_maj: bool)

+
Retrieve all messages for a status code.

+
This method retrieves all human-readable messages
+available for the given status code.

+

+
Parameters

+
    
+
  • code – the status code in question
    • 
+
  • is_maj – whether this is a major status code (True)
+or minor status code (False)
    • 
+

+

+
Returns

+

+
A list of string messages associated with the
given code

+

+

+

+

+
Return type

+
[str]

+

+

+

+
+

+

+maj_code

+

+
+

+

+min_code

+

+
+

+

+routine_code

+

+
+

+

+supplementary_code

+

+
+

+

+token

+

+
+

+
+

+

+exception InvalidCredentialsError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception InvalidTokenError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MalformedParameterError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MechanismNameRequiredError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MissingContextError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MissingCredentialsError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception NameReadError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterReadError, BadNameError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception NameTypeReadError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterReadError, BadNameTypeError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception OperationUnavailableError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ParameterReadError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ParameterWriteError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception SupplementaryError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenOutOfSequenceError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenReadError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: ParameterReadError, InvalidTokenError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenTooEarlyError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: TokenOutOfSequenceError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenTooLateError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: TokenOutOfSequenceError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception UnauthorizedError(maj_code: int, min_code: int, token: Optional[bytes] = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/gssapi/__init__.py b/gssapi/__init__.py
deleted file mode 100644
index 73aa9dfb..00000000
--- a/gssapi/__init__.py
+++ /dev/null
@@ -1,54 +0,0 @@
-"""High-Level GSSAPI Bindings
-
-The high-level API contains three main classes, which represent
-the primary abstractions that GSSAPI provides:
-
-    Name (see gssapi.names)
-
-    Credentials (see gssapi.creds)
-
-    SecurityContext (see gssapi.sec_contexts)
-
-Additionally, a number of helper classes shared with the low-level API
-exist as well:
-
-    Enums (see gssapi.raw.types) --
-        NameType, RequirementFlag, AddressType, MechType
-
-    IntEnumFlagSet (see gssapi.raw.types)
-
-    OID (see gssapi.raw.oids)
-
-Note:
-
-    Classes in the high-level API inherit from the corresponding
-    classes in the low-level API, and thus may be passed in to
-    low-level API functions.
-"""
-
-import gssapi._win_config  # noqa
-
-from gssapi.raw.types import NameType, RequirementFlag, AddressType  # noqa
-from gssapi.raw.types import MechType, IntEnumFlagSet  # noqa
-from gssapi.raw.oids import OID  # noqa
-
-from gssapi.creds import Credentials  # noqa
-from gssapi.names import Name  # noqa
-from gssapi.sec_contexts import SecurityContext  # noqa
-from gssapi.mechs import Mechanism  # noqa
-
-from gssapi._utils import set_encoding  # noqa
-
-__all__ = [
-    'AddressType',
-    'Credentials',
-    'IntEnumFlagSet',
-    'Mechanism',
-    'MechType',
-    'Name',
-    'NameType',
-    'OID',
-    'RequirementFlag',
-    'SecurityContext',
-    'set_encoding',
-]
diff --git a/gssapi/_utils.py b/gssapi/_utils.py
deleted file mode 100644
index 0a2d8132..00000000
--- a/gssapi/_utils.py
+++ /dev/null
@@ -1,195 +0,0 @@
-import sys
-import types
-import typing as t
-
-import decorator as deco
-
-from gssapi.raw.misc import GSSError
-
-if t.TYPE_CHECKING:
-    from gssapi.sec_contexts import SecurityContext
-
-
-def import_gssapi_extension(
-    name: str,
-) -> t.Optional[types.ModuleType]:
-    """Import a GSSAPI extension module
-
-    This method imports a GSSAPI extension module based
-    on the name of the extension (not including the
-    'ext_' prefix).  If the extension is not available,
-    the method retuns None.
-
-    Args:
-        name (str): the name of the extension
-
-    Returns:
-        module: Either the extension module or None
-    """
-
-    try:
-        path = 'gssapi.raw.ext_{0}'.format(name)
-        __import__(path)
-        return sys.modules[path]
-    except ImportError:
-        return None
-
-
-def inquire_property(
-    name: str,
-    doc: t.Optional[str] = None
-) -> property:
-    """Creates a property based on an inquire result
-
-    This method creates a property that calls the
-    :python:`_inquire` method, and return the value of the
-    requested information.
-
-    Args:
-        name (str): the name of the 'inquire' result information
-
-    Returns:
-        property: the created property
-    """
-
-    def inquire_property(self: "SecurityContext") -> t.Any:
-        if not self._started:
-            msg = (f"Cannot read {name} from a security context whose "
-                   "establishment has not yet been started.")
-            raise AttributeError(msg)
-
-        return getattr(self._inquire(**{name: True}), name)
-
-    return property(inquire_property, doc=doc)
-
-
-# use UTF-8 as the default encoding, like Python 3
-_ENCODING = 'UTF-8'
-
-
-def _get_encoding() -> str:
-    """Gets the current encoding used for strings.
-
-    This value is used to encode and decode string
-    values like names.
-
-    Returns:
-        str: the current encoding
-    """
-    return _ENCODING
-
-
-def set_encoding(
-    enc: str,
-) -> None:
-    """Sets the current encoding used for strings
-
-    This value is used to encode and decode string
-    values like names.
-
-    Args:
-        enc: the encoding to use
-    """
-
-    global _ENCODING
-    _ENCODING = enc
-
-
-def _encode_dict(
-    d: t.Dict[t.Union[bytes, str], t.Union[bytes, str]],
-) -> t.Dict[bytes, bytes]:
-    """Encodes any relevant strings in a dict"""
-    def enc(x: t.Union[bytes, str]) -> bytes:
-        if isinstance(x, str):
-            return x.encode(_ENCODING)
-        else:
-            return x
-
-    return {enc(k): enc(v) for k, v in d.items()}
-
-
-# in case of Python 3, just use exception chaining
-@deco.decorator
-def catch_and_return_token(
-    func: t.Callable,
-    self: "SecurityContext",
-    *args: t.Any,
-    **kwargs: t.Any,
-) -> t.Optional[bytes]:
-    """Optionally defer exceptions and return a token instead
-
-    When `__DEFER_STEP_ERRORS__` is set on the implementing class
-    or instance, methods wrapped with this wrapper will
-    catch and save their :python:`GSSError` exceptions and
-    instead return the result token attached to the exception.
-
-    The exception can be later retrived through :python:`_last_err`
-    (and :python:`_last_tb` when Python 2 is in use).
-    """
-
-    try:
-        return func(self, *args, **kwargs)
-    except GSSError as e:
-        defer_step_errors = getattr(self, '__DEFER_STEP_ERRORS__', False)
-        if e.token is not None and defer_step_errors:
-            self._last_err = e
-            # skip the "return func" line above in the traceback
-            tb = e.__traceback__.tb_next  # type: ignore[union-attr]
-            self._last_err.__traceback__ = tb
-
-            return e.token
-        else:
-            raise
-
-
-@deco.decorator
-def check_last_err(
-    func: t.Callable,
-    self: "SecurityContext",
-    *args: t.Any,
-    **kwargs: t.Any,
-) -> t.Any:
-    """Check and raise deferred errors before running the function
-
-    This method checks :python:`_last_err` before running the wrapped
-    function.  If present and not None, the exception will be raised
-    with its original traceback.
-    """
-
-    if self._last_err is not None:
-        try:
-            raise self._last_err
-        finally:
-            self._last_err = None
-    else:
-        return func(self, *args, **kwargs)
-
-
-class CheckLastError(type):
-    """Check for a deferred error on all methods
-
-    This metaclass applies the :python:`check_last_err` decorator
-    to all methods not prefixed by '_'.
-
-    Additionally, it enabled `__DEFER_STEP_ERRORS__` by default.
-    """
-
-    def __new__(
-        cls,
-        name: str,
-        parents: t.Tuple[t.Type],
-        attrs: t.Dict[str, t.Any],
-    ) -> "CheckLastError":
-        attrs['__DEFER_STEP_ERRORS__'] = True
-
-        for attr_name in attrs:
-            attr = attrs[attr_name]
-
-            # wrap only methods
-            if not isinstance(attr, types.FunctionType):
-                continue
-
-            if attr_name[0] != '_':
-                attrs[attr_name] = check_last_err(attr)
-
-        return super(CheckLastError, cls).__new__(cls, name, parents, attrs)
diff --git a/gssapi/_win_config.py b/gssapi/_win_config.py
deleted file mode 100644
index 1ef0a581..00000000
--- a/gssapi/_win_config.py
+++ /dev/null
@@ -1,89 +0,0 @@
-"""
-Using GSSAPI on Windows requires having an installation of Kerberos for Windows
-(KfW) available in the user's PATH. This module should be imported before
-anything else to check for that installation, add it to the PATH if necessary,
-and throw any errors before they manifest as cryptic missing DLL errors later
-down the import tree.
-"""
-
-import os
-import shutil
-import sys
-import ctypes
-
-#: Path to normal KfW installed bin folder
-KFW_BIN = os.path.join(
-    os.environ.get('ProgramFiles', r'C:\Program Files'),
-    'MIT', 'Kerberos', 'bin',
-)
-#: Download location for KfW
-KFW_DL = "https://web.mit.edu/KERBEROS/dist"
-
-# Mypy needs to run on both Win and non-Win so the missing attribute will fire
-# on non-Win and Win will fire with unused ignore. Instead just cache the attr
-# by name and use it as needed.
-ADD_DLL_DIR = getattr(os, "add_dll_directory", None)
-CTYPES_WIN_DLL = getattr(ctypes, "WinDLL", ctypes.CDLL)
-
-
-def _add_dll_directory(path: str) -> None:
-    if ADD_DLL_DIR:
-        ADD_DLL_DIR(path)
-
-
-def kfw_available() -> bool:
-    """Return if the main GSSAPI DLL for KfW can be loaded"""
-    try:  # to load the main GSSAPI DLL
-        if sys.maxsize > 2**32:
-            CTYPES_WIN_DLL('gssapi64.dll')
-        else:
-            CTYPES_WIN_DLL('gssapi32.dll')
-    except OSError:  # DLL is not in PATH
-        return False
-    else:  # DLL is in PATH, everything should work
-        return True
-
-
-def error_not_found() -> None:
-    """Raise an OSError detailing that KfW is missing and how to get it"""
-    raise OSError(
-        "Could not find KfW installation. Please download and install "
-        "the 64bit Kerberos for Windows MSI from %s and ensure the "
-        "'bin' folder (%s) is in your PATH."
-        % (KFW_DL, KFW_BIN)
-    )
-
-
-def configure_windows() -> None:
-    """
-    Validate that KfW appears to be installed correctly and add it to the
-    DLL directories/PATH if necessary. In the case that it can't be located,
-    raise an error.
-    """
-    if kfw_available():
-        return  # All set, necessary DLLs should be available
-
-    if os.path.exists(KFW_BIN):  # In standard location
-        try:  # to use Python 3.8's DLL handling
-            _add_dll_directory(KFW_BIN)
-        except AttributeError:  # <3.8, use PATH
-            os.environ['PATH'] += os.pathsep + KFW_BIN
-        if kfw_available():
-            return
-
-    # Check if kinit is in the PATH which should lead us to the bin folder
-    kinit_path = shutil.which('kinit')  # KfW provided binary
-    if kinit_path:  # Non-standard install location
-        try:  # Most likely >=3.8, otherwise it would have been found already
-            _add_dll_directory(os.path.dirname(kinit_path))
-        except AttributeError:  # <3.8, corrupted installation?
-            pass
-        else:
-            if kfw_available():
-                return
-
-    error_not_found()
-
-
-if os.name == 'nt':  # Make sure we have the required DLLs
-    configure_windows()
diff --git a/gssapi/creds.py b/gssapi/creds.py
deleted file mode 100644
index ea871a91..00000000
--- a/gssapi/creds.py
+++ /dev/null
@@ -1,476 +0,0 @@
-import typing as t
-
-from gssapi.raw import creds as rcreds
-from gssapi.raw import named_tuples as tuples
-from gssapi.raw import names as rnames
-from gssapi.raw import oids as roids
-from gssapi._utils import import_gssapi_extension, _encode_dict
-
-from gssapi import names
-
-rcred_imp_exp = import_gssapi_extension('cred_imp_exp')
-rcred_s4u = import_gssapi_extension('s4u')
-rcred_cred_store = import_gssapi_extension('cred_store')
-rcred_rfc5588 = import_gssapi_extension('rfc5588')
-
-
-class Credentials(rcreds.Creds):
-    """GSSAPI Credentials
-
-    This class represents a set of GSSAPI credentials which may
-    be used with and/or returned by other GSSAPI methods.
-
-    It inherits from the low-level GSSAPI :class:`~gssapi.raw.creds.Creds`
-    class, and thus may used with both low-level and high-level API methods.
-
-    If your implementation of GSSAPI supports the credentials import-export
-    extension, you may pickle and unpickle this object.
-
-    The constructor either acquires or imports a set of GSSAPI
-    credentials.
-
-    If the `base` argument is used, an existing
-    :class:`~gssapi.raw.creds.Creds` object from the low-level API is
-    converted into a high-level object.
-
-    If the `token` argument is used, the credentials
-    are imported using the token, if the credentials import-export
-    extension is supported (:requires-ext:`cred_imp_exp`).
-
-    Otherwise, the credentials are acquired as per the
-    :meth:`acquire` method.
-
-    Raises:
-        ~gssapi.exceptions.BadMechanismError
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-        ~gssapi.exceptions.ExpiredCredentialsError
-        ~gssapi.exceptions.MissingCredentialsError
-    """
-
-    __slots__ = ()
-
-    def __new__(
-        cls,
-        base: t.Optional[rcreds.Creds] = None,
-        token: t.Optional[bytes] = None,
-        name: t.Optional[rnames.Name] = None,
-        lifetime: t.Optional[int] = None,
-        mechs: t.Optional[t.Iterable[roids.OID]] = None,
-        usage: str = 'both',
-        store: t.Optional[
-            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-        ] = None,
-    ) -> "Credentials":
-        # TODO(directxman12): this is missing support for password
-        #                     (non-RFC method)
-        if base is not None:
-            base_creds = base
-        elif token is not None:
-            if rcred_imp_exp is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not have support for importing and "
-                                          "exporting creditials")
-
-            base_creds = rcred_imp_exp.import_cred(token)
-        else:
-            res = cls.acquire(name, lifetime, mechs, usage,
-                              store=store)
-            base_creds = res.creds
-
-        return t.cast("Credentials",
-                      super(Credentials, cls).__new__(cls, base_creds))
-
-    @property
-    def name(self) -> names.Name:
-        """Get the name associated with these credentials"""
-        return t.cast(names.Name,
-                      self.inquire(name=True, lifetime=False, usage=False,
-                                   mechs=False).name)
-
-    @property
-    def lifetime(self) -> int:
-        """Get the remaining lifetime of these credentials, in seconds"""
-        return t.cast(int,
-                      self.inquire(name=False, lifetime=True,
-                                   usage=False, mechs=False).lifetime)
-
-    @property
-    def mechs(self) -> t.Set[roids.OID]:
-        """Get the mechanisms for these credentials"""
-        return t.cast(t.Set[roids.OID],
-                      self.inquire(name=False, lifetime=False,
-                                   usage=False, mechs=True).mechs)
-
-    @property
-    def usage(self) -> str:
-        """Get the usage (initiate, accept, or both) of these credentials"""
-        return t.cast(str,
-                      self.inquire(name=False, lifetime=False,
-                                   usage=True, mechs=False).usage)
-
-    @classmethod
-    def acquire(
-        cls,
-        name: t.Optional[rnames.Name] = None,
-        lifetime: t.Optional[int] = None,
-        mechs: t.Optional[t.Iterable[roids.OID]] = None,
-        usage: str = 'both',
-        store: t.Optional[
-            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-        ] = None,
-    ) -> tuples.AcquireCredResult:
-        """Acquire GSSAPI credentials
-
-        This method acquires credentials.  If the `store` argument is
-        used, the credentials will be acquired from the given
-        credential store (if supported).  Otherwise, the credentials are
-        acquired from the default store.
-
-        The credential store information is a dictionary containing
-        mechanisms-specific keys and values pointing to a credential store
-        or stores.
-
-        Using a non-default store requires support for the credentials store
-        extension.
-
-        Args:
-            name (~gssapi.names.Name): the name associated with the
-                credentials, or None for the default name
-            lifetime (int): the desired lifetime of the credentials in seconds,
-                or None for indefinite
-            mechs (list): the desired :class:`MechType` OIDs to be used
-                with the credentials, or None for the default set
-            usage (str): the usage for the credentials -- either 'both',
-                'initiate', or 'accept'
-            store (dict): the credential store information pointing to the
-                credential store from which to acquire the credentials,
-                or None for the default store (:requires-ext:`cred_store`)
-
-        Returns:
-            AcquireCredResult: the acquired credentials and information about
-            them
-
-        Raises:
-            ~gssapi.exceptions.BadMechanismError
-            ~gssapi.exceptions.BadNameTypeError
-            ~gssapi.exceptions.BadNameError
-            ~gssapi.exceptions.ExpiredCredentialsError
-            ~gssapi.exceptions.MissingCredentialsError
-        """
-
-        if store is None:
-            res = rcreds.acquire_cred(name, lifetime,
-                                      mechs, usage)
-        else:
-            if rcred_cred_store is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not have support for manipulating "
-                                          "credential stores")
-
-            b_store = _encode_dict(store)
-
-            res = rcred_cred_store.acquire_cred_from(b_store, name,
-                                                     lifetime, mechs,
-                                                     usage)
-
-        return tuples.AcquireCredResult(cls(base=res.creds), res.mechs,
-                                        res.lifetime)
-
-    def store(
-        self,
-        store: t.Optional[
-            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-        ] = None,
-        usage: str = 'both',
-        mech: t.Optional[roids.OID] = None,
-        overwrite: bool = False,
-        set_default: bool = False,
-    ) -> tuples.StoreCredResult:
-        """Store these credentials into the given store
-
-        This method stores the current credentials into the specified
-        credentials store.  If the default store is used, support for
-        :rfc:`5588` is required.  Otherwise, support for the credentials
-        store extension is required.
-
-        :requires-ext:`rfc5588` or :requires-ext:`cred_store`
-
-        Args:
-            store (dict): the store into which to store the credentials,
-                or None for the default store.
-            usage (str): the usage to store the credentials with -- either
-                'both', 'initiate', or 'accept'
-            mech (~gssapi.OID): the :class:`MechType` to associate with the
-                stored credentials
-            overwrite (bool): whether or not to overwrite existing credentials
-                stored with the same name, etc
-            set_default (bool): whether or not to set these credentials as
-                the default credentials for the given store.
-
-        Returns:
-            StoreCredResult: the results of the credential storing operation
-
-        Raises:
-            ~gssapi.exceptions.GSSError
-            ~gssapi.exceptions.ExpiredCredentialsError
-            ~gssapi.exceptions.MissingCredentialsError
-            ~gssapi.exceptions.OperationUnavailableError
-            ~gssapi.exceptions.DuplicateCredentialsElementError
-        """
-
-        if store is None:
-            if rcred_rfc5588 is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not have support for RFC 5588")
-
-            return rcred_rfc5588.store_cred(self, usage, mech,
-                                            overwrite, set_default)
-        else:
-            if rcred_cred_store is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not have support for manipulating "
-                                          "credential stores directly")
-
-            b_store = _encode_dict(store)
-
-            return rcred_cred_store.store_cred_into(b_store, self, usage, mech,
-                                                    overwrite, set_default)
-
-    def impersonate(
-        self,
-        name: t.Optional[rnames.Name] = None,
-        lifetime: t.Optional[int] = None,
-        mechs: t.Optional[t.Iterable[roids.OID]] = None,
-        usage: str = 'initiate',
-    ) -> "Credentials":
-        """Impersonate a name using the current credentials
-
-        This method acquires credentials by impersonating another
-        name using the current credentials.
-
-        :requires-ext:`s4u`
-
-        Args:
-            name (~gssapi.names.Name): the name to impersonate
-            lifetime (int): the desired lifetime of the new credentials in
-                seconds, or None for indefinite
-            mechs (list): the desired :class:`MechType` OIDs for the new
-                credentials
-            usage (str): the desired usage for the new credentials -- either
-                'both', 'initiate', or 'accept'.  Note that some mechanisms
-                may only support 'initiate'.
-
-        Returns:
-            Credentials: the new credentials impersonating the given name
-        """
-
-        if rcred_s4u is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "have support for S4U")
-
-        res = rcred_s4u.acquire_cred_impersonate_name(self, name,
-                                                      lifetime, mechs,
-                                                      usage)
-
-        return type(self)(base=res.creds)
-
-    def inquire(
-        self,
-        name: bool = True,
-        lifetime: bool = True,
-        usage: bool = True,
-        mechs: bool = True,
-    ) -> tuples.InquireCredResult:
-        """Inspect these credentials for information
-
-        This method inspects these credentials for information about them.
-
-        Args:
-            name (bool): get the name associated with the credentials
-            lifetime (bool): get the remaining lifetime for the credentials
-            usage (bool): get the usage for the credentials
-            mechs (bool): get the mechanisms associated with the credentials
-
-        Returns:
-            InquireCredResult: the information about the credentials,
-            with None used when the corresponding argument was False
-
-        Raises:
-            ~gssapi.exceptions.MissingCredentialsError
-            ~gssapi.exceptions.InvalidCredentialsError
-            ~gssapi.exceptions.ExpiredCredentialsError
-        """
-
-        res = rcreds.inquire_cred(self, name, lifetime, usage, mechs)
-
-        if res.name is not None:
-            res_name = names.Name(res.name)
-        else:
-            res_name = None
-
-        return tuples.InquireCredResult(res_name, res.lifetime,
-                                        res.usage, res.mechs)
-
-    def inquire_by_mech(
-        self,
-        mech: roids.OID,
-        name: bool = True,
-        init_lifetime: bool = True,
-        accept_lifetime: bool = True,
-        usage: bool = True,
-    ) -> tuples.InquireCredByMechResult:
-        """Inspect these credentials for per-mechanism information
-
-        This method inspects these credentials for per-mechanism information
-        about them.
-
-        Args:
-            mech (~gssapi.OID): the mechanism for which to retrieve the
-                information
-            name (bool): get the name associated with the credentials
-            init_lifetime (bool): get the remaining initiate lifetime for
-                the credentials in seconds
-            accept_lifetime (bool): get the remaining accept lifetime for
-                the credentials in seconds
-            usage (bool): get the usage for the credentials
-
-        Returns:
-            InquireCredByMechResult: the information about the credentials,
-            with None used when the corresponding argument was False
-        """
-
-        res = rcreds.inquire_cred_by_mech(self, mech, name, init_lifetime,
-                                          accept_lifetime, usage)
-
-        if res.name is not None:
-            res_name = names.Name(res.name)
-        else:
-            res_name = None
-
-        return tuples.InquireCredByMechResult(res_name,
-                                              res.init_lifetime,
-                                              res.accept_lifetime,
-                                              res.usage)
-
-    def add(
-        self,
-        name: rnames.Name,
-        mech: roids.OID,
-        usage: str = 'both',
-        init_lifetime: t.Optional[int] = None,
-        accept_lifetime: t.Optional[int] = None,
-        impersonator: t.Optional[rcreds.Creds] = None,
-        store: t.Optional[
-            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-        ] = None,
-    ) -> "Credentials":
-        """Acquire more credentials to add to the current set
-
-        This method works like :meth:`acquire`, except that it adds the
-        acquired credentials for a single mechanism to a copy of the current
-        set, instead of creating a new set for multiple mechanisms.
-        Unlike :meth:`acquire`, you cannot pass None desired name or
-        mechanism.
-
-        If the `impersonator` argument is used, the credentials will
-        impersonate the given name using the impersonator credentials
-        (:requires-ext:`s4u`).
-
-        If the `store` argument is used, the credentials will be acquired
-        from the given credential store (:requires-ext:`cred_store`).
-        Otherwise, the credentials are acquired from the default store.
-
-        The credential store information is a dictionary containing
-        mechanisms-specific keys and values pointing to a credential store
-        or stores.
-
-        Note that the `store` argument is not compatible with the
-        `impersonator` argument.
-
-        Args:
-            name (~gssapi.names.Name): the name associated with the
-                credentials
-            mech (~gssapi.OID): the desired :class:`MechType` to be used with
-                the credentials
-            usage (str): the usage for the credentials -- either 'both',
-                'initiate', or 'accept'
-            init_lifetime (int): the desired initiate lifetime of the
-                credentials in seconds, or None for indefinite
-            accept_lifetime (int): the desired accept lifetime of the
-                credentials in seconds, or None for indefinite
-            impersonator (Credentials): the credentials to use to impersonate
-                the given name, or None to not acquire normally
-                (:requires-ext:`s4u`)
-            store (dict): the credential store information pointing to the
-                credential store from which to acquire the credentials,
-                or None for the default store (:requires-ext:`cred_store`)
-
-        Returns:
-            Credentials: the credentials set containing the current credentials
-            and the newly acquired ones.
-
-        Raises:
-            ~gssapi.exceptions.BadMechanismError
-            ~gssapi.exceptions.BadNameTypeError
-            ~gssapi.exceptions.BadNameError
-            ~gssapi.exceptions.DuplicateCredentialsElementError
-            ~gssapi.exceptions.ExpiredCredentialsError
-            ~gssapi.exceptions.MissingCredentialsError
-        """
-
-        if store is not None and impersonator is not None:
-            raise ValueError('You cannot use both the `impersonator` and '
-                             '`store` arguments at the same time')
-
-        if store is not None:
-            if rcred_cred_store is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not have support for manipulating "
-                                          "credential stores")
-            b_store = _encode_dict(store)
-
-            res = rcred_cred_store.add_cred_from(b_store, self, name, mech,
-                                                 usage, init_lifetime,
-                                                 accept_lifetime)
-        elif impersonator is not None:
-            if rcred_s4u is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not have support for S4U")
-            res = rcred_s4u.add_cred_impersonate_name(self, impersonator,
-                                                      name, mech, usage,
-                                                      init_lifetime,
-                                                      accept_lifetime)
-        else:
-            res = rcreds.add_cred(self, name, mech, usage, init_lifetime,
-                                  accept_lifetime)
-
-        return Credentials(res.creds)
-
-    def export(self) -> bytes:
-        """Export these credentials into a token
-
-        This method exports the current credentials to a token that can
-        then be imported by passing the `token` argument to the constructor.
-
-        This is often used to pass credentials between processes.
-
-        :requires-ext:`cred_imp_exp`
-
-        Returns:
-            bytes: the exported credentials in token form
-        """
-
-        if rcred_imp_exp is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "have support for importing and "
-                                      "exporting creditials")
-
-        return rcred_imp_exp.export_cred(self)
-
-    # pickle protocol support
-    def __reduce__(
-        self,
-    ) -> t.Tuple[t.Type["Credentials"], t.Tuple[None, bytes]]:
-        # the unpickle arguments to new are (base=None, token=self.export())
-        return (type(self), (None, self.export()))
diff --git a/gssapi/exceptions.py b/gssapi/exceptions.py
deleted file mode 100644
index 4775bfe1..00000000
--- a/gssapi/exceptions.py
+++ /dev/null
@@ -1,47 +0,0 @@
-import typing as t
-
-from gssapi.raw.exceptions import *  # noqa
-from gssapi.raw.misc import GSSError  # noqa
-
-"""High-Level API Errors
-
-This module includes several high-level exceptions,
-in addition to GSSError and exceptions from
-:mod:`gssapi.raw.exceptions`.
-"""
-
-
-# non-GSS exceptions
-class GeneralError(Exception):
-    """A General High-Level API Error"""
-    MAJOR_MESSAGE = "General error"
-    FMT_STR = "{maj}: {min}."
-
-    def __init__(
-        self,
-        minor_message: str,
-        **kwargs: str,
-    ) -> None:
-        maj_str = self.MAJOR_MESSAGE.format(**kwargs)
-        err_str = self.FMT_STR.format(maj=maj_str, min=minor_message)
-        super(GeneralError, self).__init__(err_str)
-
-
-class UnknownUsageError(GeneralError):
-    """An Error indicating an unknown usage type"""
-    MAJOR_MESSAGE = "Unable to determine {obj} usage"
-
-
-class EncryptionNotUsed(GeneralError):
-    """An Error indicating that encryption was requested, but not used"""
-    MAJOR_MESSAGE = "Confidentiality was requested, but not used"
-
-    def __init__(
-        self,
-        minor_message: str,
-        unwrapped_message: t.Optional[bytes] = None,
-        **kwargs: str,
-    ) -> None:
-        super(EncryptionNotUsed, self).__init__(minor_message, **kwargs)
-
-        self.unwrapped_message = unwrapped_message
diff --git a/gssapi/mechs.py b/gssapi/mechs.py
deleted file mode 100644
index a6d7d18c..00000000
--- a/gssapi/mechs.py
+++ /dev/null
@@ -1,219 +0,0 @@
-import typing as t
-
-from gssapi._utils import import_gssapi_extension
-from gssapi.raw import oids as roids
-from gssapi.raw import misc as rmisc
-from gssapi.raw import named_tuples as tuples
-from gssapi.raw import names as rnames
-from gssapi import _utils
-
-rfc5587 = import_gssapi_extension('rfc5587')
-rfc5801 = import_gssapi_extension('rfc5801')
-
-
-class Mechanism(roids.OID):
-    """
-    A GSSAPI Mechanism
-
-    This class represents a mechanism and centralizes functions dealing with
-    mechanisms and can be used with any calls.
-
-    It inherits from the low-level GSSAPI :class:`~gssapi.raw.oids.OID` class,
-    and thus can be used with both low-level and high-level API calls.
-    """
-    def __new__(
-        cls,
-        cpy: t.Optional[roids.OID] = None,
-        elements: t.Optional[bytes] = None,
-    ) -> "Mechanism":
-        return t.cast("Mechanism",
-                      super(Mechanism, cls).__new__(cls, cpy, elements))
-
-    @property
-    def name_types(self) -> t.Set[roids.OID]:
-        """
-        Get the set of name types supported by this mechanism.
-        """
-        return rmisc.inquire_names_for_mech(self)
-
-    @property
-    def _saslname(self) -> tuples.InquireSASLNameResult:
-        if rfc5801 is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "have support for RFC 5801")
-        return rfc5801.inquire_saslname_for_mech(self)
-
-    @property
-    def _attrs(self) -> tuples.InquireAttrsResult:
-        if rfc5587 is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "have support for RFC 5587")
-
-        return rfc5587.inquire_attrs_for_mech(self)
-
-    def __str__(self) -> str:
-        return self._bytes_desc().decode(_utils._get_encoding())
-
-    def __unicode__(self) -> str:
-        return self._bytes_desc().decode(_utils._get_encoding())
-
-    def _bytes_desc(self) -> bytes:
-        base: t.Union[bytes, str] = self.dotted_form
-        if rfc5801 is not None and self._saslname and self._saslname.mech_name:
-            base = self._saslname.mech_name
-
-        if isinstance(base, str):
-            base = base.encode(_utils._get_encoding())
-
-        return base
-
-    def __repr__(self) -> str:
-        """
-        Get a name representing the mechanism; always safe to call
-        """
-        base = "" % self.dotted_form
-        if rfc5801 is not None:
-            base = "" % (
-                self._saslname.mech_name.decode('UTF-8'),
-                self.dotted_form
-            )
-
-        return base
-
-    @property
-    def sasl_name(self) -> str:
-        """
-        Get the SASL name for the mechanism
-
-        :requires-ext:`rfc5801`
-        """
-        return self._saslname.sasl_mech_name.decode('UTF-8')
-
-    @property
-    def description(self) -> str:
-        """
-        Get the description of the mechanism
-
-        :requires-ext:`rfc5801`
-        """
-        return self._saslname.mech_description.decode('UTF-8')
-
-    @property
-    def known_attrs(self) -> t.Set[roids.OID]:
-        """
-        Get the known attributes of the mechanism; returns a set of OIDs
-        ([OID])
-
-        :requires-ext:`rfc5587`
-        """
-        return self._attrs.known_mech_attrs
-
-    @property
-    def attrs(self) -> t.Set[roids.OID]:
-        """
-        Get the attributes of the mechanism; returns a set of OIDs ([OID])
-
-        :requires-ext:`rfc5587`
-        """
-        return self._attrs.mech_attrs
-
-    @classmethod
-    def all_mechs(cls) -> t.Iterator["Mechanism"]:
-        """
-        Get a generator of all mechanisms supported by GSSAPI
-        """
-        return (cls(mech) for mech in rmisc.indicate_mechs())
-
-    @classmethod
-    def from_name(
-        cls,
-        name: rnames.Name,
-    ) -> t.Iterator["Mechanism"]:
-        """
-        Get a generator of mechanisms that may be able to process the name
-
-        Args:
-            name (~gssapi.names.Name): a name to inquire about
-
-        Returns:
-            [Mechanism]: a set of mechanisms which support this name
-
-        Raises:
-            ~gssapi.exceptions.GSSError
-        """
-        return (cls(mech) for mech in rmisc.inquire_mechs_for_name(name))
-
-    @classmethod
-    def from_sasl_name(
-        cls,
-        name: t.Optional[t.Union[bytes, str]] = None,
-    ) -> "Mechanism":
-        """
-        Create a Mechanism from its SASL name
-
-        Args:
-            name (str): SASL name of the desired mechanism
-
-        Returns:
-            Mechanism: the desired mechanism
-
-        Raises:
-            ~gssapi.exceptions.GSSError
-
-        :requires-ext:`rfc5801`
-        """
-        if rfc5801 is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "have support for RFC 5801")
-        if isinstance(name, str):
-            name = name.encode(_utils._get_encoding())
-
-        m = rfc5801.inquire_mech_for_saslname(name)
-
-        return cls(m)
-
-    @classmethod
-    def from_attrs(
-        cls,
-        desired_attrs: t.Optional[
-            t.Union[roids.OID, t.Iterable[roids.OID]]
-        ] = None,
-        except_attrs: t.Optional[
-            t.Union[roids.OID, t.Iterable[roids.OID]]
-        ] = None,
-        critical_attrs: t.Optional[
-            t.Union[roids.OID, t.Iterable[roids.OID]]
-        ] = None,
-    ) -> t.Iterator["Mechanism"]:
-        """
-        Get a generator of mechanisms supporting the specified attributes. See
-        RFC 5587's :func:`indicate_mechs_by_attrs` for more information.
-
-        Args:
-            desired_attrs ([OID]): Desired attributes
-            except_attrs ([OID]): Except attributes
-            critical_attrs ([OID]): Critical attributes
-
-        Returns:
-            [Mechanism]: A set of mechanisms having the desired features.
-
-        Raises:
-            ~gssapi.exceptions.GSSError
-
-        :requires-ext:`rfc5587`
-        """
-        if isinstance(desired_attrs, roids.OID):
-            desired_attrs = set([desired_attrs])
-        if isinstance(except_attrs, roids.OID):
-            except_attrs = set([except_attrs])
-        if isinstance(critical_attrs, roids.OID):
-            critical_attrs = set([critical_attrs])
-
-        if rfc5587 is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "have support for RFC 5587")
-
-        mechs = rfc5587.indicate_mechs_by_attrs(desired_attrs,
-                                                except_attrs,
-                                                critical_attrs)
-        return (cls(mech) for mech in mechs)
diff --git a/gssapi/names.py b/gssapi/names.py
deleted file mode 100644
index c6fd972a..00000000
--- a/gssapi/names.py
+++ /dev/null
@@ -1,421 +0,0 @@
-
-import typing as t
-
-from gssapi.raw import names as rname
-from gssapi.raw import NameType
-from gssapi.raw import named_tuples as tuples
-from gssapi.raw import oids as roids
-from gssapi import _utils
-
-from collections.abc import MutableMapping, Iterable
-
-rname_rfc6680 = _utils.import_gssapi_extension('rfc6680')
-rname_rfc6680_comp_oid = _utils.import_gssapi_extension('rfc6680_comp_oid')
-
-
-class Name(rname.Name):
-    """A GSSAPI Name
-
-    This class represents a GSSAPI name which may be used with and/or returned
-    by other GSSAPI methods.
-
-    It inherits from the low-level GSSAPI :class:`~gssapi.raw.names.Name`
-    class, and thus may used with both low-level and high-level API methods.
-
-    This class may be pickled and unpickled, as well as copied.
-
-    The :class:`str` and :class:`bytes` methods may be used to retrieve the
-    text of the name.
-
-    Note:
-        Name strings will be automatically converted to and from unicode
-        strings as appropriate.  If a method is listed as returning a
-        :class:`str` object, it will return a unicode string.
-
-        The encoding used will be python-gssapi's current encoding, which
-        defaults to UTF-8.
-    """
-
-    __slots__ = ('_attr_obj')
-
-    def __new__(
-        cls,
-        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
-        name_type: t.Optional[roids.OID] = None,
-        token: t.Optional[bytes] = None,
-        composite: bool = False,
-    ) -> "Name":
-        if token is not None:
-            if composite:
-                if rname_rfc6680 is None:
-                    raise NotImplementedError(
-                        "Your GSSAPI implementation does not support RFC 6680 "
-                        "(the GSSAPI naming extensions)")
-
-                if rname_rfc6680_comp_oid is not None:
-                    base_name = rname.import_name(token,
-                                                  NameType.composite_export)
-                    displ_name = rname.display_name(base_name, name_type=True)
-                    if displ_name.name_type == NameType.composite_export:
-                        # NB(directxman12): there's a bug in MIT krb5 <= 1.13
-                        # where GSS_C_NT_COMPOSITE_EXPORT doesn't trigger
-                        # immediate import logic.  However, we can just use
-                        # the normal GSS_C_NT_EXPORT_NAME in this case.
-                        base_name = rname.import_name(token, NameType.export)
-                else:
-                    # NB(directxman12): some older versions of MIT krb5 don't
-                    # have support for the GSS_C_NT_COMPOSITE_EXPORT, but do
-                    # support composite tokens via GSS_C_NT_EXPORT_NAME.
-                    base_name = rname.import_name(token, NameType.export)
-            else:
-                base_name = rname.import_name(token, NameType.export)
-        elif isinstance(base, rname.Name):
-            base_name = base
-        else:
-            if isinstance(base, str):
-                base = base.encode(_utils._get_encoding())
-
-            base_name = rname.import_name(
-                base,  # type: ignore[arg-type]
-                name_type)
-
-        return t.cast("Name", super(Name, cls).__new__(cls, base_name))
-
-    def __init__(
-        self,
-        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
-        name_type: t.Optional[roids.OID] = None,
-        token: t.Optional[bytes] = None,
-        composite: bool = False,
-    ) -> None:
-        """
-        The constructor can be used to "import" a name from a human readable
-        representation, or from a token, and can also be used to convert a
-        low-level :class:`gssapi.raw.names.Name` object into a high-level
-        object.
-
-        If a :class:`~gssapi.raw.names.Name` object from the low-level API
-        is passed as the `base` argument, it will be converted into a
-        high-level object.
-
-        If the `token` argument is used, the name will be imported using
-        the token.  If the token was exported as a composite token,
-        pass `composite=True`.
-
-        Otherwise, a new name will be created, using the `base` argument as
-        the human-readable string and the `name_type` argument to denote the
-        name type.
-
-        Raises:
-            ~gssapi.exceptions.BadNameTypeError
-            ~gssapi.exceptions.BadNameError
-            ~gssapi.exceptions.BadMechanismError
-        """
-
-        self._attr_obj: t.Optional[_NameAttributeMapping]
-
-        if rname_rfc6680 is not None:
-            self._attr_obj = _NameAttributeMapping(self)
-        else:
-            self._attr_obj = None
-
-    def __str__(self) -> str:
-        return bytes(self).decode(_utils._get_encoding())
-
-    def __unicode__(self) -> str:
-        # Python 2 -- someone asked for unicode
-        return self.__bytes__().decode(_utils._get_encoding())
-
-    def __bytes__(self) -> bytes:
-        # Python 3 -- someone asked for bytes
-        return rname.display_name(self, name_type=False).name
-
-    def display_as(
-        self,
-        name_type: roids.OID,
-    ) -> str:
-        """
-        Display this name as the given name type.
-
-        This method attempts to display the current :class:`Name`
-        using the syntax of the given :class:`~gssapi.raw.types.NameType`, if
-        possible.
-
-        Warning:
-
-            In MIT krb5 versions below 1.13.3, this method can segfault if
-            the name was not *originally* created with a `name_type` that was
-            not ``None`` (even in cases when a ``name_type``
-            is later "added", such as via :meth:`canonicalize`).
-            **Do not use this method unless you are sure the above
-            conditions can never happen in your code.**
-
-        Warning:
-
-            In addition to the above warning, current versions of MIT krb5 do
-            not actually fully implement this method, and it may return
-            incorrect results in the case of canonicalized names.
-
-        :requires-ext:`rfc6680`
-
-        Args:
-            name_type (~gssapi.OID): the :class:`~gssapi.raw.types.NameType` to
-                use to display the given name
-
-        Returns:
-            str: the displayed name
-
-        Raises:
-            ~gssapi.exceptions.OperationUnavailableError
-        """
-
-        if rname_rfc6680 is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "support RFC 6680 (the GSSAPI naming "
-                                      "extensions)")
-        return rname_rfc6680.display_name_ext(self, name_type).decode(
-            _utils._get_encoding())
-
-    @property
-    def name_type(self) -> t.Optional[roids.OID]:
-        """The :class:`~gssapi.raw.types.NameType` of this name"""
-        return rname.display_name(self, name_type=True).name_type
-
-    def __eq__(
-        self,
-        other: object,
-    ) -> bool:
-        if not isinstance(other, rname.Name):
-            # maybe something else can compare this
-            # to other classes, but we certainly can't
-            return NotImplemented
-        else:
-            return rname.compare_name(self, other)
-
-    def __ne__(
-        self,
-        other: object,
-    ) -> bool:
-        return not self.__eq__(other)
-
-    def __repr__(self) -> str:
-        disp_res = rname.display_name(self, name_type=True)
-        return "Name({name!r}, {name_type})".format(
-            name=disp_res.name, name_type=disp_res.name_type)
-
-    def export(
-        self,
-        composite: bool = False,
-    ) -> bytes:
-        """Export this name as a token.
-
-        This method exports the name into a byte string which can then be
-        imported by using the `token` argument of the constructor.
-
-        Args:
-            composite (bool): whether or not use to a composite token --
-                :requires-ext:`rfc6680`
-
-        Returns:
-            bytes: the exported name in token form
-
-        Raises:
-            ~gssapi.exceptions.MechanismNameRequiredError
-            ~gssapi.exceptions.BadNameTypeError
-            ~gssapi.exceptions.BadNameError
-        """
-
-        if composite:
-            if rname_rfc6680 is None:
-                raise NotImplementedError("Your GSSAPI implementation does "
-                                          "not support RFC 6680 (the GSSAPI "
-                                          "naming extensions)")
-
-            return rname_rfc6680.export_name_composite(self)
-        else:
-            return rname.export_name(self)
-
-    def canonicalize(
-        self,
-        mech: roids.OID
-    ) -> "Name":
-        """Canonicalize a name with respect to a mechanism.
-
-        This method returns a new :class:`Name` that is canonicalized according
-        to the given mechanism.
-
-        Args:
-            mech (~gssapi.OID): the :class:`MechType` to use
-
-        Returns:
-            Name: the canonicalized name
-
-        Raises:
-            ~gssapi.exceptions.BadMechanismError
-            ~gssapi.exceptions.BadNameTypeError
-            ~gssapi.exceptions.BadNameError
-        """
-
-        return type(self)(rname.canonicalize_name(self, mech))
-
-    def __copy__(self) -> "Name":
-        return type(self)(rname.duplicate_name(self))
-
-    def __deepcopy__(
-        self,
-        memo: t.Dict,
-    ) -> "Name":
-        return type(self)(rname.duplicate_name(self))
-
-    def _inquire(
-        self,
-        **kwargs: t.Any,
-    ) -> tuples.InquireNameResult:
-        """Inspect this name for information.
-
-        This method inspects the name for information.
-
-        If no keyword arguments are passed, all available information
-        is returned.  Otherwise, only the keyword arguments that
-        are passed and set to `True` are returned.
-
-        Args:
-            mech_name (bool): get whether this is a mechanism name,
-                and, if so, the associated mechanism
-            attrs (bool): get the attributes names for this name
-
-        Returns:
-            InquireNameResult: the results of the inquiry, with unused
-                fields set to None
-
-        Raises:
-            ~gssapi.exceptions.GSSError
-        """
-
-        if rname_rfc6680 is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "support RFC 6680 (the GSSAPI naming "
-                                      "extensions)")
-
-        if not kwargs:
-            default_val = True
-        else:
-            default_val = False
-
-        attrs = kwargs.get('attrs', default_val)
-        mech_name = kwargs.get('mech_name', default_val)
-
-        return rname_rfc6680.inquire_name(self, mech_name=mech_name,
-                                          attrs=attrs)
-
-    @property
-    def is_mech_name(self) -> bool:
-        """Whether or not this name is a mechanism name
-        (:requires-ext:`rfc6680`)
-        """
-        return self._inquire(mech_name=True).is_mech_name
-
-    @property
-    def mech(self) -> roids.OID:
-        """The mechanism associated with this name (:requires-ext:`rfc6680`)
-        """
-        return self._inquire(mech_name=True).mech
-
-    @property
-    def attributes(self) -> t.Optional[MutableMapping]:
-        """The attributes of this name (:requires-ext:`rfc6680`)
-
-        The attributes are presenting in the form of a
-        :class:`~collections.abc.MutableMapping` (a dict-like object).
-
-        Retrieved values will always be in the form of :class:`frozenset`.
-
-        When assigning values, if iterables are used, they be considered to be
-        the set of values for the given attribute.  If a non-iterable is used,
-        it will be considered a single value, and automatically wrapped in an
-        iterable.
-
-        Note:
-            String types (includes :class:`bytes`) are not considered to
-            be iterables in this case.
-        """
-        if self._attr_obj is None:
-            raise NotImplementedError("Your GSSAPI implementation does not "
-                                      "support RFC 6680 (the GSSAPI naming "
-                                      "extensions)")
-
-        return self._attr_obj
-
-
-class _NameAttributeMapping(MutableMapping):
-
-    """Provides dict-like access to RFC 6680 Name attributes."""
-    def __init__(
-        self,
-        name: Name,
-    ) -> None:
-        self._name = name
-
-    def __getitem__(
-        self,
-        key: t.Union[bytes, str],
-    ) -> tuples.GetNameAttributeResult:
-        if isinstance(key, str):
-            key = key.encode(_utils._get_encoding())
-
-        res = rname_rfc6680.get_name_attribute(  # type: ignore[union-attr]
-            self._name, key)
-        res = t.cast(tuples.GetNameAttributeResult, res)
-
-        return tuples.GetNameAttributeResult(list(res.values),
-                                             list(res.display_values),
-                                             res.authenticated,
-                                             res.complete)
-
-    def __setitem__(
-        self,
-        key: t.Union[bytes, str],
-        value: t.Union[
-            tuples.GetNameAttributeResult, t.Tuple[bytes, bool], bytes
-        ],
-    ) -> None:
-        if isinstance(key, str):
-            key = key.encode(_utils._get_encoding())
-
-        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
-            self._name, key)
-
-        attr_value: t.List[bytes]
-        if isinstance(value, tuples.GetNameAttributeResult):
-            complete = value.complete
-            attr_value = value.values
-        elif isinstance(value, tuple) and len(value) == 2:
-            complete = t.cast(bool, value[1])
-            attr_value = [t.cast(bytes, value[0])]
-        else:
-            complete = False
-
-        if (isinstance(value, (str, bytes)) or
-                not isinstance(value, Iterable)):
-            # NB(directxman12): this allows us to easily assign a single
-            # value, since that's a common case
-            attr_value = [value]
-
-        rname_rfc6680.set_name_attribute(  # type: ignore[union-attr]
-            self._name, key, attr_value, complete=complete)
-
-    def __delitem__(
-        self,
-        key: t.Union[bytes, str],
-    ) -> None:
-        if isinstance(key, str):
-            key = key.encode(_utils._get_encoding())
-
-        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
-            self._name, key)
-
-    def __iter__(self) -> t.Iterator[bytes]:
-        return iter(self._name._inquire(attrs=True).attrs)
-
-    def __len__(self) -> int:
-        return len(self._name._inquire(attrs=True).attrs)
diff --git a/gssapi/py.typed b/gssapi/py.typed
deleted file mode 100644
index e69de29b..00000000
diff --git a/gssapi/raw/__init__.py b/gssapi/raw/__init__.py
deleted file mode 100644
index 0699c419..00000000
--- a/gssapi/raw/__init__.py
+++ /dev/null
@@ -1,151 +0,0 @@
-"""Low-Level GSSAPI Bindings
-
-The low-level API presents a series of methods designed
-to closely mimic the C API presented in RFC 2744 and
-associated RFCs.
-
-In this API, classes are simply thin wrappers around C
-constructs, and generally lack instance methods.  However,
-classes will automatically free associated memory (so the
-release_xyz methods are not necessary to call).
-
-The core RFC 2744 components are organized into the following
-submodules:
-
-    gssapi.raw.names -- Names
-
-    gssapi.raw.creds -- Credentials
-
-    gssapi.raw.sec_contexts -- Security Contexts
-
-    gssapi.raw.message -- Message encryption, decryption, etc
-
-    gssapi.raw.misc -- Miscellaneous functions
-
-    gssapi.raw.types -- Miscellaneous types (enums, etc)
-
-    gssapi.raw.exceptions -- Exceptions
-
-Additionally, a number of extensions may be present.  All extensions
-are in modules of the form `gssapi.raw.ext_xyz`.
-
-All available functions and classes can be accessed directly from this
-module (`gssapi.raw`) -- it is unnecessary to directly import submodules.
-"""
-
-
-import pkgutil
-import importlib
-
-from gssapi.raw import _enum_extensions
-
-# NB(directxman12): the enum extensions must be imported BEFORE ANYTHING ELSE!
-for modinf in pkgutil.iter_modules(_enum_extensions.__path__):
-    name = modinf[1]
-    importlib.import_module('{0}._enum_extensions.{1}'.format(__name__, name))
-
-del pkgutil
-del importlib
-
-from gssapi.raw.creds import *  # noqa
-from gssapi.raw.message import *  # noqa
-from gssapi.raw.misc import *  # noqa
-from gssapi.raw.exceptions import *  # noqa
-from gssapi.raw.names import *  # noqa
-from gssapi.raw.sec_contexts import *  # noqa
-from gssapi.raw.oids import *  # noqa
-from gssapi.raw.types import *  # noqa
-from gssapi.raw.chan_bindings import *  # noqa
-
-# optional S4U support
-try:
-    from gssapi.raw.ext_s4u import *  # noqa
-except ImportError:
-    pass  # no s4u support in the system's GSSAPI library
-
-# optional cred store support
-try:
-    from gssapi.raw.ext_cred_store import *  # noqa
-except ImportError:
-    pass
-
-# optional RFC 4178 support
-try:
-    from gssapi.raw.ext_rfc4178 import *  # noqa
-except ImportError:
-    pass
-
-# optional RFC 5587 support
-try:
-    from gssapi.raw.ext_rfc5587 import *  # noqa
-except ImportError:
-    pass
-
-# optional RFC 5588 support
-try:
-    from gssapi.raw.ext_rfc5588 import *  # noqa
-except ImportError:
-    pass
-
-# optional RFC 5801 support
-try:
-    from gssapi.raw.ext_rfc5801 import *  # noqa
-except ImportError:
-    pass
-
-try:
-    from gssapi.raw.ext_cred_imp_exp import *  # noqa
-except ImportError:
-    pass
-
-# optional KRB5 mech support
-try:
-    import gssapi.raw.mech_krb5  # noqa
-except ImportError:
-    pass
-
-# optional password support
-try:
-    from gssapi.raw.ext_password import *  # noqa
-    from gssapi.raw.ext_password_add import *  # noqa
-except ImportError:
-    pass
-
-# optional DCE (IOV) support
-try:
-    from gssapi.raw.ext_dce import *  # noqa
-    # optional IOV MIC support (requires DCE support)
-    from gssapi.raw.ext_iov_mic import *  # noqa
-except ImportError:
-    pass
-
-# optional DCE (AEAD) support
-try:
-    from gssapi.raw.ext_dce_aead import *  # noqa
-except ImportError:
-    pass
-
-# optional KRB5 specific extension support
-try:
-    from gssapi.raw.ext_krb5 import *  # noqa
-except ImportError:
-    pass
-
-# optional RFC 6680 support
-try:
-    from gssapi.raw.ext_rfc6680 import *  # noqa
-    from gssapi.raw.ext_rfc6680_comp_oid import *  # noqa
-except ImportError:
-    pass
-
-# optional Global Grid Forum support
-try:
-    from gssapi.raw.ext_ggf import *  # noqa
-except ImportError:
-    pass
-
-# optional set_cred_option support
-try:
-    from gssapi.raw.ext_set_cred_opt import *  # noqa
-except ImportError:
-    pass
diff --git a/gssapi/raw/_enum_extensions/__init__.py b/gssapi/raw/_enum_extensions/__init__.py
deleted file mode 100644
index 96622e1f..00000000
--- a/gssapi/raw/_enum_extensions/__init__.py
+++ /dev/null
@@ -1,41 +0,0 @@
-import typing as t
-
-from enum import EnumMeta
-
-
-_extra_values: t.Dict[str, t.Dict[str, t.Any]] = {}
-
-
-def register_value(
-    cl_str: str,
-    name: str,
-    value: t.Any,
-) -> None:
-    _extra_values[cl_str] = _extra_values.get(cl_str, {})
-    _extra_values[cl_str][name] = value
-
-
-class ExtendableEnum(EnumMeta):
-    def __new__(
-        metacl,
-        name: str,
-        bases: t.Tuple[t.Type],
-        classdict: t.Dict[str, t.Any],
-    ) -> "ExtendableEnum":
-        extra_vals = _extra_values.get(name)
-
-        if extra_vals is not None:
-            for extra_name, extra_val in list(extra_vals.items()):
-                if extra_name in classdict:
-                    raise AttributeError(
-                        "Enumeration extensions cannot override existing "
-                        "enumeration members")
-                else:
-                    classdict[extra_name] = extra_val
-
-        return super(ExtendableEnum, metacl).__new__(
-            metacl,
-            name,
-            bases,
-            classdict,  # type: ignore[arg-type] # Uses private explicit type
-        )
diff --git a/gssapi/raw/_enum_extensions/ext_dce.pyx b/gssapi/raw/_enum_extensions/ext_dce.pyx
deleted file mode 100644
index 190c8285..00000000
--- a/gssapi/raw/_enum_extensions/ext_dce.pyx
+++ /dev/null
@@ -1,14 +0,0 @@
-from gssapi.raw.cython_types cimport OM_uint32
-
-from gssapi.raw import _enum_extensions as ext_registry
-
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 GSS_C_DCE_STYLE
-    OM_uint32 GSS_C_IDENTIFY_FLAG
-    OM_uint32 GSS_C_EXTENDED_ERROR_FLAG
-
-ext_registry.register_value('RequirementFlag', 'dce_style', GSS_C_DCE_STYLE)
-ext_registry.register_value('RequirementFlag', 'identify', GSS_C_IDENTIFY_FLAG)
-ext_registry.register_value('RequirementFlag', 'extended_error',
-                            GSS_C_EXTENDED_ERROR_FLAG)
diff --git a/gssapi/raw/_enum_extensions/ext_iov_mic.pyx b/gssapi/raw/_enum_extensions/ext_iov_mic.pyx
deleted file mode 100644
index 8dd6c5d7..00000000
--- a/gssapi/raw/_enum_extensions/ext_iov_mic.pyx
+++ /dev/null
@@ -1,10 +0,0 @@
-from gssapi.raw.cython_types cimport OM_uint32
-
-from gssapi.raw import _enum_extensions as ext_registry
-
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 GSS_IOV_BUFFER_TYPE_MIC_TOKEN
-
-ext_registry.register_value('IOVBufferType', 'mic_token',
-                            GSS_IOV_BUFFER_TYPE_MIC_TOKEN)
diff --git a/gssapi/raw/chan_bindings.pxd b/gssapi/raw/chan_bindings.pxd
deleted file mode 100644
index bda89b3e..00000000
--- a/gssapi/raw/chan_bindings.pxd
+++ /dev/null
@@ -1,14 +0,0 @@
-from libc.stdlib cimport malloc, free
-
-from gssapi.raw.cython_types cimport *
-
-cdef class ChannelBindings:
-    cdef public object initiator_address_type
-    cdef public bytes initiator_address
-
-    cdef public object acceptor_address_type
-    cdef public bytes acceptor_address
-
-    cdef public bytes application_data
-
-    cdef gss_channel_bindings_t __cvalue__(ChannelBindings self) except NULL
diff --git a/gssapi/raw/chan_bindings.pyi b/gssapi/raw/chan_bindings.pyi
deleted file mode 100644
index bd1a2e1b..00000000
--- a/gssapi/raw/chan_bindings.pyi
+++ /dev/null
@@ -1,30 +0,0 @@
-import typing as t
-
-
-class ChannelBindings:
-    """GSSAPI Channel Bindings
-
-    This class represents a set of GSSAPI channel bindings.
-
-    Args:
-        initiator_address_type: the initiator address type
-        initiator_address: the initiator address
-        acceptor_address_type:  the acceptor address type
-        acceptor_address: the acceptor address
-        application_data: additional application-specific data
-    """
-
-    initiator_address_type: t.Optional[int]
-    initiator_address: t.Optional[bytes]
-    acceptor_address_type: t.Optional[int]
-    acceptor_address: t.Optional[bytes]
-    application_data: t.Optional[bytes]
-
-    def __init__(
-        self,
-        initiator_address_type: t.Optional[int] = None,
-        initiator_address: t.Optional[bytes] = None,
-        acceptor_address_type: t.Optional[int] = None,
-        acceptor_address: t.Optional[bytes] = None,
-        application_data: t.Optional[bytes] = None,
-    ) -> None: ...
diff --git a/gssapi/raw/chan_bindings.pyx b/gssapi/raw/chan_bindings.pyx
deleted file mode 100644
index cb9c6e38..00000000
--- a/gssapi/raw/chan_bindings.pyx
+++ /dev/null
@@ -1,52 +0,0 @@
-from libc.stdlib cimport calloc, free
-
-from gssapi.raw.cython_types cimport *
-
-cdef class ChannelBindings:
-    # defined in pxd file
-    # cdef public object initiator_address_type
-    # cdef public bytes initiator_address
-
-    # cdef public object acceptor_address_type
-    # cdef public bytes acceptor_address
-
-    # cdef public bytes application_data
-
-    def __init__(ChannelBindings self, initiator_address_type=None,
-                 initiator_address=None, acceptor_address_type=None,
-                 acceptor_address=None, application_data=None):
-        self.initiator_address_type = initiator_address_type
-        self.initiator_address = initiator_address
-
-        self.acceptor_address_type = acceptor_address_type
-        self.acceptor_address = acceptor_address
-
-        self.application_data = application_data
-
-    cdef gss_channel_bindings_t __cvalue__(ChannelBindings self) except NULL:
-        """Get the C struct version of the channel bindings"""
-        cdef gss_channel_bindings_t res
-        res = calloc(1, sizeof(res[0]))
-
-        # NB(directxman12): an addrtype of 0 as set by calloc is equivalent
-        #                   to GSS_C_AF_UNSPEC as per RFC 2744
-
-        if self.initiator_address_type is not None:
-            res.initiator_addrtype = self.initiator_address_type
-
-        if self.initiator_address is not None:
-            res.initiator_address.value = self.initiator_address
-            res.initiator_address.length = len(self.initiator_address)
-
-        if self.acceptor_address_type is not None:
-            res.acceptor_addrtype = self.acceptor_address_type
-
-        if self.acceptor_address is not None:
-            res.acceptor_address.value = self.acceptor_address
-            res.acceptor_address.length = len(self.acceptor_address)
-
-        if self.application_data is not None:
-            res.application_data.value = self.application_data
-            res.application_data.length = len(self.application_data)
-
-        return res
diff --git a/gssapi/raw/creds.pxd b/gssapi/raw/creds.pxd
deleted file mode 100644
index dea510c6..00000000
--- a/gssapi/raw/creds.pxd
+++ /dev/null
@@ -1,6 +0,0 @@
-from gssapi.raw.cython_types cimport gss_cred_id_t
-
-
-cdef class Creds:
-    cdef gss_cred_id_t raw_creds
-    cdef bint _free_on_dealloc
diff --git a/gssapi/raw/creds.pyi b/gssapi/raw/creds.pyi
deleted file mode 100644
index 723476cd..00000000
--- a/gssapi/raw/creds.pyi
+++ /dev/null
@@ -1,188 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-    from gssapi.raw.named_tuples import (
-        AcquireCredResult,
-        AddCredResult,
-        InquireCredResult,
-        InquireCredByMechResult,
-    )
-
-
-class Creds:
-    """
-    GSSAPI Credentials
-    """
-
-    def __new__(
-        cls,
-        cpy: t.Optional["Creds"] = None,
-    ) -> "Creds": ...
-
-
-def acquire_cred(
-    name: t.Optional["Name"],
-    lifetime: t.Optional[int] = None,
-    mechs: t.Optional[t.Iterable["OID"]] = None,
-    usage: str = 'both',
-) -> "AcquireCredResult":
-    """Get GSSAPI credentials for the given name and mechanisms.
-
-    This method gets GSSAPI credentials corresponding to the given name
-    and mechanims.  The desired TTL and usage for the the credential may also
-    be specified.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name for which to acquire the
-            credentials (or None for the "no name" functionality)
-        lifetime (int): the lifetime in seconds for the credentials (or None
-            for indefinite)
-        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
-            the credentials should work, or None for the default set
-        usage (str): the usage type for the credentials: may be
-            'initiate', 'accept', or 'both'
-
-    Returns:
-        AcquireCredResult: the resulting credentials, the actual mechanisms
-        with which they may be used, and their actual lifetime in seconds (or
-        None for indefinite or not supported)
-
-    Raises:
-        ~gssapi.exceptions.BadMechanismError
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-        ~gssapi.exceptions.ExpiredCredentialsError
-        ~gssapi.exceptions.MissingCredentialsError
-    """
-
-
-def release_cred(
-    creds: Creds,
-) -> None:
-    """
-    release_cred(creds)
-    Release GSSAPI Credentials.
-
-    This method releases GSSAPI credentials.
-
-    Warning:
-        This method is deprecated.  Credentials are
-        automatically freed by Python.
-
-    Args:
-        creds (Creds): the credentials in question
-
-    Raises:
-        ~gssapi.exceptions.MissingCredentialsError
-    """
-
-
-def add_cred(
-    input_cred: Creds,
-    name: "Name",
-    mech: "OID",
-    usage: str = 'initiate',
-    init_lifetime: t.Optional[int] = None,
-    accept_lifetime: t.Optional[int] = None,
-    mutate_input: bool = False,
-) -> "AddCredResult":
-    """Add a credential element to a credential.
-
-    This method can be used to either compose two credentials (i.e., original
-    and new credential), or to add a new element to an existing credential.
-
-    Args:
-        input_cred (Creds): the set of credentials to which to add the new
-            credentials
-        name (~gssapi.raw.names.Name): name of principal to acquire a
-            credential for
-        mech (~gssapi.raw.types.MechType): the desired security mechanism
-            (required).
-        usage (str): usage type for credentials.  Possible values:
-            'initiate' (default), 'accept', 'both' (failsafe).
-        init_lifetime (int): lifetime of credentials for use in initiating
-            security contexts in seconds (None for indefinite)
-        accept_lifetime (int): lifetime of credentials for use in accepting
-            security contexts in seconds (None for indefinite)
-        mutate_input (bool): whether to mutate the input credentials (True)
-            or produce a new set of credentials (False).  Defaults to False
-
-    Returns:
-        AddCredResult: the actual mechanisms with which the credentials may be
-        used, the actual initiator TTL, and the actual acceptor TTL (None for
-        either indefinite or not supported).  Note that the credentials may
-        be set to None if mutate_input is set to True.
-
-    Raises:
-        ~gssapi.exceptions.BadMechanismError
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-        ~gssapi.exceptions.DuplicateCredentialsElementError
-        ~gssapi.exceptions.ExpiredCredentialsError
-        ~gssapi.exceptions.MissingCredentialsError
-    """
-
-
-def inquire_cred(
-    creds: Creds,
-    name: bool = True,
-    lifetime: bool = True,
-    usage: bool = True,
-    mechs: bool = True,
-) -> "InquireCredResult":
-    """Inspect credentials for information.
-
-    This method inspects a :class:`Creds` object for information.
-
-    Args:
-        creds (Creds): the credentials to inspect
-        name (bool): get the Name associated with the credentials
-        lifetime (bool): get the TTL for the credentials
-        usage (bool): get the usage type of the credentials
-        mechs (bool): the mechanims used with the credentials
-
-    Returns:
-        InquireCredResult: the information about the credentials,
-        with unused fields set to None
-
-    Raises:
-        ~gssapi.exceptions.MissingCredentialsError
-        ~gssapi.exceptions.InvalidCredentialsError
-        ~gssapi.exceptions.ExpiredCredentialsError
-    """
-
-
-def inquire_cred_by_mech(
-    creds: Creds,
-    mech: "OID",
-    name: bool = True,
-    init_lifetime: bool = True,
-    accept_lifetime: bool = True,
-    usage: bool = True,
-) -> "InquireCredByMechResult":
-    """Inspect credentials for mechanism-specific information.
-
-    This method inspects a :class:`Creds` object for information
-    specific to a particular mechanism.  It functions similarly
-    to :func:`inquire_cred`.
-
-    Args:
-        creds (Creds): the credentials to inspect
-        mech (~gssapi.OID): the desired mechanism
-        name (bool): get the Name associated with the credentials
-        init_lifetime (bool): get the initiator TTL for the credentials (in
-            seconds)
-        accept_lifetime (bool): get the acceptor TTL for the credentials (in
-            seconds)
-        usage (bool): get the usage type of the credentials
-
-    Returns:
-        InquireCredByMechResult: the information about the credentials,
-        with unused fields set to None
-
-    Raises:
-        ~gssapi.exceptions.MissingCredentialsError
-        ~gssapi.exceptions.InvalidCredentialsError
-    """
diff --git a/gssapi/raw/creds.pyx b/gssapi/raw/creds.pyx
deleted file mode 100644
index 6a01cd02..00000000
--- a/gssapi/raw/creds.pyx
+++ /dev/null
@@ -1,307 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.cython_converters cimport c_py_ttl_to_c, c_c_ttl_to_py
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.types import MechType, NameType
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
-from gssapi.raw.named_tuples import InquireCredResult, InquireCredByMechResult
-
-
-cdef extern from "python_gssapi.h":
-    OM_uint32 gss_acquire_cred(OM_uint32 *min_stat,
-                               const gss_name_t name,
-                               OM_uint32 ttl,
-                               const gss_OID_set mechs,
-                               gss_cred_usage_t cred_usage,
-                               gss_cred_id_t *creds,
-                               gss_OID_set *actual_mechs,
-                               OM_uint32 *actual_ttl) nogil
-
-    OM_uint32 gss_release_cred(OM_uint32 *min_stat,
-                               gss_cred_id_t *creds) nogil
-
-    OM_uint32 gss_add_cred(OM_uint32 *min_stat,
-                           const gss_cred_id_t base_creds,
-                           const gss_name_t name,
-                           const gss_OID mech,
-                           gss_cred_usage_t cred_usage,
-                           OM_uint32 initiator_ttl,
-                           OM_uint32 acceptor_ttl,
-                           gss_cred_id_t *output_creds,
-                           gss_OID_set *actual_mechs,
-                           OM_uint32 *actual_initiator_ttl,
-                           OM_uint32 *actual_acceptor_ttl) nogil
-
-    # NB(directxman12): this is called frequently, so don't release the GIL
-    OM_uint32 gss_inquire_cred(OM_uint32 *min_stat,
-                               const gss_cred_id_t creds,
-                               gss_name_t *name,
-                               OM_uint32 *ttl,
-                               gss_cred_usage_t *cred_usage,
-                               gss_OID_set *mechs) nogil
-
-    OM_uint32 gss_inquire_cred_by_mech(OM_uint32 *min_stat,
-                                       const gss_cred_id_t cred_handle,
-                                       const gss_OID mech_type,
-                                       gss_name_t *name,
-                                       OM_uint32 *initiator_ttl,
-                                       OM_uint32 *acceptor_ttl,
-                                       gss_cred_usage_t *cred_usage) nogil
-
-
-cdef class Creds:
-    # defined in pxd
-    # cdef gss_cred_id_t raw_creds
-
-    def __cinit__(self, Creds cpy=None):
-        if cpy is not None:
-            self.raw_creds = cpy.raw_creds
-            cpy.raw_creds = GSS_C_NO_CREDENTIAL
-        else:
-            self.raw_creds = GSS_C_NO_CREDENTIAL
-
-    def __dealloc__(self):
-        # essentially just releaseCred(self), but it is unsafe to call
-        # methods
-        cdef OM_uint32 maj_stat, min_stat
-        if self.raw_creds is not GSS_C_NO_CREDENTIAL:
-            maj_stat = gss_release_cred(&min_stat, &self.raw_creds)
-            if maj_stat != GSS_S_COMPLETE:
-                raise GSSError(maj_stat, min_stat)
-            self.raw_creds = NULL
-
-
-def acquire_cred(Name name=None, lifetime=None, mechs=None, usage='both'):
-    cdef gss_OID_set desired_mechs
-    if mechs is not None:
-        desired_mechs = c_get_mech_oid_set(mechs)
-    else:
-        desired_mechs = GSS_C_NO_OID_SET
-
-    cdef OM_uint32 input_ttl = c_py_ttl_to_c(lifetime)
-
-    cdef gss_name_t c_name
-    if name is None:
-        c_name = GSS_C_NO_NAME
-    else:
-        c_name = name.raw_name
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_acquire_cred(&min_stat, c_name, input_ttl,
-                                    desired_mechs, c_usage, &creds,
-                                    &actual_mechs, &actual_ttl)
-
-    cdef OM_uint32 tmp_min_stat
-    if mechs is not None:
-        gss_release_oid_set(&tmp_min_stat, &desired_mechs)
-
-    cdef Creds rc = Creds()
-    if maj_stat == GSS_S_COMPLETE:
-        rc.raw_creds = creds
-        return AcquireCredResult(rc, c_create_oid_set(actual_mechs),
-                                 c_c_ttl_to_py(actual_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def release_cred(Creds creds not None):
-    cdef OM_uint32 maj_stat, min_stat
-    maj_stat = gss_release_cred(&min_stat, &creds.raw_creds)
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-    creds.raw_creds = NULL
-
-
-def add_cred(Creds input_cred, Name name not None, OID mech not None,
-             usage='initiate', init_lifetime=None,
-             accept_lifetime=None, mutate_input=False):
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_cred_id_t raw_input_cred
-    if input_cred is not None:
-        raw_input_cred = input_cred.raw_creds
-    else:
-        raw_input_cred = GSS_C_NO_CREDENTIAL
-
-    cdef OM_uint32 input_initiator_ttl = c_py_ttl_to_c(init_lifetime)
-    cdef OM_uint32 input_acceptor_ttl = c_py_ttl_to_c(accept_lifetime)
-
-    cdef gss_cred_id_t output_creds
-    cdef gss_cred_id_t *output_creds_ptr = NULL
-    if not mutate_input:
-        output_creds_ptr = &output_creds
-
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_initiator_ttl, actual_acceptor_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_add_cred(&min_stat, raw_input_cred, name.raw_name,
-                                &mech.raw_oid, c_usage, input_initiator_ttl,
-                                input_acceptor_ttl, output_creds_ptr,
-                                &actual_mechs, &actual_initiator_ttl,
-                                &actual_acceptor_ttl)
-
-    cdef Creds rc
-    if maj_stat == GSS_S_COMPLETE:
-        if mutate_input:
-            rc = None
-        else:
-            rc = Creds()
-            rc.raw_creds = output_creds
-
-        return AddCredResult(rc, c_create_oid_set(actual_mechs),
-                             c_c_ttl_to_py(actual_initiator_ttl),
-                             c_c_ttl_to_py(actual_acceptor_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_cred(Creds creds not None, name=True, lifetime=True, usage=True,
-                 mechs=True):
-    # TODO(directxman12): add docs
-    cdef gss_name_t res_name
-    cdef gss_name_t *res_name_ptr = NULL
-    if name:
-        res_name_ptr = &res_name
-
-    cdef OM_uint32 res_ttl
-    cdef OM_uint32 *res_ttl_ptr = NULL
-    if lifetime:
-        res_ttl_ptr = &res_ttl
-
-    cdef gss_cred_usage_t res_usage
-    cdef gss_cred_usage_t *res_usage_ptr = NULL
-    if usage:
-        res_usage_ptr = &res_usage
-
-    cdef gss_OID_set res_mechs
-    cdef gss_OID_set *res_mechs_ptr = NULL
-    if mechs:
-        res_mechs_ptr = &res_mechs
-
-    cdef OM_uint32 maj_stat, min_stat
-    maj_stat = gss_inquire_cred(&min_stat, creds.raw_creds, res_name_ptr,
-                                res_ttl_ptr, res_usage_ptr, res_mechs_ptr)
-
-    cdef Name rn
-    if maj_stat == GSS_S_COMPLETE:
-        if name:
-            rn = Name()
-            rn.raw_name = res_name
-        else:
-            rn = None
-
-        py_usage = None
-        if usage:
-            if res_usage == GSS_C_INITIATE:
-                py_usage = 'initiate'
-            elif res_usage == GSS_C_ACCEPT:
-                py_usage = 'accept'
-            elif res_usage == GSS_C_BOTH:
-                py_usage = 'both'
-
-        py_ttl = None
-        if lifetime:
-            py_ttl = c_c_ttl_to_py(res_ttl)
-
-        py_mechs = None
-        if mechs:
-            py_mechs = c_create_oid_set(res_mechs)
-
-        return InquireCredResult(rn, py_ttl, py_usage, py_mechs)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_cred_by_mech(Creds creds not None, OID mech not None,
-                         name=True, init_lifetime=True,
-                         accept_lifetime=True, usage=True):
-    # TODO(directxman12): add docs
-    cdef gss_name_t res_name
-    cdef gss_name_t *res_name_ptr = NULL
-    if name:
-        res_name_ptr = &res_name
-
-    cdef OM_uint32 res_initiator_ttl
-    cdef OM_uint32 *res_initiator_ttl_ptr = NULL
-    if init_lifetime:
-        res_initiator_ttl_ptr = &res_initiator_ttl
-
-    cdef OM_uint32 res_acceptor_ttl
-    cdef OM_uint32 *res_acceptor_ttl_ptr = NULL
-    if accept_lifetime:
-        res_acceptor_ttl_ptr = &res_acceptor_ttl
-
-    cdef gss_cred_usage_t res_usage
-    cdef gss_cred_usage_t *res_usage_ptr = NULL
-    if usage:
-        res_usage_ptr = &res_usage
-
-    cdef OM_uint32 maj_stat, min_stat
-    maj_stat = gss_inquire_cred_by_mech(&min_stat, creds.raw_creds,
-                                        &mech.raw_oid, res_name_ptr,
-                                        res_initiator_ttl_ptr,
-                                        res_acceptor_ttl_ptr, res_usage_ptr)
-    cdef Name rn
-    if maj_stat == GSS_S_COMPLETE:
-        if name:
-            rn = Name()
-            rn.raw_name = res_name
-        else:
-            rn = None
-
-        py_initiator_ttl = None
-        if init_lifetime:
-            py_initiator_ttl = c_c_ttl_to_py(res_initiator_ttl)
-
-        py_acceptor_ttl = None
-        if accept_lifetime:
-            py_acceptor_ttl = c_c_ttl_to_py(res_acceptor_ttl)
-
-        py_usage = None
-        if usage:
-            if res_usage == GSS_C_INITIATE:
-                py_usage = 'initiate'
-            elif res_usage == GSS_C_ACCEPT:
-                py_usage = 'accept'
-            elif res_usage == GSS_C_BOTH:
-                py_usage = 'both'
-
-        return InquireCredByMechResult(rn, py_initiator_ttl,
-                                       py_acceptor_ttl, py_usage)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/cython_converters.pxd b/gssapi/raw/cython_converters.pxd
deleted file mode 100644
index 750b62ef..00000000
--- a/gssapi/raw/cython_converters.pxd
+++ /dev/null
@@ -1,36 +0,0 @@
-from libc.string cimport memcmp
-
-from gssapi.raw.cython_types cimport gss_OID, gss_OID_set, gss_OID_desc
-from gssapi.raw.cython_types cimport OM_uint32
-from gssapi.raw.cython_types cimport GSS_C_INDEFINITE
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.types import MechType, NameType
-
-
-cdef gss_OID_set c_get_mech_oid_set(object mechs)
-cdef bint c_compare_oids(gss_OID a, gss_OID b)
-cdef object c_create_oid_set(gss_OID_set mech_set, bint free=*)
-cdef OID c_make_oid(gss_OID oid)
-
-cdef inline OM_uint32 c_py_ttl_to_c(object ttl) except? 1:
-    """Converts None to GSS_C_INDEFINITE, otherwise returns input."""
-    if ttl is None:
-        return GSS_C_INDEFINITE
-    else:
-        return ttl
-
-
-cdef inline object c_c_ttl_to_py(OM_uint32 ttl):
-    """Converts GSS_C_INDEFINITE to None, otherwise return input."""
-    if ttl == GSS_C_INDEFINITE:
-        return None
-    else:
-        return ttl
-
-
-cdef inline bint c_compare_oids(gss_OID a, gss_OID b):
-    """Compare two OIDs to see if they are the same."""
-
-    return (a.length == b.length and not
-            memcmp(a.elements, b.elements, a.length))
diff --git a/gssapi/raw/cython_converters.pyx b/gssapi/raw/cython_converters.pyx
deleted file mode 100644
index e1e76954..00000000
--- a/gssapi/raw/cython_converters.pyx
+++ /dev/null
@@ -1,50 +0,0 @@
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.types import MechType, NameType
-
-
-cdef OID c_make_oid(gss_OID oid):
-    """Create an OID from a C OID struct pointer"""
-    cdef OID res = OID()
-    res.raw_oid = oid[0]
-    return res
-
-
-cdef gss_OID_set c_get_mech_oid_set(object mechs):
-    """Convert a list of MechType values into an OID set."""
-
-    cdef gss_OID_set res_set
-    cdef OM_uint32 min_stat
-    gss_create_empty_oid_set(&min_stat, &res_set)
-
-    cdef gss_OID oid
-    for mech in mechs:
-        oid = &(mech).raw_oid
-        gss_add_oid_set_member(&min_stat, oid, &res_set)
-
-    return res_set
-
-
-cdef object c_create_oid_set(gss_OID_set mech_set, bint free=True):
-    """Convert a GSS OID set struct to a set of OIDs"""
-
-    if mech_set == GSS_C_NO_OID_SET:
-        # return the empty set if the we get passed the C equivalent
-        # (it could be argued that the C equivalent is closer to None,
-        # but returning None would make the API harder to work with,
-        # without much value)
-        return set()
-
-    py_set = set()
-    cdef i
-    for i in range(mech_set.count):
-        mech_type = OID()
-        mech_type._copy_from(mech_set.elements[i])
-        py_set.add(mech_type)
-
-    cdef OM_uint32 tmp_min_stat
-    if free:
-        gss_release_oid_set(&tmp_min_stat, &mech_set)
-
-    return py_set
diff --git a/gssapi/raw/cython_types.pxd b/gssapi/raw/cython_types.pxd
deleted file mode 100644
index 1af03d7c..00000000
--- a/gssapi/raw/cython_types.pxd
+++ /dev/null
@@ -1,137 +0,0 @@
-from libc.stdint cimport uint32_t
-
-
-cdef extern from "python_gssapi.h":
-    # basic types
-    ctypedef uint32_t OM_uint32
-
-    # int type aliases
-    ctypedef int gss_cred_usage_t
-    ctypedef OM_uint32 gss_qop_t
-
-    # struct types
-    ctypedef struct gss_OID_desc:
-        OM_uint32 length
-        void *elements
-    ctypedef gss_OID_desc* gss_OID
-
-    ctypedef struct gss_OID_set_desc:
-        size_t count
-        gss_OID elements
-    ctypedef gss_OID_set_desc* gss_OID_set
-
-    ctypedef struct gss_buffer_desc:
-        size_t length
-        char *value
-    ctypedef gss_buffer_desc* gss_buffer_t
-
-    cdef struct gss_name_struct:
-        pass
-    ctypedef gss_name_struct* gss_name_t
-
-    cdef struct gss_cred_id_struct:
-        pass
-    ctypedef gss_cred_id_struct* gss_cred_id_t
-
-    cdef struct gss_ctx_id_struct:
-        pass
-    ctypedef gss_ctx_id_struct* gss_ctx_id_t
-
-    ctypedef struct gss_channel_bindings_struct:
-        OM_uint32 initiator_addrtype
-        gss_buffer_desc initiator_address
-        OM_uint32 acceptor_addrtype
-        gss_buffer_desc acceptor_address
-        gss_buffer_desc application_data
-    ctypedef gss_channel_bindings_struct* gss_channel_bindings_t
-
-    # util methods
-    OM_uint32 gss_release_buffer(OM_uint32 *min_stat, gss_buffer_t buff)
-    OM_uint32 gss_create_empty_oid_set(OM_uint32 *min_stat,
-                                       gss_OID_set *target_set)
-    OM_uint32 gss_release_oid_set(OM_uint32 *min_stat,
-                                  gss_OID_set *target_set)
-    OM_uint32 gss_add_oid_set_member(OM_uint32 *min_stat,
-                                     const gss_OID member,
-                                     gss_OID_set *target_set)
-    OM_uint32 gss_test_oid_set_member(OM_uint32 *min_stat,
-                                      const gss_OID member,
-                                      const gss_OID_set target_set,
-                                      int *present)
-
-    # misc int constants
-    # status code types
-    int GSS_C_GSS_CODE
-    int GSS_C_MECH_CODE
-    # status code constants
-    OM_uint32 GSS_S_COMPLETE
-    OM_uint32 GSS_S_CONTINUE_NEEDED
-    OM_uint32 GSS_S_DUPLICATE_TOKEN
-
-    # cred_usage constants
-    gss_cred_usage_t GSS_C_BOTH
-    gss_cred_usage_t GSS_C_INITIATE
-    gss_cred_usage_t GSS_C_ACCEPT
-
-    # null/default constants
-    gss_OID GSS_C_NO_OID
-    # NB(sross): because of how Cython creates variables, this is useless
-    # gss_buffer_desc GSS_C_EMPTY_BUFFER
-    gss_name_t GSS_C_NO_NAME
-    OM_uint32 GSS_C_INDEFINITE
-    gss_buffer_t GSS_C_NO_BUFFER
-    gss_OID_set GSS_C_NO_OID_SET
-    gss_channel_bindings_t GSS_C_NO_CHANNEL_BINDINGS
-    gss_qop_t GSS_C_QOP_DEFAULT
-    gss_ctx_id_t GSS_C_NO_CONTEXT
-    gss_cred_id_t GSS_C_NO_CREDENTIAL
-
-    # OID constants
-    # OID name types
-    gss_OID GSS_C_NT_HOSTBASED_SERVICE
-    gss_OID GSS_C_NT_USER_NAME
-    gss_OID GSS_C_NT_ANONYMOUS
-    gss_OID GSS_C_NT_MACHINE_UID_NAME
-    gss_OID GSS_C_NT_STRING_UID_NAME
-    gss_OID GSS_C_NT_EXPORT_NAME
-
-    # flag constants
-    OM_uint32 GSS_C_DELEG_FLAG
-    OM_uint32 GSS_C_MUTUAL_FLAG
-    OM_uint32 GSS_C_REPLAY_FLAG
-    OM_uint32 GSS_C_SEQUENCE_FLAG
-    OM_uint32 GSS_C_CONF_FLAG
-    OM_uint32 GSS_C_INTEG_FLAG
-    OM_uint32 GSS_C_ANON_FLAG
-    OM_uint32 GSS_C_TRANS_FLAG
-    OM_uint32 GSS_C_PROT_READY_FLAG
-    OM_uint32 GSS_C_DELEG_POLICY_FLAG
-
-    # address types
-    OM_uint32 GSS_C_AF_UNSPEC
-    OM_uint32 GSS_C_AF_LOCAL
-    OM_uint32 GSS_C_AF_INET
-    OM_uint32 GSS_C_AF_IMPLINK
-    OM_uint32 GSS_C_AF_PUP
-    OM_uint32 GSS_C_AF_CHAOS
-    OM_uint32 GSS_C_AF_NS
-    OM_uint32 GSS_C_AF_NBS
-    OM_uint32 GSS_C_AF_ECMA
-    OM_uint32 GSS_C_AF_DATAKIT
-    OM_uint32 GSS_C_AF_CCITT
-    OM_uint32 GSS_C_AF_SNA
-    OM_uint32 GSS_C_AF_DECnet
-    OM_uint32 GSS_C_AF_DLI
-    OM_uint32 GSS_C_AF_LAT
-    OM_uint32 GSS_C_AF_HYLINK
-    OM_uint32 GSS_C_AF_APPLETALK
-    OM_uint32 GSS_C_AF_BSC
-    OM_uint32 GSS_C_AF_DSS
-    OM_uint32 GSS_C_AF_OSI
-    OM_uint32 GSS_C_AF_X25
-    OM_uint32 GSS_C_AF_NULLADDR
-
-    # error helpers
-    OM_uint32 GSS_CALLING_ERROR(OM_uint32 full_error)
-    OM_uint32 GSS_ROUTINE_ERROR(OM_uint32 full_error)
-    OM_uint32 GSS_SUPPLEMENTARY_INFO(OM_uint32 full_error)
diff --git a/gssapi/raw/exceptions.pyi b/gssapi/raw/exceptions.pyi
deleted file mode 100644
index 4e2328f2..00000000
--- a/gssapi/raw/exceptions.pyi
+++ /dev/null
@@ -1,67 +0,0 @@
-from gssapi.raw.misc import GSSError
-
-class ParameterReadError(GSSError): ...
-
-class ParameterWriteError(GSSError): ...
-
-class MalformedParameterError(GSSError): ...
-
-class BadMechanismError(GSSError): ...
-
-class BadNameError(GSSError): ...
-
-class BadNameTypeError(GSSError): ...
-
-class BadChannelBindingsError(GSSError): ...
-
-class BadStatusError(GSSError): ...
-
-class BadMICError(GSSError): ...
-
-class MissingCredentialsError(GSSError): ...
-
-class MissingContextError(GSSError): ...
-
-class InvalidTokenError(GSSError): ...
-
-class InvalidCredentialsError(GSSError): ...
-
-class ExpiredCredentialsError(GSSError): ...
-
-class ExpiredContextError(GSSError): ...
-
-class BadQoPError(GSSError): ...
-
-class UnauthorizedError(GSSError): ...
-
-class OperationUnavailableError(GSSError): ...
-
-class DuplicateCredentialsElementError(GSSError): ...
-
-class MechanismNameRequiredError(GSSError): ...
-
-class NameReadError(ParameterReadError, BadNameError): ...
-
-class NameTypeReadError(ParameterReadError, BadNameTypeError): ...
-
-class TokenReadError(ParameterReadError, InvalidTokenError): ...
-
-class ContextReadError(ParameterReadError, MissingContextError): ...
-
-class CredentialsReadError(ParameterReadError, MissingCredentialsError): ...
-
-class ContextWriteError(ParameterWriteError, MissingContextError): ...
-
-class CredentialsWriteError(ParameterWriteError, MissingCredentialsError): ...
-
-class SupplementaryError(GSSError): ...
-
-class DuplicateTokenError(SupplementaryError): ...
-
-class ExpiredTokenError(SupplementaryError): ...
-
-class TokenOutOfSequenceError(SupplementaryError): ...
-
-class TokenTooLateError(TokenOutOfSequenceError): ...
-
-class TokenTooEarlyError(TokenOutOfSequenceError): ...
diff --git a/gssapi/raw/exceptions.pyx b/gssapi/raw/exceptions.pyx
deleted file mode 100644
index b2267587..00000000
--- a/gssapi/raw/exceptions.pyx
+++ /dev/null
@@ -1,195 +0,0 @@
-from gssapi.raw.cython_types cimport OM_uint32
-
-from gssapi.raw.misc import GSSError
-
-"""Specific exceptions for GSSAPI errors"""
-
-
-cdef extern from "python_gssapi.h":
-    # calling errors
-    OM_uint32 GSS_S_CALL_INACCESSIBLE_READ
-    OM_uint32 GSS_S_CALL_INACCESSIBLE_WRITE
-    OM_uint32 GSS_S_CALL_BAD_STRUCTURE
-
-    # routine errors
-    OM_uint32 GSS_S_BAD_MECH
-    OM_uint32 GSS_S_BAD_NAME
-    OM_uint32 GSS_S_BAD_NAMETYPE
-    OM_uint32 GSS_S_BAD_BINDINGS
-    OM_uint32 GSS_S_BAD_STATUS
-    OM_uint32 GSS_S_BAD_SIG
-    # NB(directxman12): BAD_MIC == BAD_SIG, so skip it
-    OM_uint32 GSS_S_NO_CRED
-    OM_uint32 GSS_S_NO_CONTEXT
-    OM_uint32 GSS_S_DEFECTIVE_TOKEN
-    OM_uint32 GSS_S_DEFECTIVE_CREDENTIAL
-    OM_uint32 GSS_S_CREDENTIALS_EXPIRED
-    OM_uint32 GSS_S_CONTEXT_EXPIRED
-    # OM_uint32 GSS_S_FAILURE
-    OM_uint32 GSS_S_BAD_QOP
-    OM_uint32 GSS_S_UNAUTHORIZED
-    OM_uint32 GSS_S_UNAVAILABLE
-    OM_uint32 GSS_S_DUPLICATE_ELEMENT
-    OM_uint32 GSS_S_NAME_NOT_MN
-
-    # supplementary bits
-    # OM_uint32 GSS_S_CONTINUE_NEEDED
-    OM_uint32 GSS_S_DUPLICATE_TOKEN
-    OM_uint32 GSS_S_OLD_TOKEN
-    OM_uint32 GSS_S_UNSEQ_TOKEN
-    OM_uint32 GSS_S_GAP_TOKEN
-
-
-# Generic calling code errors
-class ParameterReadError(GSSError):
-    CALLING_CODE = GSS_S_CALL_INACCESSIBLE_READ
-
-
-class ParameterWriteError(GSSError):
-    CALLING_CODE = GSS_S_CALL_INACCESSIBLE_WRITE
-
-
-class MalformedParameterError(GSSError):
-    CALLING_CODE = GSS_S_CALL_BAD_STRUCTURE
-
-
-# generic routine errors
-class BadMechanismError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_MECH
-
-
-class BadNameError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_NAME
-
-
-class BadNameTypeError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_NAMETYPE
-
-
-class BadChannelBindingsError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_BINDINGS
-
-
-class BadStatusError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_STATUS
-
-
-class BadMICError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_SIG
-
-
-class MissingCredentialsError(GSSError):
-    ROUTINE_CODE = GSS_S_NO_CRED
-
-
-class MissingContextError(GSSError):
-    ROUTINE_CODE = GSS_S_NO_CONTEXT
-
-
-class InvalidTokenError(GSSError):
-    ROUTINE_CODE = GSS_S_DEFECTIVE_TOKEN
-
-
-class InvalidCredentialsError(GSSError):
-    ROUTINE_CODE = GSS_S_DEFECTIVE_CREDENTIAL
-
-
-class ExpiredCredentialsError(GSSError):
-    ROUTINE_CODE = GSS_S_CREDENTIALS_EXPIRED
-
-
-class ExpiredContextError(GSSError):
-    ROUTINE_CODE = GSS_S_CONTEXT_EXPIRED
-
-
-# NB(directxman12): since GSS_S_FAILURE is generic,
-#                   we just use GSSError for it
-
-
-class BadQoPError(GSSError):
-    ROUTINE_CODE = GSS_S_BAD_QOP
-
-
-class UnauthorizedError(GSSError):
-    ROUTINE_CODE = GSS_S_UNAUTHORIZED
-
-
-class OperationUnavailableError(GSSError):
-    ROUTINE_CODE = GSS_S_UNAVAILABLE
-
-
-class DuplicateCredentialsElementError(GSSError):
-    ROUTINE_CODE = GSS_S_DUPLICATE_ELEMENT
-
-
-class MechanismNameRequiredError(GSSError):
-    ROUTINE_CODE = GSS_S_NAME_NOT_MN
-
-
-# specific calling | routine errors
-class NameReadError(ParameterReadError, BadNameError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_READ
-    # ROUTINE_CODE = GSS_S_BAD_NAME
-    pass
-
-
-class NameTypeReadError(ParameterReadError, BadNameTypeError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_READ
-    # ROUTINE_CODE = GSS_S_BAD_NAMETYPE
-    pass
-
-
-class TokenReadError(ParameterReadError, InvalidTokenError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_READ
-    # ROUTINE_CODE = GSS_S_DEFECTIVE_TOKEN
-    pass
-
-
-class ContextReadError(ParameterReadError, MissingContextError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_READ
-    # ROUTINE_CODE = GSS_S_NO_CONTEXT
-    pass
-
-
-class CredentialsReadError(ParameterReadError, MissingCredentialsError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_READ
-    # ROUTINE_CODE = GSS_S_NO_CRED
-    pass
-
-
-class ContextWriteError(ParameterWriteError, MissingContextError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_WRITE
-    # ROUTINE_CODE = GSS_S_NO_CONTEXT
-    pass
-
-
-class CredentialsWriteError(ParameterWriteError, MissingCredentialsError):
-    # CALLING_CODE = GSS_S_CALL_INACCESSIBLE_WRITE
-    # ROUTINE_CODE = GSS_S_NO_CRED
-    pass
-
-
-# generic supplementary bits errors
-class SupplementaryError(GSSError):
-    # to make it easy for people to catch all supplementary errors
-    pass
-
-
-class DuplicateTokenError(SupplementaryError):
-    SUPPLEMENTARY_CODE = GSS_S_DUPLICATE_TOKEN
-
-
-class ExpiredTokenError(SupplementaryError):
-    SUPPLEMENTARY_CODE = GSS_S_OLD_TOKEN
-
-
-class TokenOutOfSequenceError(SupplementaryError):
-    pass
-
-
-class TokenTooLateError(TokenOutOfSequenceError):
-    SUPPLEMENTARY_CODE = GSS_S_UNSEQ_TOKEN
-
-
-class TokenTooEarlyError(TokenOutOfSequenceError):
-    SUPPLEMENTARY_CODE = GSS_S_GAP_TOKEN
diff --git a/gssapi/raw/ext_buffer_sets.pxd b/gssapi/raw/ext_buffer_sets.pxd
deleted file mode 100644
index 56dda543..00000000
--- a/gssapi/raw/ext_buffer_sets.pxd
+++ /dev/null
@@ -1,12 +0,0 @@
-from gssapi.raw.cython_types cimport *
-
-cdef extern from "python_gssapi.h":
-    ctypedef struct gss_buffer_set_desc:
-        size_t count
-        gss_buffer_desc *elements
-    ctypedef gss_buffer_set_desc* gss_buffer_set_t
-
-    gss_buffer_set_t GSS_C_NO_BUFFER_SET
-
-    OM_uint32 gss_release_buffer_set(OM_uint32 *min_stat,
-                                     gss_buffer_set_t *buffer_set) nogil
diff --git a/gssapi/raw/ext_cred_imp_exp.pyi b/gssapi/raw/ext_cred_imp_exp.pyi
deleted file mode 100644
index 2677e45c..00000000
--- a/gssapi/raw/ext_cred_imp_exp.pyi
+++ /dev/null
@@ -1,44 +0,0 @@
-"""Credentials Import/Export Extension"""
-
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-
-
-def export_cred(
-    creds: "Creds",
-) -> bytes:
-    """Export GSSAPI credentials.
-
-    This method exports GSSSAPI credentials into a token
-    which may be transmitted between different processes.
-
-    Args:
-        creds (Creds): the credentials object to be exported
-
-    Returns:
-        bytes: the exported token representing the given credentials object
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def import_cred(
-    token: bytes,
-) -> "Creds":
-    """Import GSSAPI credentials from a token.
-
-    This method imports a credentials object from a token
-    previously exported by :func:`export_cred`.
-
-    Args:
-        token (bytes): the token to import
-
-    Returns:
-        Creds: the imported credentials object
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_cred_imp_exp.pyx b/gssapi/raw/ext_cred_imp_exp.pyx
deleted file mode 100644
index d0561448..00000000
--- a/gssapi/raw/ext_cred_imp_exp.pyx
+++ /dev/null
@@ -1,56 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_py_ttl_to_c, c_c_ttl_to_py
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
-
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_export_cred(OM_uint32 *min_stat, gss_cred_id_t cred_handle,
-                              gss_buffer_t token) nogil
-
-    OM_uint32 gss_import_cred(OM_uint32 *min_stat, gss_buffer_t token,
-                              gss_cred_id_t *cred_handle) nogil
-
-
-def export_cred(Creds creds not None):
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc exported_creds = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_export_cred(&min_stat, creds.raw_creds, &exported_creds)
-
-    if maj_stat == GSS_S_COMPLETE:
-        res = (exported_creds.value)[:exported_creds.length]
-        gss_release_buffer(&min_stat, &exported_creds)
-        return res
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def import_cred(token not None):
-    cdef gss_buffer_desc token_buffer = gss_buffer_desc(len(token), token)
-
-    cdef gss_cred_id_t creds
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_import_cred(&min_stat, &token_buffer, &creds)
-
-    cdef Creds res
-    if maj_stat == GSS_S_COMPLETE:
-        res = Creds()
-        res.raw_creds = creds
-        return res
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_cred_store.pyi b/gssapi/raw/ext_cred_store.pyi
deleted file mode 100644
index e3ae9b47..00000000
--- a/gssapi/raw/ext_cred_store.pyi
+++ /dev/null
@@ -1,136 +0,0 @@
-"""Credential Store Extension"""
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.named_tuples import AcquireCredResult, StoreCredResult
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-
-
-def acquire_cred_from(
-    dict_store: t.Optional[
-        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-    ] = None,
-    name: t.Optional["Name"] = None,
-    lifetime: t.Optional[int] = None,
-    mechs: t.Optional[t.Iterable["OID"]] = None,
-    usage: str = 'both',
-) -> "AcquireCredResult":
-    """Acquire credentials from the given store.
-
-    This method acquires credentials from the store specified by the
-    given credential store information.
-
-    The credential store information is a dictionary containing
-    mechanisms-specific keys and values pointing to a credential store
-    or stores.
-
-    Args:
-        store (dict): the credential store information pointing to the
-            credential store from which to acquire the credentials.
-            See :doc:`credstore` for valid values
-        name (~gssapi.raw.names.Name): the name associated with the
-            credentials, or None for the default name
-        lifetime (int): the desired lifetime of the credentials in seconds, or
-            None for indefinite
-        mechs (list): the desired mechanisms to be used with these
-            credentials, or None for the default set
-        usage (str): the usage for these credentials -- either 'both',
-            'initiate', or 'accept'
-
-    Returns:
-        AcquireCredResult: the acquired credentials and information about
-        them
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def add_cred_from(
-    dict_store: t.Optional[
-        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-    ],
-    input_creds: "Creds",
-    name: "Name",
-    mech: "OID",
-    usage: str = 'both',
-    init_lifetime: t.Optional[int] = None,
-    accept_lifetime: t.Optional[int] = None,
-) -> "AcquireCredResult":
-    """Acquire credentials to add to the current set from the given store.
-
-    This method works like :func:`acquire_cred_from`, except that it
-    adds the acquired credentials for a single mechanism to a copy of
-    the current set, instead of creating a new set for multiple mechanisms.
-    Unlike :func:`~gssapi.raw.creds.acquire_cred`, you cannot pass None for the
-    desired name or mechanism.
-
-    The credential store information is a dictionary containing
-    mechanisms-specific keys and values pointing to a credential store
-    or stores.
-
-    Args:
-        store (dict): the store into which to store the credentials,
-            or None for the default store.
-            See :doc:`credstore` for valid values
-        name (~gssapi.raw.names.Name): the name associated with the credentials
-        mech (~gssapi.OID): the desired mechanism to be used with these
-            credentials
-        usage (str): the usage for these credentials -- either 'both',
-            'initiate', or 'accept'
-        init_lifetime (int): the desired initiate lifetime of the credentials
-            in seconds, or None for indefinite
-        accept_lifetime (int): the desired accept lifetime of the credentials
-            in seconds, or None for indefinite
-
-    Returns:
-        AcquireCredResult: the new credentials set and information about
-        it
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def store_cred_into(
-    dict_store: t.Optional[
-        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
-    ],
-    creds: "Creds",
-    usage: str = 'both',
-    mech: t.Optional["OID"] = None,
-    overwrite: bool = False,
-    set_default: bool = False,
-) -> "StoreCredResult":
-    """Store credentials into the given store.
-
-    This method stores the given credentials into the store specified
-    by the given store information.  They may then be retrieved later using
-    :func:`acquire_cred_from` or :func:`add_cred_from`.
-
-    The credential store information is a dictionary containing
-    mechanisms-specific keys and values pointing to a credential store
-    or stores.
-
-    Args:
-        store (dict): the store into which to store the credentials,
-            or None for the default store.
-            See :doc:`credstore` for valid values
-        creds (Creds): the credentials to store
-        usage (str): the usage to store the credentials with -- either
-            'both', 'initiate', or 'accept'
-        mech (~gssapi.OID): the mechansim to associate with the stored
-            credentials
-        overwrite (bool): whether or not to overwrite existing credentials
-            stored with the same name, etc
-        set_default (bool): whether or not to set these credentials as
-            the default credentials for the given store.
-
-    Returns:
-        StoreCredResult: the results of the credential storing operation
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_cred_store.pyx b/gssapi/raw/ext_cred_store.pyx
deleted file mode 100644
index 0b216204..00000000
--- a/gssapi/raw/ext_cred_store.pyx
+++ /dev/null
@@ -1,279 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from libc.string cimport memcmp, memcpy, memset
-from libc.stdlib cimport free, malloc, calloc
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.names cimport Name
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.oids cimport OID
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_c_ttl_to_py, c_py_ttl_to_c
-
-from collections import namedtuple
-
-from gssapi.raw.named_tuples import AddCredResult, AcquireCredResult
-from gssapi.raw.named_tuples import StoreCredResult
-from gssapi.raw.misc import GSSError
-
-from gssapi import _utils
-
-cdef extern from "python_gssapi_ext.h":
-    ctypedef struct gss_key_value_element_desc:
-        const char *key
-        const char *value
-
-    ctypedef struct gss_key_value_set_desc:
-        OM_uint32 count
-        gss_key_value_element_desc *elements
-
-    OM_uint32 gss_acquire_cred_from(OM_uint32 *min_stat,
-                                    gss_name_t desired_name,
-                                    OM_uint32 ttl,
-                                    gss_OID_set desired_mechs,
-                                    gss_cred_usage_t cred_usage,
-                                    const gss_key_value_set_desc *cred_store,
-                                    gss_cred_id_t *output_creds,
-                                    gss_OID_set *actual_mechs,
-                                    OM_uint32 *actual_ttl) nogil
-
-    OM_uint32 gss_add_cred_from(OM_uint32 *min_stat,
-                                gss_cred_id_t input_creds,
-                                gss_name_t desired_name,
-                                gss_OID desired_mech,
-                                gss_cred_usage_t cred_usage,
-                                OM_uint32 initiator_ttl,
-                                OM_uint32 acceptor_ttl,
-                                const gss_key_value_set_desc *cred_store,
-                                gss_cred_id_t *output_creds,
-                                gss_OID_set *actual_mechs,
-                                OM_uint32 *actual_initiator_ttl,
-                                OM_uint32 *actual_acceptor_ttl) nogil
-
-    OM_uint32 gss_store_cred_into(OM_uint32 *min_stat,
-                                  gss_cred_id_t input_creds,
-                                  gss_cred_usage_t cred_usage,
-                                  gss_OID desired_mech,
-                                  OM_uint32 overwrite_cred,
-                                  OM_uint32 default_cred,
-                                  const gss_key_value_set_desc *cred_store,
-                                  gss_OID_set *elements_stored,
-                                  gss_cred_usage_t *actual_usage) nogil
-
-    # null value for cred stores
-    gss_key_value_set_desc *GSS_C_NO_CRED_STORE
-
-
-cdef gss_key_value_set_desc* c_create_key_value_set(dict values) except NULL:
-    cdef gss_key_value_set_desc* res = malloc(
-        sizeof(gss_key_value_set_desc))
-    if res is NULL:
-        raise MemoryError("Could not allocate memory for "
-                          "key-value set")
-
-    res.count = len(values)
-
-    res.elements = calloc(
-        res.count, sizeof(gss_key_value_element_desc))
-
-    if res.elements is NULL:
-        raise MemoryError("Could not allocate memory for "
-                          "key-value set elements")
-
-    for (i, (k, v)) in enumerate(values.items()):
-        if isinstance(k, str):
-            k1 = k.encode(_utils._get_encoding())
-            res.elements[i].key = k1
-        else:
-            res.elements[i].key = k
-        if isinstance(v, str):
-            v1 = v.encode(_utils._get_encoding())
-            res.elements[i].value = v1
-        else:
-            res.elements[i].value = v
-
-    return res
-
-
-cdef void c_free_key_value_set(gss_key_value_set_desc *kvset):
-    free(kvset.elements)
-    free(kvset)
-
-
-def acquire_cred_from(dict store=None, Name name=None, lifetime=None,
-                      mechs=None, usage='both'):
-    cdef gss_OID_set desired_mechs
-    if mechs is not None:
-        desired_mechs = c_get_mech_oid_set(mechs)
-    else:
-        desired_mechs = GSS_C_NO_OID_SET
-
-    cdef OM_uint32 input_ttl = c_py_ttl_to_c(lifetime)
-
-    cdef gss_name_t c_name
-    if name is None:
-        c_name = GSS_C_NO_NAME
-    else:
-        c_name = name.raw_name
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_key_value_set_desc *c_store
-    if store is not None:
-        c_store = c_create_key_value_set(store)
-    else:
-        c_store = GSS_C_NO_CRED_STORE
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_acquire_cred_from(&min_stat, c_name, input_ttl,
-                                         desired_mechs, c_usage, c_store,
-                                         &creds, &actual_mechs, &actual_ttl)
-
-    cdef OM_uint32 tmp_min_stat
-    if mechs is not None:
-        gss_release_oid_set(&tmp_min_stat, &desired_mechs)
-
-    if store is not None:
-        c_free_key_value_set(c_store)
-
-    cdef Creds rc = Creds()
-    if maj_stat == GSS_S_COMPLETE:
-        rc.raw_creds = creds
-        return AcquireCredResult(rc, c_create_oid_set(actual_mechs),
-                                 c_c_ttl_to_py(actual_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def add_cred_from(dict store, Creds input_creds,
-                  Name name not None, OID mech not None,
-                  usage='both', init_lifetime=None,
-                  accept_lifetime=None):
-    cdef OM_uint32 input_initiator_ttl = c_py_ttl_to_c(init_lifetime)
-    cdef OM_uint32 input_acceptor_ttl = c_py_ttl_to_c(accept_lifetime)
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_name_t c_name = name.raw_name
-    cdef gss_OID c_mech = &mech.raw_oid
-
-    cdef gss_cred_id_t c_input_creds
-    if input_creds is not None:
-        c_input_creds = input_creds.raw_creds
-    else:
-        c_input_creds = GSS_C_NO_CREDENTIAL
-
-    cdef gss_key_value_set_desc *c_store
-    if store is not None:
-        c_store = c_create_key_value_set(store)
-    else:
-        c_store = GSS_C_NO_CRED_STORE
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_initiator_ttl
-    cdef OM_uint32 actual_acceptor_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_add_cred_from(&min_stat, c_input_creds, c_name,
-                                     c_mech, c_usage, input_initiator_ttl,
-                                     input_acceptor_ttl, c_store, &creds,
-                                     &actual_mechs, &actual_initiator_ttl,
-                                     &actual_acceptor_ttl)
-
-    if store is not None:
-        c_free_key_value_set(c_store)
-
-    cdef Creds rc
-    if maj_stat == GSS_S_COMPLETE:
-        rc = Creds()
-        rc.raw_creds = creds
-        return AddCredResult(rc, c_create_oid_set(actual_mechs),
-                             c_c_ttl_to_py(actual_initiator_ttl),
-                             c_c_ttl_to_py(actual_acceptor_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def store_cred_into(dict store, Creds creds not None,
-                    usage='both', OID mech=None, bint overwrite=False,
-                    bint set_default=False):
-    cdef gss_OID desired_mech
-    if mech is not None:
-        desired_mech = &mech.raw_oid
-    else:
-        desired_mech = GSS_C_NO_OID
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_key_value_set_desc *c_store
-    if store is not None:
-        c_store = c_create_key_value_set(store)
-    else:
-        c_store = GSS_C_NO_CRED_STORE
-
-    cdef gss_cred_id_t c_creds = creds.raw_creds
-
-    cdef gss_OID_set actual_mech_types
-    cdef gss_cred_usage_t actual_usage
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_store_cred_into(&min_stat, c_creds, c_usage,
-                                       desired_mech, overwrite,
-                                       set_default, c_store,
-                                       &actual_mech_types,
-                                       &actual_usage)
-
-    if store is not None:
-        c_free_key_value_set(c_store)
-
-    if maj_stat == GSS_S_COMPLETE:
-        if actual_usage == GSS_C_INITIATE:
-            py_actual_usage = 'initiate'
-        elif actual_usage == GSS_C_ACCEPT:
-            py_actual_usage = 'accept'
-        else:
-            py_actual_usage = 'both'
-
-        return StoreCredResult(c_create_oid_set(actual_mech_types),
-                               py_actual_usage)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_dce.pxd b/gssapi/raw/ext_dce.pxd
deleted file mode 100644
index 7a7a6320..00000000
--- a/gssapi/raw/ext_dce.pxd
+++ /dev/null
@@ -1,18 +0,0 @@
-from gssapi.raw.cython_types cimport gss_buffer_desc, OM_uint32
-
-cdef extern from "python_gssapi_ext.h":
-    ctypedef struct gss_iov_buffer_desc:
-        OM_uint32 type
-        gss_buffer_desc buffer
-    ctypedef gss_iov_buffer_desc* gss_iov_buffer_t
-
-cdef class IOV:
-    cdef int iov_len
-    cdef bint c_changed
-
-    cdef bint _unprocessed
-    cdef list _buffs
-    cdef gss_iov_buffer_desc *_iov
-
-    cdef gss_iov_buffer_desc* __cvalue__(IOV self) except NULL
-    cdef _recreate_python_values(IOV self)
diff --git a/gssapi/raw/ext_dce.pyi b/gssapi/raw/ext_dce.pyi
deleted file mode 100644
index a535df9c..00000000
--- a/gssapi/raw/ext_dce.pyi
+++ /dev/null
@@ -1,187 +0,0 @@
-import typing as t
-
-from enum import IntEnum
-
-from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import IOVUnwrapResult, WrapResult
-    from gssapi.raw.sec_contexts import SecurityContext
-
-
-class IOVBufferType(IntEnum):
-    """
-    IOV Buffer Types
-
-    This IntEnum represent GSSAPI IOV buffer
-    types to be used with the IOV methods.
-
-    The numbers behind the values correspond directly
-    to their C counterparts.
-    """
-
-    empty = 0 #: GSS_IOV_BUFFER_TYPE_EMPTY
-    data = 1 #: GSS_IOV_BUFFER_TYPE_DATA
-    header = 2 #: GSS_IOV_BUFFER_TYPE_HEADER
-    mech_params = 3 #: GSS_IOV_BUFFER_TYPE_MECH_PARAMS
-    trailer = 7 #: GSS_IOV_BUFFER_TYPE_TRAILER
-    padding = 9 #: GSS_IOV_BUFFER_TYPE_PADDING
-    stream = 10 #: GSS_IOV_BUFFER_TYPE_STREAM
-    sign_only = 11 #: GSS_IOV_BUFFER_TYPE_SIGN_ONLY
-    mic_token = 12 #: GSS_IOV_BUFFER_TYPE_MIC_TOKEN
-
-
-class IOVBuffer(t.NamedTuple):
-    type: IOVBufferType
-    allocate: t.Optional[bool]
-    value: t.Optional[bytes]
-
-
-class IOV:
-    """A GSSAPI IOV"""
-
-    def __init__(
-        self,
-        *args: t.Union[
-            IOVBuffer,
-            t.Tuple[
-                t.Union[IOVBufferType, int],
-                t.Optional[bool],
-                t.Optional[bytes]],
-            t.Tuple[
-                t.Union[IOVBufferType, int],
-                t.Optional[t.Union[bool, bytes]],
-            ],
-            bytes,
-            t.Union[IOVBufferType, int],
-        ],
-        std_layout: bool = True,
-        auto_alloc: bool = True,
-    ) -> None: ...
-
-    def __getitem__(
-        self,
-        ind: int,
-    ) -> IOVBuffer: ...
-
-    def __len__(self) -> int: ...
-
-    def __iter__(self) -> t.Iterator[IOVBuffer]: ...
-
-    def __contains__(
-        self,
-        item: IOVBuffer,
-    ) -> bool: ...
-
-    def __reversed__(self) -> t.Iterator[IOVBuffer]: ...
-
-    def index(
-        self,
-        value: t.Any,
-    ) -> int: ...
-
-    def count(
-        self,
-        value: t.Any,
-    ) -> int: ...
-
-
-def wrap_iov(
-    context: "SecurityContext",
-    message: IOV,
-    confidential: bool = True,
-    qop: t.Optional[int] = None,
-) -> bool:
-    """Wrap/Encrypt an IOV message.
-
-    This method wraps or encrypts an IOV message.  The allocate
-    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
-    indicates whether or not that particular buffer should be
-    automatically allocated (for use with padding, header, and
-    trailer buffers).
-
-    Warning:
-        This modifies the input :class:`IOV`.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (IOV): an :class:`IOV` containing the message
-        confidential (bool): whether or not to encrypt the miovessage (True),
-            or just wrap it with a MIC (False)
-        qop (int): the desired Quality of Protection
-            (or None for the default QoP)
-
-    Returns:
-        bool: whether or not confidentiality was actually used
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def unwrap_iov(
-    context: "SecurityContext",
-    message: IOV,
-) -> "IOVUnwrapResult":
-    """Unwrap/Decrypt an IOV message.
-
-    This method uwraps or decrypts an IOV message.  The allocate
-    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
-    indicates whether or not that particular buffer should be
-    automatically allocated (for use with padding, header, and
-    trailer buffers).
-
-    As a special case, you may pass an entire IOV message
-    as a single 'stream'.  In this case, pass a buffer type
-    of :attr:`IOVBufferType.stream` followed by a buffer type of
-    :attr:`IOVBufferType.data`.  The former should contain the
-    entire IOV message, while the latter should be empty.
-
-    Warning:
-        This modifies the input :class:`IOV`.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (IOV): an :class:`IOV` containing the message
-
-    Returns:
-        IOVUnwrapResult: whether or not confidentiality was used,
-        and the QoP used.
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def wrap_iov_length(
-    context: "SecurityContext",
-    message: IOV,
-    confidential: bool = True,
-    qop: t.Optional[int] = None,
-) -> "WrapResult":
-    """Appropriately size padding, trailer, and header IOV buffers.
-
-    This method sets the length values on the IOV buffers.  You
-    should already have data provided for the data (and sign-only)
-    buffer(s) so that padding lengths can be appropriately computed.
-
-    In Python terms, this will result in an appropriately sized
-    `bytes` object consisting of all zeros.
-
-    Warning:
-        This modifies the input :class:`IOV`.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (IOV): an :class:`IOV` containing the message
-
-    Returns:
-        WrapResult: a list of :class:IOVBuffer` objects, and whether or not
-        encryption was actually used
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_dce.pyx b/gssapi/raw/ext_dce.pyx
deleted file mode 100644
index 19476bb9..00000000
--- a/gssapi/raw/ext_dce.pyx
+++ /dev/null
@@ -1,356 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from libc.stdlib cimport malloc, calloc, free
-from libc.string cimport memcpy
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.sec_contexts cimport SecurityContext
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw import types as gssapi_types
-from gssapi.raw.named_tuples import IOVUnwrapResult
-from collections import namedtuple
-from collections.abc import Sequence
-
-from enum import IntEnum
-from gssapi.raw._enum_extensions import ExtendableEnum
-
-# Kept for backwards compatibility - functions used to be declared here
-try:
-    from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
-except ImportError:
-    pass
-
-
-cdef extern from "python_gssapi_ext.h":
-    """
-    #ifdef OSX_HAS_GSS_FRAMEWORK
-    #define gss_wrap_iov __ApplePrivate_gss_wrap_iov
-    #define gss_unwrap_iov __ApplePrivate_gss_unwrap_iov
-    #define gss_wrap_iov_length __ApplePrivate_gss_wrap_iov_length
-    #define gss_release_iov_buffer __ApplePrivate_gss_release_iov_buffer
-    #endif
-    """
-
-    # NB(directxman12): this wiki page has a different argument order
-    #                   than the header file, and uses size_t instead of int
-    #                   (this file matches the header file)
-    OM_uint32 gss_wrap_iov(OM_uint32 *min_stat, gss_ctx_id_t ctx_handle,
-                           int conf_req_flag, gss_qop_t qop_req, int *conf_ret,
-                           gss_iov_buffer_desc *iov, int iov_count) nogil
-
-    OM_uint32 gss_unwrap_iov(OM_uint32 *min_stat, gss_ctx_id_t ctx_handle,
-                             int* conf_ret, gss_qop_t *qop_ret,
-                             gss_iov_buffer_desc *iov, int iov_count) nogil
-
-    OM_uint32 gss_wrap_iov_length(OM_uint32 *min_stat, gss_ctx_id_t ctx_handle,
-                                  int conf_req, gss_qop_t qop_req,
-                                  int *conf_ret, gss_iov_buffer_desc *iov,
-                                  int iov_count) nogil
-
-    OM_uint32 gss_release_iov_buffer(OM_uint32 *min_stat,
-                                     gss_iov_buffer_desc *iov,
-                                     int iov_count) nogil
-
-    gss_iov_buffer_t GSS_C_NO_IOV_BUFFER
-
-    OM_uint32 GSS_IOV_BUFFER_TYPE_EMPTY
-    OM_uint32 GSS_IOV_BUFFER_TYPE_DATA
-    OM_uint32 GSS_IOV_BUFFER_TYPE_HEADER
-    OM_uint32 GSS_IOV_BUFFER_TYPE_MECH_PARAMS
-    OM_uint32 GSS_IOV_BUFFER_TYPE_TRAILER
-    OM_uint32 GSS_IOV_BUFFER_TYPE_PADDING
-    OM_uint32 GSS_IOV_BUFFER_TYPE_STREAM
-    OM_uint32 GSS_IOV_BUFFER_TYPE_SIGN_ONLY
-
-    OM_uint32 GSS_IOV_BUFFER_FLAG_MASK
-    OM_uint32 GSS_IOV_BUFFER_FLAG_ALLOCATE
-    OM_uint32 GSS_IOV_BUFFER_FLAG_ALLOCATED
-
-    # a few more are in the enum extension file
-
-
-class IOVBufferType(IntEnum, metaclass=ExtendableEnum):
-    empty = GSS_IOV_BUFFER_TYPE_EMPTY
-    data = GSS_IOV_BUFFER_TYPE_DATA
-    header = GSS_IOV_BUFFER_TYPE_HEADER
-    mech_params = GSS_IOV_BUFFER_TYPE_MECH_PARAMS
-    trailer = GSS_IOV_BUFFER_TYPE_TRAILER
-    padding = GSS_IOV_BUFFER_TYPE_PADDING
-    stream = GSS_IOV_BUFFER_TYPE_STREAM
-    sign_only = GSS_IOV_BUFFER_TYPE_SIGN_ONLY
-
-
-IOVBuffer = namedtuple('IOVBuffer', ['type', 'allocate', 'value'])
-
-
-cdef class IOV:
-    # defined in ext_dce.pxd
-
-    # cdef int iov_len
-    # cdef bint c_changed
-
-    # cdef gss_iov_buffer_desc *_iov
-    # cdef bint _unprocessed
-    # cdef list _buffs
-
-    AUTO_ALLOC_BUFFERS = set([IOVBufferType.header, IOVBufferType.padding,
-                              IOVBufferType.trailer])
-
-    def __init__(IOV self, *args, std_layout=True, auto_alloc=True):
-        self._unprocessed = True
-        self.c_changed = False
-
-        self._buffs = []
-
-        if std_layout:
-            self._buffs.append(IOVBuffer(IOVBufferType.header,
-                                         auto_alloc, None))
-
-        cdef char *val_copy
-        for buff_desc in args:
-            if isinstance(buff_desc, tuple):
-                if len(buff_desc) > 3 or len(buff_desc) < 2:
-                    raise ValueError("Buffer description tuples must be "
-                                     "length 2 or 3")
-
-                buff_type = buff_desc[0]
-
-                if len(buff_desc) == 2:
-                    if buff_type in self.AUTO_ALLOC_BUFFERS:
-                        alloc = buff_desc[1]
-                        data = None
-                    else:
-                        data = buff_desc[1]
-                        alloc = False
-                else:
-                    (buff_type, alloc, data) = buff_desc
-
-                self._buffs.append(IOVBuffer(buff_type, alloc, data))
-            elif isinstance(buff_desc, bytes):  # assume type data
-                val = buff_desc
-                self._buffs.append(IOVBuffer(IOVBufferType.data, False, val))
-            else:
-                alloc = False
-                if buff_desc in self.AUTO_ALLOC_BUFFERS:
-                    alloc = auto_alloc
-
-                self._buffs.append(IOVBuffer(buff_desc, alloc, None))
-
-        if std_layout:
-            self._buffs.append(IOVBuffer(IOVBufferType.padding, auto_alloc,
-                                         None))
-            self._buffs.append(IOVBuffer(IOVBufferType.trailer, auto_alloc,
-                                         None))
-
-    cdef gss_iov_buffer_desc* __cvalue__(IOV self) except NULL:
-        cdef OM_uint32 tmp_min_stat
-        cdef int i
-        if self._unprocessed:
-            if self._iov is not NULL:
-                gss_release_iov_buffer(&tmp_min_stat, self._iov, self.iov_len)
-                free(self._iov)
-
-            self.iov_len = len(self._buffs)
-            self._iov = calloc(
-                self.iov_len, sizeof(gss_iov_buffer_desc))
-            if self._iov is NULL:
-                raise MemoryError("Cannot calloc for IOV buffer array")
-
-            for i in range(self.iov_len):
-                buff = self._buffs[i]
-                self._iov[i].type = buff.type
-
-                if buff.allocate:
-                    self._iov[i].type |= GSS_IOV_BUFFER_FLAG_ALLOCATE
-                elif buff.allocate is None:
-                    self._iov[i].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED
-
-                if buff.value is None:
-                    self._iov[i].buffer.length = 0
-                    self._iov[i].buffer.value = NULL
-                else:
-                    self._iov[i].buffer.length = len(buff.value)
-                    self._iov[i].buffer.value = malloc(
-                        self._iov[i].buffer.length)
-                    if self._iov[i].buffer.value is NULL:
-                        raise MemoryError("Cannot malloc for buffer value")
-
-                    memcpy(self._iov[i].buffer.value, buff.value,
-                           self._iov[i].buffer.length)
-
-        return self._iov
-
-    cdef _recreate_python_values(IOV self):
-        cdef i
-        cdef bint val_change = False
-        cdef size_t new_len
-        for i in range(self.iov_len):
-            old_type = self._buffs[i].type
-
-            if self._iov[i].buffer.value is NULL:
-                if self._iov[i].buffer.length == 0:
-                    new_val = None
-                else:
-                    new_len = self._iov[i].buffer.length
-                    new_val = b'\x00' * new_len
-            else:
-                new_len = self._iov[i].buffer.length
-                new_val = (self._iov[i].buffer.value)[:new_len]
-
-            alloc = False
-            if self._iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATE:
-                alloc = True
-
-            # NB(directxman12): GSSAPI (at least in MIT krb5) doesn't
-            # unset the allocate flag (because it's an "input flag",
-            # so this needs to come second and be separate
-            if self._iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED:
-                alloc = None
-
-            self._buffs[i] = IOVBuffer(old_type, alloc, new_val)
-
-        self.c_changed = False
-
-    def __getitem__(IOV self, ind):
-        if self.c_changed:
-            self._recreate_python_values()
-
-        return self._buffs[ind]
-
-    def __len__(IOV self):
-        if self.c_changed:
-            self._recreate_python_values()
-
-        return len(self._buffs)
-
-    def __iter__(IOV self):
-        if self.c_changed:
-            self._recreate_python_values()
-
-        for val in self._buffs:
-            yield val
-
-    def __contains__(IOV self, item):
-        if self.c_changed:
-            self._recreate_python_values()
-
-        return item in self._buffs
-
-    def __reversed__(IOV self):
-        if self.c_changed:
-            self._recreate_python_values()
-
-        for val in reversed(self._buffs):
-            yield val
-
-    def index(IOV self, value):
-        for i, v in enumerate(self):
-            if v == value:
-                return i
-
-        raise ValueError
-
-    def count(IOV self, value):
-        return sum(1 for v in self if v == value)
-
-    def __repr__(IOV self):
-        if self.c_changed:
-            self._recreate_python_values()
-
-        return "<{module}.{name} {buffs}>".format(
-            module=type(self).__module__, name=type(self).__name__,
-            buffs=repr(self._buffs))
-
-    def __str__(IOV self):
-        buff_strs = []
-        for buff in self:
-            type_val = str(buff.type).split('.')[1].upper()
-            if buff.value is None:
-                auto_alloc = buff.allocate
-                if auto_alloc:
-                    buff_strs.append(type_val + "(allocate)")
-                else:
-                    buff_strs.append(type_val + "(empty)")
-            else:
-                if buff.allocate is None:
-                    alloc_str = ", allocated"
-                else:
-                    alloc_str = ""
-                buff_strs.append("{0}({1!r}{2})".format(type_val,
-                                                        buff.value, alloc_str))
-
-        return "".format(' | '.join(buff_strs))
-
-    def __dealloc__(IOV self):
-        cdef OM_uint32 tmp_min_stat
-        cdef int i
-        if self._iov is not NULL:
-            gss_release_iov_buffer(&tmp_min_stat, self._iov, self.iov_len)
-
-            for i in range(self.iov_len):
-                if self._iov[i].buffer.value is not NULL:
-                    free(self._iov[i].buffer.value)
-
-            free(self._iov)
-
-
-def wrap_iov(SecurityContext context not None, IOV message not None,
-             confidential=True, qop=None):
-    cdef int conf_req = confidential
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-    cdef int conf_used
-
-    cdef gss_iov_buffer_desc *res_arr = message.__cvalue__()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_wrap_iov(&min_stat, context.raw_ctx, conf_req, qop_req,
-                                &conf_used, res_arr, message.iov_len)
-
-    if maj_stat == GSS_S_COMPLETE:
-        message.c_changed = True
-        return conf_used
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def unwrap_iov(SecurityContext context not None, IOV message not None):
-    cdef int conf_used
-    cdef gss_qop_t qop_used
-    cdef gss_iov_buffer_desc *res_arr = message.__cvalue__()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_unwrap_iov(&min_stat, context.raw_ctx, &conf_used,
-                                  &qop_used, res_arr, message.iov_len)
-
-    if maj_stat == GSS_S_COMPLETE:
-        message.c_changed = True
-        return IOVUnwrapResult(conf_used, qop_used)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def wrap_iov_length(SecurityContext context not None, IOV message not None,
-                    confidential=True, qop=None):
-    cdef int conf_req = confidential
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-    cdef int conf_used
-
-    cdef gss_iov_buffer_desc *res_arr = message.__cvalue__()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_wrap_iov_length(&min_stat, context.raw_ctx,
-                                       conf_req, qop_req,
-                                       &conf_used, res_arr, message.iov_len)
-
-    if maj_stat == GSS_S_COMPLETE:
-        message.c_changed = True
-        return conf_used
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_dce_aead.pyi b/gssapi/raw/ext_dce_aead.pyi
deleted file mode 100644
index 55310f1e..00000000
--- a/gssapi/raw/ext_dce_aead.pyi
+++ /dev/null
@@ -1,61 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
-    from gssapi.raw.sec_contexts import SecurityContext
-
-
-def wrap_aead(
-    context: "SecurityContext",
-    message: bytes,
-    associated: t.Optional[bytes] = None,
-    confidential: bool = True,
-    qop: t.Optional[int] = None,
-) -> "WrapResult":
-    """Wrap/Encrypt an AEAD message.
-
-    This method takes an input message and associated data,
-    and outputs and AEAD message.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message to wrap or encrypt
-        associated (bytes): associated data to go with the message
-        confidential (bool): whether or not to encrypt the message (True),
-            or just wrap it with a MIC (False)
-        qop (int): the desired Quality of Protection
-            (or None for the default QoP)
-
-    Returns:
-        WrapResult: the wrapped/encrypted total message, and whether or not
-        encryption was actually used
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def unwrap_aead(
-    context: "SecurityContext",
-    message: bytes,
-    associated: t.Optional[bytes] = None,
-) -> "UnwrapResult":
-    """Unwrap/Decrypt an AEAD message.
-
-    This method takes an encrpyted/wrapped AEAD message and some associated
-    data, and returns an unwrapped/decrypted message.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the AEAD message to unwrap or decrypt
-        associated (bytes): associated data that goes with the message
-
-    Returns:
-        UnwrapResult: the unwrapped/decrypted message, whether or on
-        encryption was used, and the QoP used
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_dce_aead.pyx b/gssapi/raw/ext_dce_aead.pyx
deleted file mode 100644
index 2b31dbf4..00000000
--- a/gssapi/raw/ext_dce_aead.pyx
+++ /dev/null
@@ -1,83 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.sec_contexts cimport SecurityContext
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import WrapResult, UnwrapResult
-
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_wrap_aead(OM_uint32 *min_stat, gss_ctx_id_t ctx_handle,
-                            int conf_req, gss_qop_t qop_req,
-                            gss_buffer_t input_assoc_buffer,
-                            gss_buffer_t input_payload_buffer, int *conf_ret,
-                            gss_buffer_t output_message_buffer) nogil
-
-    OM_uint32 gss_unwrap_aead(OM_uint32 *min_stat, gss_ctx_id_t ctx_handle,
-                              gss_buffer_t input_message_buffer,
-                              gss_buffer_t input_assoc_buffer,
-                              gss_buffer_t output_payload_buffer,
-                              int *conf_ret, gss_qop_t *qop_ret) nogil
-
-
-def wrap_aead(SecurityContext context not None, bytes message not None,
-              bytes associated=None, confidential=True, qop=None):
-    cdef int conf_req = confidential
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-    cdef gss_buffer_desc message_buffer = gss_buffer_desc(len(message),
-                                                          message)
-
-    cdef gss_buffer_t assoc_buffer_ptr = GSS_C_NO_BUFFER
-    cdef gss_buffer_desc assoc_buffer
-    if associated is not None:
-        assoc_buffer = gss_buffer_desc(len(associated), associated)
-        assoc_buffer_ptr = &assoc_buffer
-
-    cdef int conf_used
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_buffer = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_wrap_aead(&min_stat, context.raw_ctx, conf_req, qop_req,
-                                 assoc_buffer_ptr, &message_buffer,
-                                 &conf_used, &output_buffer)
-
-    if maj_stat == GSS_S_COMPLETE:
-        output_message = (output_buffer.value)[:output_buffer.length]
-        gss_release_buffer(&min_stat, &output_buffer)
-        return WrapResult(output_message, conf_used)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def unwrap_aead(SecurityContext context not None, bytes message not None,
-                bytes associated=None):
-    cdef gss_buffer_desc input_buffer = gss_buffer_desc(len(message), message)
-
-    cdef gss_buffer_t assoc_buffer_ptr = GSS_C_NO_BUFFER
-    cdef gss_buffer_desc assoc_buffer
-    if associated is not None:
-        assoc_buffer = gss_buffer_desc(len(associated), associated)
-        assoc_buffer_ptr = &assoc_buffer
-
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_buffer = gss_buffer_desc(0, NULL)
-    cdef int conf_state
-    cdef gss_qop_t qop_state
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_unwrap_aead(&min_stat, context.raw_ctx, &input_buffer,
-                                   assoc_buffer_ptr, &output_buffer,
-                                   &conf_state, &qop_state)
-
-    if maj_stat == GSS_S_COMPLETE:
-        output_message = (output_buffer.value)[:output_buffer.length]
-        gss_release_buffer(&min_stat, &output_buffer)
-        return UnwrapResult(output_message, conf_state, qop_state)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_ggf.pyi b/gssapi/raw/ext_ggf.pyi
deleted file mode 100644
index 30436667..00000000
--- a/gssapi/raw/ext_ggf.pyi
+++ /dev/null
@@ -1,97 +0,0 @@
-"""
-GGF Extensions
-
-GGF provides extended credential and security context inquiry that allows
-application to retrieve more information about the client's credentials and
-security context. One common use case is to use
-:meth:`inquire_sec_context_by_oid` to retrieve the "session" key that is
-required by the SMB protocol for signing and encrypting a message.
-
-Draft IETF document for these extensions can be found at
-https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00
-"""
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.oids import OID
-    from gssapi.raw.sec_contexts import SecurityContext
-
-
-def inquire_cred_by_oid(
-    cred_handle: "Creds",
-    desired_aspect: "OID",
-) -> t.List[bytes]:
-    """
-    This method inspects a :class:`~gssapi.raw.creds.Creds` object for
-    information specific to a particular desired aspect as an OID.
-
-    Args:
-        cred_handle (Creds): the Credentials to query
-        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
-            Credentials to inquire about.
-
-    Returns:
-        list: A list of zero or more pieces of data (as bytes objects)
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def inquire_sec_context_by_oid(
-    context: "SecurityContext",
-    desired_aspect: "OID",
-) -> t.List[bytes]:
-    """
-    This method inspects a :class:`~gssapi.raw.sec_contexts.SecurityContext`
-    object for information specific to a particular desired aspect as an OID.
-
-    This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
-    retrieve the required key that is used to derive the SMB/SAMBA signing and
-    encryption keys.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
-            Context to query
-        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
-            Security Context to inquire about.
-
-    Returns:
-        list: A list of zero or more pieces of data (as bytes objects)
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def set_sec_context_option(
-    desired_aspect: "OID",
-    context: "SecurityContext",
-    value: t.Optional[bytes] = None,
-) -> None:
-    """
-    This method is used to set a value for a specific OID of a
-    :class:`~gssapi.raw.sec_contexts.SecurityContext` object. The OID and value
-    to pass in depends on the mech the SecurityContext backs.
-
-    An example of how this can be used would be to reset the NTLM crypto engine
-    used in gss-ntlmssp. The OID that controls this value is
-    '1.3.6.1.4.1.7165.655.1.3' and it takes it a byte value that represents
-    an int32 where 1 resets the verifier handle and any other int resets the
-    sender handle.
-
-    Args:
-        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
-            Security Context to set the value for.
-        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
-            Context to set, or None to create a new context.
-        value (bytes): the value to set on the desired aspect of the Security
-            Context or None to send GSS_C_EMPTY_BUFFER.
-
-    Returns:
-        ~gssapi.raw.sec_contexts.SecurityContext: The output security context.
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_ggf.pyx b/gssapi/raw/ext_ggf.pyx
deleted file mode 100644
index ba689cf8..00000000
--- a/gssapi/raw/ext_ggf.pyx
+++ /dev/null
@@ -1,109 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.ext_buffer_sets cimport *
-from gssapi.raw.misc import GSSError
-from gssapi.raw.oids cimport OID
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.sec_contexts cimport SecurityContext
-
-cdef extern from "python_gssapi_ext.h":
-
-    OM_uint32 gss_inquire_cred_by_oid(OM_uint32 *minor_status,
-                                      const gss_cred_id_t cred_handle,
-                                      const gss_OID desired_object,
-                                      gss_buffer_set_t *data_set) nogil
-
-    OM_uint32 gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
-                                             const gss_ctx_id_t context_handle,
-                                             const gss_OID desired_object,
-                                             gss_buffer_set_t *data_set) nogil
-
-    OM_uint32 gss_set_sec_context_option(OM_uint32 *minor_status,
-                                         gss_ctx_id_t *context_handle,
-                                         const gss_OID desired_object,
-                                         const gss_buffer_t value) nogil
-
-
-def inquire_cred_by_oid(Creds cred_handle not None,
-                        OID desired_aspect not None):
-    cdef gss_buffer_set_t *data_set_ptr = NULL
-    cdef gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET
-    cdef OM_uint32 maj_stat, min_stat
-
-    data_set_ptr = &data_set
-
-    with nogil:
-        maj_stat = gss_inquire_cred_by_oid(&min_stat, cred_handle.raw_creds,
-                                           &desired_aspect.raw_oid,
-                                           data_set_ptr)
-
-    if maj_stat == GSS_S_COMPLETE:
-        py_tokens = []
-
-        if data_set != GSS_C_NO_BUFFER_SET:
-            for i in range(data_set.count):
-                token = data_set.elements[i]
-                py_tokens.append((token.value)[:token.length])
-
-            gss_release_buffer_set(&min_stat, &data_set)
-
-        return py_tokens
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_sec_context_by_oid(SecurityContext context not None,
-                               OID desired_aspect not None):
-    cdef gss_buffer_set_t *data_set_ptr = NULL
-    cdef gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET
-    cdef OM_uint32 maj_stat, min_stat
-
-    data_set_ptr = &data_set
-
-    with nogil:
-        maj_stat = gss_inquire_sec_context_by_oid(&min_stat, context.raw_ctx,
-                                                  &desired_aspect.raw_oid,
-                                                  data_set_ptr)
-
-    if maj_stat == GSS_S_COMPLETE:
-        py_tokens = []
-
-        if data_set != GSS_C_NO_BUFFER_SET:
-            for i in range(data_set.count):
-                token = data_set.elements[i]
-                py_tokens.append((token.value)[:token.length])
-
-            gss_release_buffer_set(&min_stat, &data_set)
-
-        return py_tokens
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def set_sec_context_option(OID desired_aspect not None,
-                           SecurityContext context=None,
-                           value=None):
-    cdef gss_buffer_desc value_buffer
-    if value is not None:
-        value_buffer = gss_buffer_desc(len(value), value)
-    else:
-        # GSS_C_EMPTY_BUFFER
-        value_buffer = gss_buffer_desc(0, NULL)
-
-    cdef SecurityContext output_context = context
-    if output_context is None:
-        output_context = SecurityContext()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_set_sec_context_option(&min_stat,
-                                              &output_context.raw_ctx,
-                                              &desired_aspect.raw_oid,
-                                              &value_buffer)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return output_context
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_iov_mic.pyi b/gssapi/raw/ext_iov_mic.pyi
deleted file mode 100644
index 377db63b..00000000
--- a/gssapi/raw/ext_iov_mic.pyi
+++ /dev/null
@@ -1,90 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.ext_dce import IOV
-    from gssapi.raw.sec_contexts import SecurityContext
-
-
-def get_mic_iov(
-    context: "SecurityContext",
-    message: "IOV",
-    qop: t.Optional[int] = None,
-) -> None:
-    """Generate MIC tokens for the given IOV message.
-
-    This method generates a MIC token for the given IOV message, and places it
-    in the :attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token` buffer in the
-    IOV. This method operates entirely in-place, and returns nothing.
-
-    Warning:
-        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
-            message
-        qop (int): the desired Quality of Protection
-            (or None for the default QoP)
-
-    Returns:
-        None
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def get_mic_iov_length(
-    context: "SecurityContext",
-    message: "IOV",
-    qop: t.Optional[int] = None,
-) -> None:
-    """Allocate space for the MIC buffer in the given IOV message.
-
-    This method allocates space for the MIC token buffer
-    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) in the given IOV
-    message.
-
-    Warning:
-        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
-            message
-        qop (int): the desired Quality of Protection
-            (or None for the default QoP)
-
-    Returns:
-        None
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def verify_mic_iov(
-    context: "SecurityContext",
-    message: "IOV",
-    qop: t.Optional[int] = None,
-) -> int:
-    """Verify that the MIC matches the data in the given IOV message.
-
-    This method verifies that the MIC token in the MIC buffer
-    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) match the data
-    buffer(s) in the given IOV method.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
-            message
-
-    Returns:
-        int: the QoP used to generate the MIC token
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_iov_mic.pyx b/gssapi/raw/ext_iov_mic.pyx
deleted file mode 100644
index f6c5dda1..00000000
--- a/gssapi/raw/ext_iov_mic.pyx
+++ /dev/null
@@ -1,87 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.sec_contexts cimport SecurityContext
-from gssapi.raw.ext_dce cimport IOV, gss_iov_buffer_desc
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.ext_dce import IOVBufferType
-
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_get_mic_iov(OM_uint32 *min_stat, gss_ctx_id_t context_handle,
-                              gss_qop_t qop_req, gss_iov_buffer_desc *iov,
-                              int iov_count) nogil
-
-    OM_uint32 gss_get_mic_iov_length(OM_uint32 *min_stat,
-                                     gss_ctx_id_t context_handle,
-                                     gss_qop_t qop_req,
-                                     gss_iov_buffer_desc *iov,
-                                     int iov_count) nogil
-
-    OM_uint32 gss_verify_mic_iov(OM_uint32 *min_stat,
-                                 gss_ctx_id_t context_handle,
-                                 gss_qop_t *qop_state,
-                                 gss_iov_buffer_desc *iov,
-                                 int iov_count) nogil
-
-    # more in the enum extension file
-
-
-IOV.AUTO_ALLOC_BUFFERS.add(IOVBufferType.mic_token)
-
-
-def get_mic_iov(SecurityContext context not None, IOV message not None,
-                qop=None):
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-
-    cdef gss_iov_buffer_desc *res_arr = message.__cvalue__()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_get_mic_iov(&min_stat, context.raw_ctx, qop_req,
-                                   res_arr, message.iov_len)
-
-    if maj_stat == GSS_S_COMPLETE:
-        message.c_changed = True
-        return
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def get_mic_iov_length(SecurityContext context not None, IOV message not None,
-                       qop=None):
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-
-    cdef gss_iov_buffer_desc *res_arr = message.__cvalue__()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_get_mic_iov_length(&min_stat, context.raw_ctx, qop_req,
-                                          res_arr, message.iov_len)
-
-    if maj_stat == GSS_S_COMPLETE:
-        message.c_changed = True
-        return
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def verify_mic_iov(SecurityContext context not None, IOV message not None,
-                   qop=None):
-    cdef gss_iov_buffer_desc *res_arr = message.__cvalue__()
-
-    cdef gss_qop_t qop_state
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_verify_mic_iov(&min_stat, context.raw_ctx, &qop_state,
-                                      res_arr, message.iov_len)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return qop_state
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_krb5.pxd b/gssapi/raw/ext_krb5.pxd
deleted file mode 100644
index ae796c7a..00000000
--- a/gssapi/raw/ext_krb5.pxd
+++ /dev/null
@@ -1,2 +0,0 @@
-cdef class Krb5LucidContext:
-    cdef void *raw_ctx
diff --git a/gssapi/raw/ext_krb5.pyi b/gssapi/raw/ext_krb5.pyi
deleted file mode 100644
index 6d74b029..00000000
--- a/gssapi/raw/ext_krb5.pyi
+++ /dev/null
@@ -1,280 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.named_tuples import CfxKeyData, Rfc1964KeyData
-    from gssapi.raw.sec_contexts import SecurityContext
-
-
-class Krb5LucidContext:
-    """
-    The base container returned by :meth:`krb5_export_lucid_sec_context` when
-    an unknown version was requested.
-    """
-
-
-class Krb5LucidContextV1(Krb5LucidContext):
-    """
-    Kerberos context data returned by :meth:`krb5_export_lucid_sec_context`
-    when version 1 was requested.
-    """
-
-    @property
-    def version(self) -> t.Optional[int]:
-        """The structure version number
-
-        Returns:
-            Optional[int]: the structure version number
-        """
-
-    @property
-    def is_initiator(self) -> t.Optional[bool]:
-        """Whether the context was the initiator
-
-        Returns:
-            Optional[bool]: ``True`` when the exported context was the
-            initiator
-        """
-
-    @property
-    def endtime(self) -> t.Optional[int]:
-        """Expiration time of the context
-
-        Returns:
-            Optional[int]: the expiration time of the context
-        """
-
-    @property
-    def send_seq(self) -> t.Optional[int]:
-        """Sender sequence number
-
-        Returns:
-            Optional[int]: the sender sequence number
-        """
-
-    @property
-    def recv_seq(self) -> t.Optional[int]:
-        """Receiver sequence number
-
-        Returns:
-            Optional[int]: the receiver sequence number
-        """
-
-    @property
-    def protocol(self) -> t.Optional[int]:
-        """The protocol number
-
-        If the protocol number is 0 then :attr:`rfc1964_kd` is set and
-        :attr:`cfx_kd` is `None`. If the protocol number is 1 then the opposite
-        is true.
-
-        Protocol 0 refers to RFC1964 and 1 refers to RFC4121.
-
-        Returns:
-            Optional[int]: the protocol number
-        """
-
-    @property
-    def rfc1964_kd(self) -> t.Optional["Rfc1964KeyData"]:
-        """Keydata for protocol 0 (RFC1964)
-
-        This will be set when :attr:`protocol` is ``0``.
-
-        Returns:
-            Optional[Rfc1964KeyData]: the RFC1964 key data
-        """
-
-    @property
-    def cfx_kd(self) -> t.Optional["CfxKeyData"]:
-        """Key data for protocol 1 (RFC4121)
-
-        This will be set when :attr:`protocol` is ``1``.
-
-        Returns:
-            Optional[CfxKeyData]: the RFC4121 key data
-        """
-
-
-def krb5_ccache_name(
-    name: t.Optional[bytes],
-) -> bytes:
-    """Set the default Kerberos Protocol credentials cache name.
-
-    This method sets the default credentials cache name for use by he Kerberos
-    mechanism. The default credentials cache is used by
-    :meth:`~gssapi.raw.creds.acquire_cred` to create a GSS-API credential. It
-    is also used by :meth:`~gssapi.raw.sec_contexts.init_sec_context` when
-    `GSS_C_NO_CREDENTIAL` is specified.
-
-    Note:
-        Heimdal does not return the old name when called. It also does not
-        reset the ccache lookup behaviour when setting to ``None``.
-
-    Note:
-        The return value may not be thread safe.
-
-    Args:
-        name (Optional[bytes]): the name to set as the new thread specific
-            ccache name. Set to ``None`` to revert back to getting the ccache
-            from the config/environment settings.
-
-    Returns:
-        bytes: the old name that was previously set
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def krb5_export_lucid_sec_context(
-    context: "SecurityContext",
-    version: int,
-) -> Krb5LucidContext:
-    """Returns a non-opaque version of the internal context info.
-
-    Gets information about the Kerberos security context passed in. Currently
-    only version 1 is known and supported by this library.
-
-    Note:
-        The context handle must not be used again by the caller after this
-        call.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        version (int): the output structure version to export.  Currently
-            only 1 is supported.
-
-    Returns:
-        Krb5LucidContext: the non-opaque version context info
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def krb5_extract_authtime_from_sec_context(
-    context: "SecurityContext",
-) -> int:
-    """Get the auth time for the security context.
-
-    Gets the auth time for the established security context.
-
-    Note:
-        Heimdal can only get the authtime on the acceptor security context.
-        MIT is able to get the authtime on both initiators and acceptors.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-
-    Returns:
-        int: the authtime
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def krb5_extract_authz_data_from_sec_context(
-    context: "SecurityContext",
-    ad_type: int,
-) -> bytes:
-    """Extracts Kerberos authorization data.
-
-    Extracts authorization data that may be stored within the context.
-
-    Note:
-        Only operates on acceptor contexts.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        ad_type (int): the type of data to extract
-
-    Returns:
-        bytes: the raw authz data from the sec context
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def krb5_import_cred(
-    cred_handle: "Creds",
-    cache: t.Optional[int] = None,
-    keytab_principal: t.Optional[int] = None,
-    keytab: t.Optional[int] = None,
-) -> None:
-    """Import Krb5 credentials into GSSAPI credential.
-
-    Imports the krb5 credentials (either or both of the keytab and cache) into
-    the GSSAPI credential so it can be used within GSSAPI. The ccache is
-    copied by reference and thus shared, so if the credential is destroyed,
-    all users of cred_handle will fail.
-
-    Args:
-        cred_handle (Creds): the credential handle to import into
-        cache (int): the krb5_ccache address pointer, as an int, to import
-            from
-        keytab_principal (int): the krb5_principal address pointer, as an int,
-            of the credential to import
-        keytab (int): the krb5_keytab address pointer, as an int, of the
-            keytab to import
-
-    Returns:
-        None
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def krb5_get_tkt_flags(
-    context: "SecurityContext",
-) -> int:
-    """Return ticket flags for the kerberos ticket.
-
-    Return the ticket flags for the kerberos ticket received when
-    authenticating the initiator.
-
-    Note:
-        Heimdal can only get the tkt flags on the acceptor security context.
-        MIT is able to get the tkt flags on initiators and acceptors.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the security
-            context
-
-    Returns:
-        int: the ticket flags for the received kerberos ticket
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def krb5_set_allowable_enctypes(
-    cred_handle: "Creds",
-    ktypes: t.Iterable[int],
-) -> None:
-    """Limits the keys that can be exported.
-
-    Called by a context initiator after acquiring the creds but before calling
-    :meth:`~gssapi.raw.sec_contexts.init_sec_context` to restrict the set of
-    enctypes which will be negotiated during context establisment to those in
-    the provided list.
-
-    Warning:
-        The cred_handle should not be ``GSS_C_NO_CREDENTIAL``.
-
-    Args:
-        cred_hande (Creds): the credential handle
-        ktypes (List[int]): list of enctypes allowed
-
-    Returns:
-        None
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_krb5.pyx b/gssapi/raw/ext_krb5.pyx
deleted file mode 100644
index d6134a30..00000000
--- a/gssapi/raw/ext_krb5.pyx
+++ /dev/null
@@ -1,360 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-import typing
-
-from libc.stdint cimport int32_t, int64_t, uint64_t, uintptr_t, UINT32_MAX
-from libc.stdlib cimport calloc, free
-from libc.time cimport time_t
-
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.cython_converters cimport c_make_oid
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.sec_contexts cimport SecurityContext
-
-from gssapi.raw import types as gsstypes
-from gssapi.raw.named_tuples import CfxKeyData, Rfc1964KeyData
-
-from gssapi.raw.misc import GSSError
-
-
-cdef extern from "python_gssapi_krb5.h":
-    # Heimdal on macOS hides these 3 functions behind a private symbol
-    """
-    #ifdef OSX_HAS_GSS_FRAMEWORK
-    #define gsskrb5_extract_authtime_from_sec_context \
-        __ApplePrivate_gsskrb5_extract_authtime_from_sec_context
-
-    #define gss_krb5_import_cred __ApplePrivate_gss_krb5_import_cred
-
-    #define gss_krb5_get_tkt_flags __ApplePrivate_gss_krb5_get_tkt_flags
-    #endif
-    """
-
-    cdef struct gss_krb5_lucid_key:
-        OM_uint32 type
-        OM_uint32 length
-        void *data
-    ctypedef gss_krb5_lucid_key gss_krb5_lucid_key_t
-
-    cdef struct gss_krb5_rfc1964_keydata:
-        OM_uint32 sign_alg
-        OM_uint32 seal_alg
-        gss_krb5_lucid_key_t ctx_key
-    ctypedef gss_krb5_rfc1964_keydata gss_krb5_rfc1964_keydata_t
-
-    cdef struct gss_krb5_cfx_keydata:
-        OM_uint32 have_acceptor_subkey
-        gss_krb5_lucid_key_t ctx_key
-        gss_krb5_lucid_key_t acceptor_subkey
-    ctypedef gss_krb5_cfx_keydata gss_krb5_cfx_keydata_t
-
-    cdef struct gss_krb5_lucid_context_v1:
-        OM_uint32 version
-        OM_uint32 initiate
-        OM_uint32 endtime
-        uint64_t send_seq
-        uint64_t recv_seq
-        OM_uint32 protocol
-        gss_krb5_rfc1964_keydata_t rfc1964_kd
-        gss_krb5_cfx_keydata_t cfx_kd
-    ctypedef gss_krb5_lucid_context_v1 gss_krb5_lucid_context_v1_t
-
-    gss_OID GSS_KRB5_NT_PRINCIPAL_NAME
-    int32_t _PY_GSSAPI_KRB5_TIMESTAMP
-
-    # The krb5 specific types are defined generically as the type names differ
-    # across GSSAPI implementations.
-
-    OM_uint32 gss_krb5_ccache_name(OM_uint32 *minor_status, const char *name,
-                                   const char **out_name) nogil
-
-    OM_uint32 gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
-                                                gss_ctx_id_t *context_handle,
-                                                OM_uint32 version,
-                                                void **kctx) nogil
-
-    # The actual authtime size differs across implementations.  See individual
-    # methods for more information.
-    OM_uint32 gsskrb5_extract_authtime_from_sec_context(
-        OM_uint32 *minor_status, gss_ctx_id_t context_handle,
-        void *authtime) nogil
-
-    OM_uint32 gsskrb5_extract_authz_data_from_sec_context(
-        OM_uint32 *minor_status, const gss_ctx_id_t context_handle,
-        int ad_type, gss_buffer_t ad_data) nogil
-
-    OM_uint32 gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
-                                              void *kctx) nogil
-
-    OM_uint32 gss_krb5_import_cred(OM_uint32 *minor_status,
-                                   void *id,  # krb5_ccache
-                                   void *keytab_principal,  # krb5_principal
-                                   void *keytab,  # krb5_keytab
-                                   gss_cred_id_t *cred) nogil
-
-    # MIT uses a int32_t whereas Heimdal uses uint32_t.  Use void * to satisfy
-    # the compiler.
-    OM_uint32 gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
-                                     gss_ctx_id_t context_handle,
-                                     void *ticket_flags) nogil
-
-    OM_uint32 gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
-                                              gss_cred_id_t cred,
-                                              OM_uint32 num_ktypes,
-                                              int32_t *ktypes) nogil
-
-
-cdef class Krb5LucidContext:
-    # defined in pxd
-    # cdef void *raw_ctx
-
-    def __cinit__(Krb5LucidContext self):
-        self.raw_ctx = NULL
-
-    def __dealloc__(Krb5LucidContext self):
-        cdef OM_uint32 min_stat = 0
-
-        if self.raw_ctx:
-            gss_krb5_free_lucid_sec_context(&min_stat, self.raw_ctx)
-            self.raw_ctx = NULL
-
-
-cdef class Krb5LucidContextV1(Krb5LucidContext):
-
-    @property
-    def version(self) -> typing.Optional[int]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx:
-            ctx = self.raw_ctx
-            return ctx.version
-
-    @property
-    def is_initiator(self) -> typing.Optional[bool]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx:
-            ctx = self.raw_ctx
-            return ctx.initiate != 0
-
-    @property
-    def endtime(self) -> typing.Optional[int]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx:
-            ctx = self.raw_ctx
-            return ctx.endtime
-
-    @property
-    def send_seq(self) -> typing.Optional[int]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx:
-            ctx = self.raw_ctx
-            return ctx.send_seq
-
-    @property
-    def recv_seq(self) -> typing.Optional[int]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx:
-            ctx = self.raw_ctx
-            return ctx.recv_seq
-
-    @property
-    def protocol(self) -> typing.Optional[int]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx:
-            ctx = self.raw_ctx
-            return ctx.protocol
-
-    @property
-    def rfc1964_kd(self) -> typing.Optional[Rfc1964KeyData]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx != NULL and self.protocol == 0:
-            ctx = self.raw_ctx
-            kd = ctx.rfc1964_kd
-            key = (kd.ctx_key.data)[:kd.ctx_key.length]
-
-            return Rfc1964KeyData(kd.sign_alg, kd.seal_alg, kd.ctx_key.type,
-                                  key)
-
-    @property
-    def cfx_kd(self) -> typing.Optional[CfxKeyData]:
-        cdef gss_krb5_lucid_context_v1_t *ctx = NULL
-
-        if self.raw_ctx != NULL and self.protocol == 1:
-            ctx = self.raw_ctx
-            kd = ctx.cfx_kd
-            ctx_type = ctx_key = acceptor_type = acceptor_key = None
-
-            ctx_type = kd.ctx_key.type
-            ctx_key = (kd.ctx_key.data)[:kd.ctx_key.length]
-
-            if kd.have_acceptor_subkey != 0:
-                acceptor_type = kd.acceptor_subkey.type
-                key = kd.acceptor_subkey
-                acceptor_key = (key.data)[:key.length]
-
-            return CfxKeyData(ctx_type, ctx_key, acceptor_type,
-                              acceptor_key)
-
-
-# Unfortunately MIT defines it as const - use the cast to silence warnings
-gsstypes.NameType.krb5_nt_principal_name = c_make_oid(
-    GSS_KRB5_NT_PRINCIPAL_NAME)
-
-
-def krb5_ccache_name(const unsigned char[:] name):
-    cdef const char *name_ptr = NULL
-    if name is not None and len(name):
-        name_ptr = &name[0]
-
-    cdef const char *old_name_ptr = NULL
-    cdef OM_uint32 maj_stat, min_stat
-    with nogil:
-        maj_stat = gss_krb5_ccache_name(&min_stat, name_ptr, &old_name_ptr)
-
-    if maj_stat == GSS_S_COMPLETE:
-        out_name = None
-        if old_name_ptr:
-            out_name = old_name_ptr
-
-        return out_name
-
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def krb5_export_lucid_sec_context(SecurityContext context not None,
-                                  OM_uint32 version):
-    info = {
-        1: Krb5LucidContextV1,
-    }.get(version, Krb5LucidContext)()
-    cdef void **raw_ctx = &(info).raw_ctx
-
-    cdef OM_uint32 maj_stat, min_stat
-    with nogil:
-        maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
-                                                     &context.raw_ctx,
-                                                     version, raw_ctx)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-    return info
-
-
-def krb5_extract_authtime_from_sec_context(SecurityContext context not None):
-    # In Heimdal, authtime is time_t which is either a 4 or 8 byte int.  By
-    # passing in a uint64_t reference, there should be enough space for GSSAPI
-    # to store the data in either situation. Coming back to Python it will be
-    # handled as a normal int without loosing data.
-    cdef uint64_t time = 0
-
-    cdef OM_uint32 maj_stat, min_stat
-    with nogil:
-        maj_stat = gsskrb5_extract_authtime_from_sec_context(&min_stat,
-                                                             context.raw_ctx,
-                                                             &time)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-    return time
-
-
-def krb5_extract_authz_data_from_sec_context(SecurityContext context not None,
-                                             ad_type):
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc ad_data = gss_buffer_desc(0, NULL)
-    cdef int ad_type_val = ad_type
-
-    cdef OM_uint32 maj_stat, min_stat
-    with nogil:
-        maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
-                                                               context.raw_ctx,
-                                                               ad_type_val,
-                                                               &ad_data)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-    try:
-        return (ad_data.value)[:ad_data.length]
-
-    finally:
-        gss_release_buffer(&min_stat, &ad_data)
-
-
-def krb5_import_cred(Creds cred_handle not None, cache=None,
-                     keytab_principal=None, keytab=None):
-    cdef void *cache_ptr = NULL
-    if cache is not None and cache:
-        cache_ptr = (cache)
-
-    cdef void *keytab_princ = NULL
-    if keytab_principal is not None and keytab_principal:
-        keytab_princ = (keytab_principal)
-
-    cdef void *kt = NULL
-    if keytab is not None and keytab:
-        kt = (keytab)
-
-    if cache_ptr == NULL and kt == NULL:
-        raise ValueError("Either cache or keytab must be set")
-
-    cdef OM_uint32 maj_stat, min_stat
-    with nogil:
-        maj_stat = gss_krb5_import_cred(&min_stat, cache_ptr, keytab_princ,
-                                        kt, &cred_handle.raw_creds)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-
-def krb5_get_tkt_flags(SecurityContext context not None):
-    cdef OM_uint32 maj_stat, min_stat
-    cdef uint32_t ticket_flags = 0
-
-    with nogil:
-        maj_stat = gss_krb5_get_tkt_flags(&min_stat, context.raw_ctx,
-                                          &ticket_flags)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-    return ticket_flags
-
-
-def krb5_set_allowable_enctypes(Creds cred_handle not None,
-                                ktypes):
-    cdef OM_uint32 maj_stat, min_stat
-
-    # This shouldn't ever happen but it's here to satisfy compiler warnings
-    cdef size_t ktypes_count = len(ktypes)
-    if ktypes_count > UINT32_MAX:
-        raise ValueError("ktypes list size too large")
-
-    cdef uint32_t count = ktypes_count
-    cdef int32_t *enc_types = calloc(count, sizeof(int32_t))
-    if not enc_types:
-        raise MemoryError()
-
-    try:
-        for i, val in enumerate(ktypes):
-            enc_types[i] = val
-
-        with nogil:
-            maj_stat = gss_krb5_set_allowable_enctypes(&min_stat,
-                                                       cred_handle.raw_creds,
-                                                       count,
-                                                       enc_types)
-
-    finally:
-        free(enc_types)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_password.pyi b/gssapi/raw/ext_password.pyi
deleted file mode 100644
index f926701f..00000000
--- a/gssapi/raw/ext_password.pyi
+++ /dev/null
@@ -1,41 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import AcquireCredResult
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-
-
-def acquire_cred_with_password(
-    name: "Name",
-    password: bytes,
-    lifetime: t.Optional[int] = None,
-    mechs: t.Optional[t.Iterable["OID"]] = None,
-    usage: str = 'initiate',
-) -> "AcquireCredResult":
-    """Acquire credentials through provided password.
-
-    This function is originally from Solaris and is not documented by either
-    MIT or Heimdal.
-
-    In general, it functions similarly to
-    :func:`~gssapi.raw.creds.acquire_cred`.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to acquire credentials for
-        password (bytes): the password used to acquire credentialss with
-        lifetime (int): the lifetime for the credentials in seconds (or None
-            for indefinite)
-        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
-            the credentials should work (or None for the default set)
-        usage (str): usage type for credentials.  Possible values:
-            'initiate' (default), 'accept', 'both' (failsafe).
-
-    Returns:
-        AcquireCredResult: the resulting credentials, the actual mechanisms
-        with which they may be used, and their actual lifetime in seconds (or
-        None for indefinite or not supported)
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_password.pyx b/gssapi/raw/ext_password.pyx
deleted file mode 100644
index 33b2bae1..00000000
--- a/gssapi/raw/ext_password.pyx
+++ /dev/null
@@ -1,75 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cythin
-
-# Due to a bug in MIT Kerberos, add_cred_with_password was not properly
-# exported for some time.  In order to work around this,
-# add_cred_with_password is in its own file.  For more information, see:
-# https://github.com/krb5/krb5/pull/244
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.cython_converters cimport c_py_ttl_to_c, c_c_ttl_to_py
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.names cimport Name
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import AcquireCredResult
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_acquire_cred_with_password(OM_uint32 *min_stat,
-                                             const gss_name_t desired_name,
-                                             const gss_buffer_t password,
-                                             OM_uint32 ttl,
-                                             const gss_OID_set desired_mechs,
-                                             gss_cred_usage_t cred_usage,
-                                             gss_cred_id_t *output_creds,
-                                             gss_OID_set *actual_mechs,
-                                             OM_uint32 *actual_ttl) nogil
-
-
-def acquire_cred_with_password(Name name not None, password not None,
-                               lifetime=None, mechs=None, usage="initiate"):
-    cdef gss_buffer_desc password_buffer = gss_buffer_desc(len(password),
-                                                           password)
-
-    cdef OM_uint32 input_ttl = c_py_ttl_to_c(lifetime)
-
-    cdef gss_OID_set desired_mechs
-    if mechs is not None:
-        desired_mechs = c_get_mech_oid_set(mechs)
-    else:
-        desired_mechs = GSS_C_NO_OID_SET
-
-    cdef gss_cred_usage_t c_usage
-    if usage == "initiate":
-        c_usage = GSS_C_INITIATE
-    elif usage == "accept":
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_acquire_cred_with_password(
-            &min_stat, name.raw_name, &password_buffer, input_ttl,
-            desired_mechs, c_usage, &creds, &actual_mechs, &actual_ttl)
-
-    cdef OM_uint32 tmp_min_stat
-    if mechs is not None:
-        gss_release_oid_set(&tmp_min_stat, &desired_mechs)
-
-    cdef Creds rc = Creds()
-    if maj_stat == GSS_S_COMPLETE:
-        rc.raw_creds = creds
-        return AcquireCredResult(rc, c_create_oid_set(actual_mechs),
-                                 c_c_ttl_to_py(actual_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_password_add.pyi b/gssapi/raw/ext_password_add.pyi
deleted file mode 100644
index a09bb3d2..00000000
--- a/gssapi/raw/ext_password_add.pyi
+++ /dev/null
@@ -1,48 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.named_tuples import AddCredResult
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-
-
-def add_cred_with_password(
-    input_cred: "Creds",
-    name: "Name",
-    mech: "OID",
-    password: bytes,
-    usage: str = 'initiate',
-    init_lifetime: t.Optional[int] = None,
-    accept_lifetime: t.Optional[int] = None,
-) -> "AddCredResult":
-    """Add a credential-element to a credential using provided password.
-
-    This function is originally from Solaris and is not documented by either
-    MIT or Heimdal.
-
-    In general, it functions similarly to :func:`~gssapi.raw.creds.add_cred`.
-
-    Args:
-        input_cred (~gssapi.raw.creds.Creds): the credentials to add to
-        name (~gssapi.raw.names.Name): the name to acquire credentials for
-        mech (~gssapi.raw.types.MechType): the desired mechanism.  Note that
-            this is both singular and required
-        password (bytes): the password used to acquire credentialss with
-        usage (str): the usage type for the credentials: may be
-            'initiate', 'accept', or 'both'
-        init_lifetime (int): the lifetime, in seconds, for the credentials to
-            remain valid when using them to initiate security contexts (or None
-            for indefinite)
-        accept_lifetime (int): the lifetime, in seconds, for the credentials to
-            remain valid when using them to accept security contexts (or None
-            for indefinite)
-
-    Returns:
-        AddCredResult: the actual mechanisms with which the credentials may be
-        used, the actual initiator TTL in seconds, and the actual acceptor TTL
-        in seconds (the TTLs may be None for indefinite or not supported)
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_password_add.pyx b/gssapi/raw/ext_password_add.pyx
deleted file mode 100644
index 9db07889..00000000
--- a/gssapi/raw/ext_password_add.pyx
+++ /dev/null
@@ -1,77 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cythin
-
-# Due to a bug in MIT Kerberos, add_cred_with_password was not properly
-# exported for some time.  In order to work around this,
-# add_cred_with_password is in its own file.  For more information, see:
-# https://github.com/krb5/krb5/pull/244
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.cython_converters cimport c_py_ttl_to_c, c_c_ttl_to_py
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import AddCredResult
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_add_cred_with_password(OM_uint32 *min_stat,
-                                         const gss_cred_id_t input_cred_handle,
-                                         const gss_name_t desired_name,
-                                         const gss_OID desired_mech,
-                                         const gss_buffer_t password,
-                                         gss_cred_usage_t cred_usage,
-                                         OM_uint32 initiator_ttl,
-                                         OM_uint32 acceptor_ttl,
-                                         gss_cred_id_t *output_creds,
-                                         gss_OID_set *actual_mechs,
-                                         OM_uint32 *actual_init_ttl,
-                                         OM_uint32 *actual_accept_ttl) nogil
-
-
-def add_cred_with_password(Creds input_cred not None, Name name not None,
-                           OID mech not None, password not None,
-                           usage="initiate", init_lifetime=None,
-                           accept_lifetime=None):
-    cdef gss_buffer_desc password_buffer = gss_buffer_desc(len(password),
-                                                           password)
-
-    cdef gss_cred_usage_t c_usage
-    if usage == "initiate":
-        c_usage = GSS_C_INITIATE
-    elif usage == "accept":
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef OM_uint32 input_initiator_ttl = c_py_ttl_to_c(init_lifetime)
-    cdef OM_uint32 input_acceptor_ttl = c_py_ttl_to_c(accept_lifetime)
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_initiator_ttl
-    cdef OM_uint32 actual_acceptor_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_add_cred_with_password(
-            &min_stat, input_cred.raw_creds, name.raw_name, &mech.raw_oid,
-            &password_buffer, c_usage, input_initiator_ttl,
-            input_acceptor_ttl, &creds, &actual_mechs, &actual_initiator_ttl,
-            &actual_acceptor_ttl)
-
-    cdef Creds rc
-    if maj_stat == GSS_S_COMPLETE:
-        rc = Creds()
-        rc.raw_creds = creds
-        return AddCredResult(rc, c_create_oid_set(actual_mechs),
-                             c_c_ttl_to_py(actual_initiator_ttl),
-                             c_c_ttl_to_py(actual_acceptor_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_rfc4178.pyi b/gssapi/raw/ext_rfc4178.pyi
deleted file mode 100644
index 6826bc1e..00000000
--- a/gssapi/raw/ext_rfc4178.pyi
+++ /dev/null
@@ -1,27 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.oids import OID
-
-
-def set_neg_mechs(
-    cred_handle: "Creds",
-    mech_set: t.Iterable["OID"],
-) -> None:
-    """
-    Specify the set of security mechanisms that may be negotiated with
-    the credential identified by cred_handle.
-    If more than one mechanism is specified in mech_set, the order in
-    which those mechanisms are specified implies a relative preference.
-
-    Args:
-        cred_handle (Creds): credentials to set negotiable mechanisms for
-        mech_set (~gssapi.raw.types.MechType): negotiable mechanisms to be set
-
-    Returns:
-        None
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_rfc4178.pyx b/gssapi/raw/ext_rfc4178.pyx
deleted file mode 100644
index 44db2f8f..00000000
--- a/gssapi/raw/ext_rfc4178.pyx
+++ /dev/null
@@ -1,31 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.creds cimport Creds
-
-from gssapi.raw.misc import GSSError
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_set_neg_mechs(
-        OM_uint32 *minor_status,
-        gss_cred_id_t cred_handle,
-        const gss_OID_set mech_set) nogil
-
-
-def set_neg_mechs(Creds cred_handle not None, mech_set not None):
-    cdef gss_OID_set negotiable_mechs = c_get_mech_oid_set(mech_set)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_set_neg_mechs(&min_stat, cred_handle.raw_creds,
-                                     negotiable_mechs)
-
-    cdef OM_uint32 tmp_min_stat
-    gss_release_oid_set(&tmp_min_stat, &negotiable_mechs)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return None
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_rfc5587.pyi b/gssapi/raw/ext_rfc5587.pyi
deleted file mode 100644
index 332a4063..00000000
--- a/gssapi/raw/ext_rfc5587.pyi
+++ /dev/null
@@ -1,63 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import InquireAttrsResult, DisplayAttrResult
-    from gssapi.raw.oids import OID
-
-
-def indicate_mechs_by_attrs(
-    desired_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
-    except_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
-    critical_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
-) -> t.Set["OID"]:
-    """Get a set of mechanisms that have the specified attributes.
-
-    Args:
-        desired_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
-            offer
-        except_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
-            NOT offer
-        critical_mech_attrs (~gssapi.OID): Attributes that the output mechs
-            MUST understand and offer
-
-    Returns:
-        ~gssapi.MechType: a set of mechs which satisfy the given criteria
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def inquire_attrs_for_mech(
-    mech: "OID",
-) -> "InquireAttrsResult":
-    """Gets the set of attrs supported and known by a mechanism.
-
-    Args:
-        mech (~gssapi.raw.types.MechType): Mechanism to inquire about
-
-    Returns:
-        InquireAttrsResult: the results of inquiry; a mech's attributes and
-        known attributes
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def display_mech_attr(
-    attr: "OID",
-) -> "DisplayAttrResult":
-    """Returns information about attributes in human readable form.
-
-    Args:
-        attr (~gssapi.OID): Mechanism attribute to retrieve names and
-            descriptions of
-
-    Returns:
-        DisplayAttrResult: the results of displaying the attribute; mech name,
-        short description, and long description.
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_rfc5587.pyx b/gssapi/raw/ext_rfc5587.pyx
deleted file mode 100644
index fbedf6ed..00000000
--- a/gssapi/raw/ext_rfc5587.pyx
+++ /dev/null
@@ -1,106 +0,0 @@
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.oids cimport OID
-from gssapi.raw.cython_converters cimport c_create_oid_set
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-
-from gssapi.raw.named_tuples import InquireAttrsResult, DisplayAttrResult
-from gssapi.raw.misc import GSSError
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_indicate_mechs_by_attrs(
-        OM_uint32 *minor_status,
-        const gss_OID_set desired_mech_attrs,
-        const gss_OID_set except_mech_attrs,
-        const gss_OID_set critical_mech_attrs,
-        gss_OID_set *mechs) nogil
-
-    OM_uint32 gss_inquire_attrs_for_mech(
-        OM_uint32 *minor_status,
-        const gss_OID mech,
-        gss_OID_set *mech_attrs,
-        gss_OID_set *known_mech_attrs) nogil
-
-    OM_uint32 gss_display_mech_attr(
-        OM_uint32 *minor_status,
-        const gss_OID mech_attr,
-        gss_buffer_t name,
-        gss_buffer_t short_desc,
-        gss_buffer_t long_desc) nogil
-
-
-def indicate_mechs_by_attrs(desired_mech_attrs=None, except_mech_attrs=None,
-                            critical_mech_attrs=None):
-    cdef OM_uint32 maj_stat, min_stat
-    cdef gss_OID_set desired_attrs = GSS_C_NO_OID_SET
-    cdef gss_OID_set except_attrs = GSS_C_NO_OID_SET
-    cdef gss_OID_set critical_attrs = GSS_C_NO_OID_SET
-    cdef gss_OID_set mechs
-
-    if desired_mech_attrs is not None:
-        desired_attrs = c_get_mech_oid_set(desired_mech_attrs)
-
-    if except_mech_attrs is not None:
-        except_attrs = c_get_mech_oid_set(except_mech_attrs)
-
-    if critical_mech_attrs is not None:
-        critical_attrs = c_get_mech_oid_set(critical_mech_attrs)
-
-    with nogil:
-        maj_stat = gss_indicate_mechs_by_attrs(&min_stat, desired_attrs,
-                                               except_attrs, critical_attrs,
-                                               &mechs)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return c_create_oid_set(mechs)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_attrs_for_mech(OID mech):
-    cdef OM_uint32 maj_stat, min_stat
-    cdef gss_OID m = GSS_C_NO_OID
-    cdef gss_OID_set mech_attrs = GSS_C_NO_OID_SET
-    cdef gss_OID_set known_mech_attrs = GSS_C_NO_OID_SET
-
-    if mech is not None:
-        m = &mech.raw_oid
-
-    with nogil:
-        maj_stat = gss_inquire_attrs_for_mech(&min_stat, m, &mech_attrs,
-                                              &known_mech_attrs)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return InquireAttrsResult(c_create_oid_set(mech_attrs),
-                                  c_create_oid_set(known_mech_attrs))
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def display_mech_attr(OID attr):
-    cdef OM_uint32 maj_stat, min_stat
-    cdef gss_OID a = GSS_C_NO_OID
-    cdef gss_buffer_desc name
-    cdef gss_buffer_desc short_desc
-    cdef gss_buffer_desc long_desc
-
-    if attr is not None:
-        a = &attr.raw_oid
-
-    with nogil:
-        maj_stat = gss_display_mech_attr(&min_stat, a, &name, &short_desc,
-                                         &long_desc)
-
-    if maj_stat == GSS_S_COMPLETE:
-        out_name = (name.value)[:name.length]
-        out_short = (short_desc.value)[:short_desc.length]
-        out_long = (long_desc.value)[:long_desc.length]
-
-        gss_release_buffer(&min_stat, &name)
-        gss_release_buffer(&min_stat, &short_desc)
-        gss_release_buffer(&min_stat, &long_desc)
-
-        return DisplayAttrResult(out_name, out_short, out_long)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_rfc5588.pyi b/gssapi/raw/ext_rfc5588.pyi
deleted file mode 100644
index 320b74aa..00000000
--- a/gssapi/raw/ext_rfc5588.pyi
+++ /dev/null
@@ -1,42 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.named_tuples import StoreCredResult
-    from gssapi.raw.oids import OID
-
-
-def store_cred(
-    creds: "Creds",
-    usage: str = 'both',
-    mech: t.Optional["OID"] = None,
-    overwrite: bool = False,
-    set_default: bool = False,
-) -> "StoreCredResult":
-    """Store credentials into the default store.
-
-    This method stores the given credentials into the default store.
-    They may then be retrieved later using
-    :func:`~gssapi.raw.creds.acquire_cred`.
-
-    Args:
-        creds (Creds): the credentials to store
-        usage (str): the usage to store the credentials with -- either
-            'both', 'initiate', or 'accept'
-        mech (~gssapi.OID): the mechansim to associate with the stored
-            credentials
-        overwrite (bool): whether or not to overwrite existing credentials
-            stored with the same name, etc
-        set_default (bool): whether or not to set these credentials as
-            the default credentials for the given store.
-
-    Returns:
-        StoreCredResult: the results of the credential storing operation
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-        ~gssapi.exceptions.ExpiredCredentialsError
-        ~gssapi.exceptions.MissingCredentialsError
-        ~gssapi.exceptions.OperationUnavailableError
-        ~gssapi.exceptions.DuplicateCredentialsElementError
-    """
diff --git a/gssapi/raw/ext_rfc5588.pyx b/gssapi/raw/ext_rfc5588.pyx
deleted file mode 100644
index 95b924f5..00000000
--- a/gssapi/raw/ext_rfc5588.pyx
+++ /dev/null
@@ -1,68 +0,0 @@
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.names cimport Name
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.oids cimport OID
-from gssapi.raw.cython_converters cimport c_create_oid_set
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_c_ttl_to_py, c_py_ttl_to_c
-
-from gssapi.raw.named_tuples import StoreCredResult
-from gssapi.raw.misc import GSSError
-
-cdef extern from "python_gssapi.h":
-    OM_uint32 gss_store_cred(OM_uint32 *min_stat,
-                             gss_cred_id_t input_creds,
-                             gss_cred_usage_t cred_usage,
-                             gss_OID desired_mech,
-                             OM_uint32 overwrite_cred,
-                             OM_uint32 default_cred,
-                             gss_OID_set *elements_stored,
-                             gss_cred_usage_t *actual_usage) nogil
-
-
-def store_cred(Creds creds not None, usage='both', OID mech=None,
-               bint overwrite=False, bint set_default=False):
-    cdef gss_OID desired_mech
-    if mech is not None:
-        desired_mech = &mech.raw_oid
-    else:
-        desired_mech = GSS_C_NO_OID
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_cred_id_t c_creds = creds.raw_creds
-
-    cdef gss_OID_set actual_mech_types
-    cdef gss_cred_usage_t actual_usage
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_store_cred(&min_stat, c_creds, c_usage,
-                                  desired_mech, overwrite,
-                                  set_default, &actual_mech_types,
-                                  &actual_usage)
-
-    if maj_stat == GSS_S_COMPLETE:
-        if actual_usage == GSS_C_INITIATE:
-            py_actual_usage = 'initiate'
-        elif actual_usage == GSS_C_ACCEPT:
-            py_actual_usage = 'accept'
-        else:
-            py_actual_usage = 'both'
-
-        return StoreCredResult(c_create_oid_set(actual_mech_types),
-                               py_actual_usage)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_rfc5801.pyi b/gssapi/raw/ext_rfc5801.pyi
deleted file mode 100644
index 55a7d06d..00000000
--- a/gssapi/raw/ext_rfc5801.pyi
+++ /dev/null
@@ -1,39 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import InquireSASLNameResult
-    from gssapi.raw.oids import OID
-
-
-def inquire_saslname_for_mech(
-    mech: "OID",
-) -> "InquireSASLNameResult":
-    """Gets information about a specified mech, including the SASL name,
-    the mech name, and the mech description.
-
-    Args:
-        mech (~gssapi.OID): Mechanism to inquire about
-
-    Returns:
-        InquireSASLNameResult: the results of inquiry; a mech's SASL name,
-        name, and description.
-
-    Raises:
-        ~gssapi.exceptions.GSSError: an unknown failure occurred
-    """
-
-
-def inquire_mech_for_saslname(
-    sasl_name: bytes,
-) -> "OID":
-    """Gets the OID for the mech specified by SASL name.
-
-    Args:
-        sasl_name (bytes): SASL name of the mechanism
-
-    Returns:
-        ~gssapi.OID: the mechanism with corresponding SASL name.
-
-    Raises:
-        ~gssapi.exceptions.GSSError: An unknown failure occurred
-    """
diff --git a/gssapi/raw/ext_rfc5801.pyx b/gssapi/raw/ext_rfc5801.pyx
deleted file mode 100644
index 4d9f5837..00000000
--- a/gssapi/raw/ext_rfc5801.pyx
+++ /dev/null
@@ -1,65 +0,0 @@
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.oids cimport OID
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_converters cimport c_make_oid
-
-from gssapi.raw.named_tuples import InquireSASLNameResult
-from gssapi.raw.misc import GSSError
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_inquire_saslname_for_mech(
-        OM_uint32 *min_stat,
-        const gss_OID desired_mech,
-        gss_buffer_t sasl_mech_name,
-        gss_buffer_t mech_name,
-        gss_buffer_t mech_description) nogil
-
-    OM_uint32 gss_inquire_mech_for_saslname(
-        OM_uint32 *min_stat,
-        const gss_buffer_t sasl_mech_name,
-        gss_OID *mech_type) nogil
-
-
-def inquire_saslname_for_mech(OID mech not None):
-    cdef OM_uint32 maj_stat, min_stat
-    cdef gss_buffer_desc sasl_mech_name
-    cdef gss_buffer_desc mech_name
-    cdef gss_buffer_desc mech_desc
-    cdef gss_OID m = GSS_C_NO_OID
-
-    m = &mech.raw_oid
-
-    with nogil:
-        maj_stat = gss_inquire_saslname_for_mech(&min_stat, m, &sasl_mech_name,
-                                                 &mech_name, &mech_desc)
-
-    if maj_stat == GSS_S_COMPLETE:
-        out_smn = (sasl_mech_name.value)[:sasl_mech_name.length]
-        out_mn = (mech_name.value)[:mech_name.length]
-        out_md = (mech_desc.value)[:mech_desc.length]
-
-        gss_release_buffer(&min_stat, &sasl_mech_name)
-        gss_release_buffer(&min_stat, &mech_name)
-        gss_release_buffer(&min_stat, &mech_desc)
-
-        return InquireSASLNameResult(out_smn, out_mn, out_md)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_mech_for_saslname(bytes sasl_name not None):
-    cdef OM_uint32 maj_stat, min_stat
-    cdef gss_buffer_desc sn
-    cdef gss_OID m
-
-    sn.length = len(sasl_name)
-    sn.value = sasl_name
-
-    with nogil:
-        maj_stat = gss_inquire_mech_for_saslname(&min_stat, &sn, &m)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return c_make_oid(m)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_rfc6680.pyi b/gssapi/raw/ext_rfc6680.pyi
deleted file mode 100644
index e84efb07..00000000
--- a/gssapi/raw/ext_rfc6680.pyi
+++ /dev/null
@@ -1,169 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import (
-        GetNameAttributeResult,
-        InquireNameResult,
-    )
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-
-
-def display_name_ext(
-    name: "Name",
-    name_type: "OID",
-) -> bytes:
-    """Display the given Name using the given name type.
-
-    This method attempts to display the given Name using the syntax of
-    the given name type.  If this is not possible, an appropriate error
-    will be raised.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to display
-        name_type (~gssapi.OID): the name type (see NameType) to use to
-            display the given name
-
-    Returns:
-        bytes: the displayed name
-
-    Raises:
-        ~gssapi.exceptions.OperationUnavailableError: the given name could not
-            be displayed using the given name type
-    """
-
-
-def inquire_name(
-    name: "Name",
-    mech_name: bool = True,
-    attrs: bool = True,
-) -> "InquireNameResult":
-    """Get information about a Name.
-
-    This method retrieves information about the given name, including
-    the set of attribute names for the given name, as well as whether or
-    not the name is a mechanism name.  Additionally, if the given name is
-    a mechanism name, the associated mechansim is returned as well.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name about which to inquire
-        mech_name (bool): whether or not to retrieve if this name
-            is a mech_name (and the associate mechanism)
-        attrs (bool): whether or not to retrieve the attribute name list
-
-    Returns:
-        InquireNameResult: the set of attribute names for the given name,
-        whether or not the name is a Mechanism Name, and potentially
-        the associated mechanism if it is a Mechanism Name
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def set_name_attribute(
-    name: "Name",
-    attr: bytes,
-    value: t.Iterable[bytes],
-    complete: bool = False,
-) -> None:
-    """Set the value(s) of a name attribute.
-
-    This method sets the value(s) of the given attribute on the given name.
-
-    Note that this functionality more closely matches the pseudo-API
-    presented in RFC 6680, not the C API (which uses multiple calls to
-    add multiple values).  However, multiple calls to this method will
-    continue adding values, so :func:`delete_name_attribute` must be
-    used in between calls to "clear" the values.
-
-    Args:
-        name (~gssapi.raw.names.Name): the Name on which to set the attribute
-        attr (bytes): the name of the attribute
-        value (list): a list of bytes objects to use as the value(s)
-        complete (bool): whether or not to mark this attribute's value
-            set as being "complete"
-
-    Raises:
-        ~gssapi.exceptions.OperationUnavailableError: the given attribute name
-            is unknown or could not be set
-    """
-
-
-def get_name_attribute(
-    name: "Name",
-    attr: bytes,
-    more: t.Optional[int] = None,
-) -> "GetNameAttributeResult":
-    """Get the value(s) of a name attribute.
-
-    This method retrieves the value(s) of the given attribute
-    for the given Name.
-
-    Note that this functionality matches pseudo-API presented
-    in RFC 6680, not the C API (which uses a state variable and
-    multiple calls to retrieve multiple values).
-
-    Args:
-        name (~gssapi.raw.names.Name): the Name from which to get the attribute
-        attr (bytes): the name of the attribute
-
-    Returns:
-        GetNameAttributeResult: the raw version of the value(s),
-        the human-readable version of the value(s), whether
-        or not the attribute was authenticated, and whether or
-        not the attribute's value set was marked as complete
-
-    Raises:
-        ~gssapi.exceptions.OperationUnavailableError: the given attribute is
-            unknown or unset
-    """
-
-
-def delete_name_attribute(
-    name: "Name",
-    attr: bytes,
-) -> None:
-    """Remove an attribute from a name.
-
-    This method removes an attribute from a Name.  This method may be
-    used before :func:`set_name_attribute` clear the values of an attribute
-    before setting a new value (making the latter method work like a 'set'
-    operation instead of an 'add' operation).
-
-    Note that the removal of certain attributes may not be allowed.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to remove the attribute from
-        attr (bytes): the name of the attribute
-
-    Raises:
-        ~gssapi.exceptions.OperationUnavailableError
-        ~gssapi.exceptions.UnauthorizedError
-    """
-
-
-def export_name_composite(
-    name: "Name",
-) -> bytes:
-    """Export a name, preserving attribute information.
-
-    This method functions similarly to :func:`~gssapi.raw.names.export_name`,
-    except that it preserves attribute information.  The resulting bytes may be
-    imported using :func:`~gssapi.raw.names.import_name` with the
-    :attr:`~gssapi.raw.types.NameType.composite_export` name type.
-
-    Note:
-        Some versions of MIT Kerberos require you to either canonicalize a name
-        once it has been imported with composite-export name type, or to import
-        using the normal export name type.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to export
-
-    Returns:
-        bytes: the exported composite name
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_rfc6680.pyx b/gssapi/raw/ext_rfc6680.pyx
deleted file mode 100644
index 70adcce3..00000000
--- a/gssapi/raw/ext_rfc6680.pyx
+++ /dev/null
@@ -1,181 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.ext_buffer_sets cimport *
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import InquireNameResult, GetNameAttributeResult
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_display_name_ext(OM_uint32 *min_stat, gss_name_t name,
-                                   gss_OID name_type,
-                                   gss_buffer_t output_name) nogil
-
-    OM_uint32 gss_inquire_name(OM_uint32 *min_stat, gss_name_t name,
-                               int *name_is_mn, gss_OID *mech_type,
-                               gss_buffer_set_t *attrs) nogil
-
-    OM_uint32 gss_get_name_attribute(OM_uint32 *min_stat, gss_name_t name,
-                                     gss_buffer_t attr, int *authenticated,
-                                     int *complete, gss_buffer_t value,
-                                     gss_buffer_t display_value,
-                                     int *more) nogil
-
-    OM_uint32 gss_set_name_attribute(OM_uint32 *min_stat, gss_name_t name,
-                                     int complete, gss_buffer_t attr,
-                                     gss_buffer_t value) nogil
-
-    OM_uint32 gss_delete_name_attribute(OM_uint32 *min_stat, gss_name_t name,
-                                        gss_buffer_t attr) nogil
-
-    OM_uint32 gss_export_name_composite(OM_uint32 *min_stat, gss_name_t name,
-                                        gss_buffer_t exported_name) nogil
-
-    # GSS_C_NT_COMPOSITE_EXPORT lives in ext_rfc6680_comp_oid.pyx
-
-
-def display_name_ext(Name name not None, OID name_type not None):
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_name = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_display_name_ext(&min_stat, name.raw_name,
-                                    &name_type.raw_oid, &output_name)
-
-    if maj_stat == GSS_S_COMPLETE:
-        name_text = (output_name.value)[:output_name.length]
-        gss_release_buffer(&min_stat, &output_name)
-        return name_text
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_name(Name name not None, mech_name=True, attrs=True):
-    cdef int *name_is_mn_ptr = NULL
-    cdef gss_OID *mn_mech_ptr = NULL
-    cdef gss_buffer_set_t *attr_names_ptr = NULL
-
-    cdef gss_buffer_set_t attr_names = GSS_C_NO_BUFFER_SET
-    if attrs:
-        attr_names_ptr = &attr_names
-
-    cdef int name_is_mn = 0
-    cdef gss_OID mn_mech
-    if mech_name:
-        name_is_mn_ptr = &name_is_mn
-        mn_mech_ptr = &mn_mech
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_inquire_name(&min_stat, name.raw_name, name_is_mn_ptr,
-                                mn_mech_ptr, attr_names_ptr)
-
-    cdef int i
-    cdef OID py_mech = None
-    if maj_stat == GSS_S_COMPLETE:
-        py_attr_names = []
-
-        if attr_names != GSS_C_NO_BUFFER_SET:
-            for i in range(attr_names.count):
-                attr_name = attr_names.elements[i]
-                py_attr_names.append(
-                    (attr_name.value)[:attr_name.length]
-                )
-
-            gss_release_buffer_set(&min_stat, &attr_names)
-
-        if name_is_mn:
-            py_mech = OID()
-            py_mech.raw_oid = mn_mech[0]
-
-        return InquireNameResult(py_attr_names, name_is_mn, py_mech)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def set_name_attribute(Name name not None, attr not None, value not None,
-                       bint complete=False):
-    cdef gss_buffer_desc attr_buff = gss_buffer_desc(len(attr), attr)
-    cdef gss_buffer_desc val_buff
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    cdef size_t value_len = len(value)
-    cdef size_t i
-    for val in value:
-        val_buff = gss_buffer_desc(len(val), val)
-        i += 1
-        if i == value_len:
-            maj_stat = gss_set_name_attribute(&min_stat, name.raw_name,
-                                              complete, &attr_buff, &val_buff)
-        else:
-            maj_stat = gss_set_name_attribute(&min_stat, name.raw_name, 0,
-                                              &attr_buff, &val_buff)
-
-        if maj_stat != GSS_S_COMPLETE:
-            raise GSSError(maj_stat, min_stat)
-
-
-def get_name_attribute(Name name not None, attr not None, more=None):
-    cdef gss_buffer_desc attr_buff = gss_buffer_desc(len(attr), attr)
-
-    cdef gss_buffer_desc val_buff = gss_buffer_desc(0, NULL)
-    cdef gss_buffer_desc displ_val_buff = gss_buffer_desc(0, NULL)
-    cdef int complete
-    cdef int authenticated
-
-    cdef int more_val = -1
-    py_vals = []
-    py_displ_vals = []
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    while more_val != 0:
-        maj_stat = gss_get_name_attribute(&min_stat, name.raw_name,
-                                          &attr_buff,
-                                          &authenticated, &complete,
-                                          &val_buff, &displ_val_buff,
-                                          &more_val)
-
-        if maj_stat == GSS_S_COMPLETE:
-            py_vals.append((val_buff.value)[:val_buff.length])
-            py_displ_vals.append(
-                (displ_val_buff.value)[:displ_val_buff.length])
-
-            gss_release_buffer(&min_stat, &val_buff)
-            gss_release_buffer(&min_stat, &displ_val_buff)
-        else:
-            raise GSSError(maj_stat, min_stat)
-
-    return GetNameAttributeResult(py_vals, py_displ_vals, authenticated,
-                                  complete)
-
-
-def delete_name_attribute(Name name not None, attr not None):
-    cdef gss_buffer_desc attr_buff = gss_buffer_desc(len(attr), attr)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_delete_name_attribute(&min_stat, name.raw_name,
-                                         &attr_buff)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-
-def export_name_composite(Name name not None):
-    cdef gss_buffer_desc res = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_export_name_composite(&min_stat, name.raw_name, &res)
-
-    if maj_stat == GSS_S_COMPLETE:
-        py_res = (res.value)[:res.length]
-        gss_release_buffer(&min_stat, &res)
-        return py_res
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_rfc6680_comp_oid.pyi b/gssapi/raw/ext_rfc6680_comp_oid.pyi
deleted file mode 100644
index e69de29b..00000000
diff --git a/gssapi/raw/ext_rfc6680_comp_oid.pyx b/gssapi/raw/ext_rfc6680_comp_oid.pyx
deleted file mode 100644
index f5b617b2..00000000
--- a/gssapi/raw/ext_rfc6680_comp_oid.pyx
+++ /dev/null
@@ -1,18 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport gss_OID
-from gssapi.raw.cython_converters cimport c_make_oid
-
-from gssapi.raw import types as gsstypes
-
-
-# NB(directxman12): this is placed in separate file since the
-# GSS_C_NT_COMPOSITE_EXPORT constant didn't appear in MIT
-# krb5 until 1.11.  However, due to the way that support was
-# written for composite tokens, simply using GSS_C_NT_EXPORT_NAME
-# will work in prior version which contain support for RFC 6680
-cdef extern from "python_gssapi_ext.h":
-    gss_OID GSS_C_NT_COMPOSITE_EXPORT
-
-
-gsstypes.NameType.composite_export = c_make_oid(GSS_C_NT_COMPOSITE_EXPORT)
diff --git a/gssapi/raw/ext_s4u.pyi b/gssapi/raw/ext_s4u.pyi
deleted file mode 100644
index 87987fcf..00000000
--- a/gssapi/raw/ext_s4u.pyi
+++ /dev/null
@@ -1,86 +0,0 @@
-"""Service4User Extension"""
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-
-
-def acquire_cred_impersonate_name(
-    impersonator_cred: "Creds",
-    name: "Name",
-    lifetime: t.Optional[int] = None,
-    mechs: t.Optional[t.Iterable["OID"]] = None,
-    usage: str = 'initiate',
-) -> "AcquireCredResult":
-    """Acquire credentials by impersonating another name.
-
-    This method is one of the ways to use S4U2Self.  It acquires credentials
-    by impersonating another name using a set of proxy credentials.  The
-    impersonator credentials must have a usage of 'both' or 'initiate'.
-
-    Args:
-        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
-            permissions to impersonate the target name
-        name (~gssapi.raw.names.Name): the name to impersonate
-        lifetime (int): the lifetime for the credentials (or None for
-            indefinite) in seconds
-        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
-            the credentials should work (or None for the default set)
-        usage (str): the usage type for the credentials: may be
-            'initiate', 'accept', or 'both'
-
-    Returns:
-        AcquireCredResult: the resulting credentials, the actual mechanisms
-        with which they may be used, and their actual lifetime in seconds (or
-        None for indefinite or not support)
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def add_cred_impersonate_name(
-    input_cred: "Creds",
-    impersonator_cred: "Creds",
-    name: "Name",
-    mech: "OID",
-    usage: str = 'initiate',
-    init_lifetime: t.Optional[int] = None,
-    accept_lifetime: t.Optional[int] = None,
-) -> "AddCredResult":
-    """Add a credentials element to a credential by impersonating another name.
-
-    This method is one of the ways to use S4U2Self.  It adds credentials
-    to the input credentials by impersonating another name using a set of
-    proxy credentials.  The impersonator credentials must have a usage of
-    'both' or 'initiate'.
-
-    Args:
-        input_cred (~gssapi.raw.creds.Creds): the set of credentials to which
-            to add the new credentials
-        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
-            permissions to impersonate the target name
-        name (~gssapi.raw.names.Name): the name to impersonate
-        mech (~gssapi.raw.types.MechType): the desired mechanism. Note that
-            this is both
-            singular and required, unlike acquireCredImpersonateName
-        usage (str): the usage type for the credentials: may be
-            'initiate', 'accept', or 'both'
-        init_lifetime (int): the lifetime, in seconds, for the credentials to
-            remain valid when using them to initiate security contexts (or None
-            for indefinite)
-        accept_lifetime (int): the lifetime, in seconds, for the credentials to
-            remain valid when using them to accept security contexts (or None
-            for indefinite)
-
-    Returns:
-        AddCredResult: the actual mechanisms with which the credentials may be
-        used, the actual initiator TTL in seconds, and the actual acceptor TTL
-        in seconds (the TTLs may be None for indefinite or not supported)
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_s4u.pyx b/gssapi/raw/ext_s4u.pyx
deleted file mode 100644
index b123e165..00000000
--- a/gssapi/raw/ext_s4u.pyx
+++ /dev/null
@@ -1,139 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.cython_converters cimport c_get_mech_oid_set
-from gssapi.raw.cython_converters cimport c_py_ttl_to_c, c_c_ttl_to_py
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
-
-
-cdef extern from "python_gssapi_ext.h":
-    OM_uint32 gss_acquire_cred_impersonate_name(OM_uint32 *min_stat,
-                                                const gss_cred_id_t imp_creds,
-                                                const gss_name_t name,
-                                                OM_uint32 ttl,
-                                                const gss_OID_set mechs,
-                                                gss_cred_usage_t cred_usage,
-                                                gss_cred_id_t *output_creds,
-                                                gss_OID_set *actual_mechs,
-                                                OM_uint32 *actual_ttl) nogil
-
-    OM_uint32 gss_add_cred_impersonate_name(OM_uint32 *min_stat,
-                                            gss_cred_id_t base_creds,
-                                            const gss_cred_id_t imp_creds,
-                                            const gss_name_t name,
-                                            const gss_OID mech,
-                                            gss_cred_usage_t cred_usage,
-                                            OM_uint32 initiator_ttl,
-                                            OM_uint32 acceptor_ttl,
-                                            gss_cred_id_t *output_creds,
-                                            gss_OID_set *actual_mechs,
-                                            OM_uint32 *actual_init_ttl,
-                                            OM_uint32 *actual_accept_ttl) nogil
-
-
-def acquire_cred_impersonate_name(Creds impersonator_cred not None,
-                                  Name name not None, lifetime=None,
-                                  mechs=None, usage='initiate'):
-    cdef gss_OID_set desired_mechs
-    if mechs is not None:
-        desired_mechs = c_get_mech_oid_set(mechs)
-    else:
-        desired_mechs = GSS_C_NO_OID_SET
-
-    cdef OM_uint32 input_ttl = c_py_ttl_to_c(lifetime)
-    cdef gss_name_t c_name = name.raw_name
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_acquire_cred_impersonate_name(
-            &min_stat, impersonator_cred.raw_creds, name.raw_name,
-            input_ttl, desired_mechs, c_usage, &creds, &actual_mechs,
-            &actual_ttl)
-
-    cdef OM_uint32 tmp_min_stat
-    if mechs is not None:
-        gss_release_oid_set(&tmp_min_stat, &desired_mechs)
-
-    cdef Creds rc = Creds()
-    if maj_stat == GSS_S_COMPLETE:
-        rc.raw_creds = creds
-        return AcquireCredResult(rc, c_create_oid_set(actual_mechs),
-                                 c_c_ttl_to_py(actual_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def add_cred_impersonate_name(Creds input_cred,
-                              Creds impersonator_cred not None,
-                              Name name not None, OID mech not None,
-                              usage='initiate', init_lifetime=None,
-                              accept_lifetime=None):
-    cdef OM_uint32 input_initiator_ttl = c_py_ttl_to_c(init_lifetime)
-    cdef OM_uint32 input_acceptor_ttl = c_py_ttl_to_c(accept_lifetime)
-    cdef gss_name_t c_name = name.raw_name
-
-    cdef gss_cred_usage_t c_usage
-    if usage == 'initiate':
-        c_usage = GSS_C_INITIATE
-    elif usage == 'accept':
-        c_usage = GSS_C_ACCEPT
-    elif usage == 'both':
-        c_usage = GSS_C_BOTH
-    else:
-        raise ValueError(f'Invalid usage "{usage}" - permitted values are '
-                         '"initiate", "accept", and "both"')
-
-    cdef gss_cred_id_t raw_input_cred
-    if input_cred is not None:
-        raw_input_cred = input_cred.raw_creds
-    else:
-        raw_input_cred = GSS_C_NO_CREDENTIAL
-
-    cdef gss_cred_id_t creds
-    cdef gss_OID_set actual_mechs
-    cdef OM_uint32 actual_initiator_ttl
-    cdef OM_uint32 actual_acceptor_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_add_cred_impersonate_name(&min_stat, raw_input_cred,
-                                                 impersonator_cred.raw_creds,
-                                                 name.raw_name, &mech.raw_oid,
-                                                 c_usage, input_initiator_ttl,
-                                                 input_acceptor_ttl, &creds,
-                                                 &actual_mechs,
-                                                 &actual_initiator_ttl,
-                                                 &actual_acceptor_ttl)
-
-    cdef Creds rc
-    if maj_stat == GSS_S_COMPLETE:
-        rc = Creds()
-        rc.raw_creds = creds
-        return AddCredResult(rc, c_create_oid_set(actual_mechs),
-                             c_c_ttl_to_py(actual_initiator_ttl),
-                             c_c_ttl_to_py(actual_acceptor_ttl))
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/ext_set_cred_opt.pyi b/gssapi/raw/ext_set_cred_opt.pyi
deleted file mode 100644
index eeb0e123..00000000
--- a/gssapi/raw/ext_set_cred_opt.pyi
+++ /dev/null
@@ -1,50 +0,0 @@
-"""
-gss_set_cred_option
-
-Provides a way to set options on a credential based on the OID specified. A
-common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
-credential. This is used for interoperability with Microsoft's SSPI.
-
-Note this function is commonly lumped with the GGF extensions but they are not
-part of the GGF IETF draft so it's separated into it's own file.
-
-Closest draft IETF document for the gss_set_cred_option can be found at
-https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01
-"""
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.oids import OID
-
-
-def set_cred_option(
-    desired_aspect: "OID",
-    creds: t.Optional["Creds"] = None,
-    value: t.Optional[bytes] = None,
-) -> "Creds":
-    """
-    This method is used to set options of a :class:`~gssapi.raw.creds.Creds`
-    object based on an OID key. The options that can be set depends on the mech
-    the credentials were created with.
-
-    An example of how this can be used would be to set the
-    GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
-    this flag is '1.2.752.43.13.29' and it requires no value to be set. This
-    must be set before the SecurityContext was initialised with the
-    credentials.
-
-    Args:
-        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
-            Credential to set.
-        cred_handle (~gssapi.raw.creds.Creds): the Credentials to set, or None
-            to create a new credential.
-        value (bytes): the value to set on the desired aspect of the Credential
-            or None to send GSS_C_EMPTY_BUFFER.
-
-    Returns:
-        Creds: The output credential.
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
diff --git a/gssapi/raw/ext_set_cred_opt.pyx b/gssapi/raw/ext_set_cred_opt.pyx
deleted file mode 100644
index b59d18d1..00000000
--- a/gssapi/raw/ext_set_cred_opt.pyx
+++ /dev/null
@@ -1,40 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.ext_buffer_sets cimport *
-from gssapi.raw.misc import GSSError
-from gssapi.raw.oids cimport OID
-from gssapi.raw.creds cimport Creds
-
-cdef extern from "python_gssapi_ext.h":
-
-    OM_uint32 gss_set_cred_option(OM_uint32 *minor_status,
-                                  gss_cred_id_t *cred,
-                                  const gss_OID desired_object,
-                                  const gss_buffer_t value) nogil
-
-
-def set_cred_option(OID desired_aspect not None, Creds creds=None, value=None):
-    cdef gss_buffer_desc value_buffer
-    if value is not None:
-        value_buffer = gss_buffer_desc(len(value), value)
-    else:
-        # GSS_C_EMPTY_BUFFER
-        value_buffer = gss_buffer_desc(0, NULL)
-
-    cdef Creds output_creds = creds
-    if output_creds is None:
-        output_creds = Creds()
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_set_cred_option(&min_stat,
-                                       &output_creds.raw_creds,
-                                       &desired_aspect.raw_oid,
-                                       &value_buffer)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return output_creds
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/mech_krb5.pyi b/gssapi/raw/mech_krb5.pyi
deleted file mode 100644
index e69de29b..00000000
diff --git a/gssapi/raw/mech_krb5.pyx b/gssapi/raw/mech_krb5.pyx
deleted file mode 100644
index 6cc602d5..00000000
--- a/gssapi/raw/mech_krb5.pyx
+++ /dev/null
@@ -1,21 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_make_oid
-
-from gssapi.raw import types as gsstypes
-
-"""Kerberos-specific constants
-
-Upon import, this module will populate
-Kerberos-specific constants into NameType
-and MechType.
-"""
-
-
-cdef extern from "python_gssapi_krb5.h":
-    gss_OID gss_mech_krb5
-    gss_OID GSS_KRB5_NT_PRINCIPAL_NAME
-
-gsstypes.NameType.kerberos_principal = c_make_oid(GSS_KRB5_NT_PRINCIPAL_NAME)
-gsstypes.MechType.kerberos = c_make_oid(gss_mech_krb5)
diff --git a/gssapi/raw/message.pyi b/gssapi/raw/message.pyi
deleted file mode 100644
index 04c6df5e..00000000
--- a/gssapi/raw/message.pyi
+++ /dev/null
@@ -1,156 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
-    from gssapi.sec_contexts import SecurityContext
-
-
-def get_mic(
-    context: "SecurityContext",
-    message: bytes,
-    qop: t.Optional[int] = None,
-) -> bytes:
-    """Generate a MIC for a message.
-
-    This method generates a Message Integrity Check token for the
-    given message.  This can be separately trasmitted to the other
-    entity, unlike wrap, which bundles the MIC and the message
-    together.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message for which to generate the MIC
-        qop (int): the requested Quality of Protection
-            (or None to use the default)
-
-    Returns:
-        bytes: the generated MIC token
-
-    Raises:
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.BadQoPError
-    """
-
-
-def verify_mic(
-    context: "SecurityContext",
-    message: bytes,
-    token: bytes,
-) -> int:
-    """Verify that a MIC matches a message.
-
-    This method verifies that the given MIC matches the given message.
-    If the MIC does not match the given message, an exception will
-    be raised.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message in question
-        token (bytes): the MIC token in question
-
-    Returns:
-        int: the QoP used.
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.BadMICError
-        ~gssapi.exceptions.DuplicateTokenError
-        ~gssapi.exceptions.ExpiredTokenError
-        ~gssapi.exceptions.TokenTooLateError
-        ~gssapi.exceptions.TokenTooEarlyError
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-    """
-
-
-def wrap_size_limit(
-    context: "SecurityContext",
-    output_size: int,
-    confidential: bool = True,
-    qop: t.Optional[int] = None,
-) -> int:
-    """Calculate the max message size.
-
-    This method calculates the unwrapped/unencrypted message size for
-    the given maximum wrapped/encrypted message size.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        output_size (int): the maximum desired wrapped/encrypted message size
-        confidential (bool): whether or not confidentiality is being used
-        qop (int): the QoP that will be when you actually call wrap
-            (or None for the default QoP)
-
-    Returns:
-        int: the maximum unencrypted/unwrapped message size
-
-    Raises:
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.BadQoPError
-    """
-
-
-def wrap(
-    context: "SecurityContext",
-    message: bytes,
-    confidential: bool = True,
-    qop: t.Optional[int] = None,
-) -> "WrapResult":
-    """Wrap/Encrypt a message.
-
-    This method wraps or encrypts a message (depending on the value
-    of confidential) with the given Quality of Protection.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message to wrap or encrypt
-        confidential (bool): whether or not to encrypt the message (True),
-            or just wrap it with a MIC (False)
-        qop (int): the desired Quality of Protection
-            (or None for the default QoP)
-
-    Returns:
-        WrapResult: the wrapped/encrypted message, and whether or not
-            encryption was actually used
-
-    Raises:
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.BadQoPError
-    """
-
-
-def unwrap(
-    context: "SecurityContext",
-    message: bytes,
-) -> "UnwrapResult":
-    """Unwrap/Decrypt a message.
-
-    This method unwraps or decrypts a message, depending
-    on whether the sender used confidentiality.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message to unwrap/decrypt
-
-    Returns:
-        UnwrapResult: the unwrapped/decrypted message, whether or on
-            encryption was used, and the QoP used
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.BadMICError
-        ~gssapi.exceptions.DuplicateTokenError
-        ~gssapi.exceptions.ExpiredTokenError
-        ~gssapi.exceptions.TokenTooLateError
-        ~gssapi.exceptions.TokenTooEarlyError
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-    """
diff --git a/gssapi/raw/message.pyx b/gssapi/raw/message.pyx
deleted file mode 100644
index 314ebf4d..00000000
--- a/gssapi/raw/message.pyx
+++ /dev/null
@@ -1,280 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.sec_contexts cimport SecurityContext
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import WrapResult, UnwrapResult
-
-
-cdef extern from "python_gssapi.h":
-    OM_uint32 gss_get_mic(OM_uint32 *min_stat,
-                          const gss_ctx_id_t context,
-                          gss_qop_t qop,
-                          const gss_buffer_t message,
-                          gss_buffer_t output_token) nogil
-
-    OM_uint32 gss_verify_mic(OM_uint32 *min_stat,
-                             const gss_ctx_id_t context,
-                             const gss_buffer_t message,
-                             const gss_buffer_t token,
-                             gss_qop_t *qop) nogil
-
-    OM_uint32 gss_wrap_size_limit(OM_uint32 *min_stat,
-                                  const gss_ctx_id_t context,
-                                  int conf_req,
-                                  gss_qop_t qop,
-                                  OM_uint32 max_output_size,
-                                  OM_uint32 *max_input_size) nogil
-
-    OM_uint32 gss_wrap(OM_uint32 *min_stat,
-                       const gss_ctx_id_t context,
-                       int conf_req,
-                       gss_qop_t qop,
-                       const gss_buffer_t input_message,
-                       int *conf_used,
-                       gss_buffer_t output_message) nogil
-
-    OM_uint32 gss_unwrap(OM_uint32 *min_stat,
-                         const gss_ctx_id_t context,
-                         const gss_buffer_t input_message,
-                         gss_buffer_t output_message,
-                         int *conf_used,
-                         gss_qop_t *qop) nogil
-
-
-def get_mic(SecurityContext context not None, message, qop=None):
-    """
-    get_mic(context, message, qop=None)
-    Generate a MIC for a message.
-
-    This method generates a Message Integrity Check token for the
-    given message.  This can be separately trasmitted to the other
-    entity, unlike wrap, which bundles the MIC and the message
-    together.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message for which to generate the MIC
-        qop (int): the requested Quality of Protection
-            (or None to use the default)
-
-    Returns:
-        bytes: the generated MIC token
-
-    Raises:
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.BadQoPError
-    """
-
-    cdef gss_buffer_desc message_buffer = gss_buffer_desc(len(message),
-                                                          message)
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-
-    # GSS_C_EMPYT_BUFFER
-    cdef gss_buffer_desc token_buffer = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_get_mic(&min_stat, context.raw_ctx, qop_req,
-                               &message_buffer, &token_buffer)
-
-    if maj_stat == GSS_S_COMPLETE:
-        res = (token_buffer.value)[:token_buffer.length]
-        gss_release_buffer(&min_stat, &token_buffer)
-        return res
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def verify_mic(SecurityContext context not None, message, token):
-    """
-    verify_mic(context, message, token)
-    Verify that a MIC matches a message.
-
-    This method verifies that the given MIC matches the given message.
-    If the MIC does not match the given message, an exception will
-    be raised.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message in question
-        token (bytes): the MIC token in question
-
-    Returns:
-        int: the QoP used.
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.BadMICError
-        ~gssapi.exceptions.DuplicateTokenError
-        ~gssapi.exceptions.ExpiredTokenError
-        ~gssapi.exceptions.TokenTooLateError
-        ~gssapi.exceptions.TokenTooEarlyError
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-    """
-
-    cdef gss_buffer_desc message_buffer = gss_buffer_desc(len(message),
-                                                          message)
-    cdef gss_buffer_desc token_buffer = gss_buffer_desc(len(token), token)
-
-    cdef gss_qop_t qop_state
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_verify_mic(&min_stat, context.raw_ctx, &message_buffer,
-                                  &token_buffer, &qop_state)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return qop_state
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def wrap_size_limit(SecurityContext context not None, OM_uint32 output_size,
-                    confidential=True, qop=None):
-    """
-    wrap_size_limit(context, output_size, confidential=True, qop=None)
-    Calculate the max message size.
-
-    This method calculates the unwrapped/unencrypted message size for
-    the given maximum wrapped/encrypted message size.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        output_size (int): the maximum desired wrapped/encrypted message size
-        confidential (bool): whether or not confidentiality is being used
-        qop (int): the QoP that will be when you actually call wrap
-            (or None for the default QoP)
-
-    Returns:
-        int: the maximum unencrypted/unwrapped message size
-
-    Raises:
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.BadQoPError
-    """
-
-    cdef int conf_req = confidential
-    cdef OM_uint32 qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-
-    cdef OM_uint32 max_input_size
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_wrap_size_limit(&min_stat, context.raw_ctx, conf_req,
-                                       qop_req, output_size, &max_input_size)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return max_input_size
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def wrap(SecurityContext context not None, message, confidential=True,
-         qop=None):
-    """
-    wrap(context, message, confidential=True, qop=None)
-    Wrap/Encrypt a message.
-
-    This method wraps or encrypts a message (depending on the value
-    of confidential) with the given Quality of Protection.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message to wrap or encrypt
-        confidential (bool): whether or not to encrypt the message (True),
-            or just wrap it with a MIC (False)
-        qop (int): the desired Quality of Protection
-            (or None for the default QoP)
-
-    Returns:
-        WrapResult: the wrapped/encrypted message, and whether or not
-            encryption was actually used
-
-    Raises:
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.BadQoPError
-    """
-
-    cdef int conf_req = confidential
-    cdef gss_qop_t qop_req = qop if qop is not None else GSS_C_QOP_DEFAULT
-    cdef gss_buffer_desc message_buffer = gss_buffer_desc(len(message),
-                                                          message)
-
-    cdef int conf_used
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_buffer = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_wrap(&min_stat, context.raw_ctx, conf_req, qop_req,
-                            &message_buffer, &conf_used, &output_buffer)
-
-    if maj_stat == GSS_S_COMPLETE:
-        output_message = (output_buffer.value)[:output_buffer.length]
-        gss_release_buffer(&min_stat, &output_buffer)
-        return WrapResult(output_message, conf_used)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def unwrap(SecurityContext context not None, message):
-    """
-    unwrap(context, message)
-    Unwrap/Decrypt a message.
-
-    This method unwraps or decrypts a message, depending
-    on whether the sender used confidentiality.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the current
-            security context
-        message (bytes): the message to unwrap/decrypt
-
-    Returns:
-        UnwrapResult: the unwrapped/decrypted message, whether or on
-            encryption was used, and the QoP used
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.BadMICError
-        ~gssapi.exceptions.DuplicateTokenError
-        ~gssapi.exceptions.ExpiredTokenError
-        ~gssapi.exceptions.TokenTooLateError
-        ~gssapi.exceptions.TokenTooEarlyError
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-    """
-
-    cdef gss_buffer_desc input_buffer = gss_buffer_desc(len(message), message)
-
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_buffer = gss_buffer_desc(0, NULL)
-    cdef int conf_state
-    cdef gss_qop_t qop_state
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_unwrap(&min_stat, context.raw_ctx, &input_buffer,
-                              &output_buffer, &conf_state, &qop_state)
-
-    if maj_stat == GSS_S_COMPLETE:
-        output_message = (output_buffer.value)[:output_buffer.length]
-        gss_release_buffer(&min_stat, &output_buffer)
-        return UnwrapResult(output_message, conf_state, qop_state)
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/misc.pyi b/gssapi/raw/misc.pyi
deleted file mode 100644
index 574b178f..00000000
--- a/gssapi/raw/misc.pyi
+++ /dev/null
@@ -1,166 +0,0 @@
-import typing as t
-
-from gssapi.raw.names import Name
-from gssapi.raw.oids import OID
-from gssapi.raw.types import MechType
-
-
-def indicate_mechs() -> t.Set[OID]:
-    """Get the currently supported mechanisms.
-
-    This method retrieves the currently supported GSSAPI mechanisms.
-    Note that if unknown mechanims are found, those will be skipped.
-    """
-
-
-def inquire_names_for_mech(
-    mech: OID,
-) -> t.Set[OID]:
-    """
-    inquire_names_for_mech(mech)
-    Get the name types supported by a mechanism.
-
-    This method retrieves the different name types supported by
-    the given mechanism.
-
-    Args:
-        mech (~gssapi.OID): the mechanism in question
-
-    Returns:
-        list: the name type OIDs supported by the given mechanism
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def inquire_mechs_for_name(
-    name: Name,
-) -> t.Set[OID]:
-    """
-    inquire_mechs_for_name(name)
-    List the mechanisms which can process a name.
-
-    This method lists the mechanisms which may be able to
-    process the given name.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name in question
-
-    Returns:
-        The mechanism OIDs able to process the given name
-
-    Raises:
-        ~gssapi.exceptions.GSSError
-    """
-
-
-def _display_status(
-    error_code: int,
-    is_major_code: bool,
-    mech: t.Optional[MechType] = None,
-    message_context: int = 0,
-) -> t.Tuple[bytes, int, bool]:
-    """
-    Display a string message for a GSSAPI error code.
-
-    This method displays a message for a corresponding GSSAPI error code.
-    Since some error codes might have multiple messages, a context parameter
-    may be passed to indicate where in the series of messages we currently are
-    (this is the second item in the return value tuple).  Additionally, the
-    third item in the return value tuple indicates whether or not more
-    messages are available.
-
-    Args:
-        error_code (int): The error code in question
-        is_major_code (bool): is this a major code (True) or a
-            minor code (False)
-        mech (~gssapi.raw.types.MechType): The mechanism type that returned
-            this error code (defaults to None, for the default mechanism)
-        message_context (int): The context for this call -- this is used when
-            multiple messages are available (defaults to 0)
-
-    Returns:
-        (bytes, int, bool): the message, the new message context, and
-            whether or not to call again for further messages
-
-    Raises:
-       ValueError
-    """
-
-
-class GSSError(Exception):
-    """
-    A GSSAPI Error
-
-    This Exception represents an error returned from the GSSAPI
-    C bindings.  It contains the major and minor status codes
-    returned by the method which caused the error, and can
-    generate human-readable string messages from the error
-    codes
-    """
-
-    maj_code: int
-    min_code: int
-    token: t.Optional[bytes]
-    calling_code: int
-    routine_code: int
-    supplementary_code: int
-
-    @classmethod
-    def _parse_major_code(
-        cls,
-        maj_code: int
-    ) -> t.Tuple[int, int, int]: ...
-
-    def __init__(
-        self,
-        maj_code: int,
-        min_code: int,
-        token: t.Optional[bytes] = None,
-    ) -> None:
-        """
-        Create a new GSSError.
-
-        This method creates a new GSSError,
-        retrieves the related human-readable
-        string messages, and uses the results to construct an
-        exception message
-
-        Args:
-            maj_code: the major code associated with this error
-            min_code: the minor code associated with this error
-            token: an error token associated with the error
-        """
-
-    def get_all_statuses(
-        self,
-        code: int,
-        is_maj: bool,
-    ) -> t.List[str]:
-        """
-        Retrieve all messages for a status code.
-
-        This method retrieves all human-readable messages
-        available for the given status code.
-
-        Args:
-            code: the status code in question
-            is_maj: whether this is a major status code (True)
-                or minor status code (False)
-
-        Returns:
-            [str]: A list of string messages associated with the
-                given code
-        """
-
-    def gen_message(self) -> str:
-        """
-        Retrieves all messages for this error's status codes
-
-        This method retrieves all messages for this error's status codes,
-        and forms them into a string for use as an exception message
-
-        Returns:
-            str: a string for use as this error's message
-        """
diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx
deleted file mode 100644
index 4179f642..00000000
--- a/gssapi/raw/misc.pyx
+++ /dev/null
@@ -1,220 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-import locale  # for decoding error messages
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_create_oid_set
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.types import MechType
-
-
-cdef extern from "python_gssapi.h":
-    OM_uint32 gss_display_status(OM_uint32 *minor_status,
-                                 OM_uint32 status_value,
-                                 int status_type,
-                                 const gss_OID mech_type,
-                                 OM_uint32 *message_context,
-                                 gss_buffer_t status_string)
-
-    OM_uint32 gss_indicate_mechs(OM_uint32 *minor_status,
-                                 gss_OID_set *mech_set)
-
-    OM_uint32 gss_inquire_names_for_mech(OM_uint32 *minor_status,
-                                         const gss_OID mech_type,
-                                         gss_OID_set *name_types)
-
-    OM_uint32 gss_inquire_mechs_for_name(OM_uint32 *minor_status,
-                                         const gss_name_t input_name,
-                                         gss_OID_set *mech_types)
-
-
-def indicate_mechs():
-    cdef gss_OID_set mech_set
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_indicate_mechs(&min_stat, &mech_set)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return c_create_oid_set(mech_set)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_names_for_mech(OID mech not None):
-    cdef gss_OID_set name_types
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_inquire_names_for_mech(&min_stat, &mech.raw_oid,
-                                          &name_types)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return c_create_oid_set(name_types)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def inquire_mechs_for_name(Name name not None):
-    cdef gss_OID_set mech_types
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_inquire_mechs_for_name(&min_stat, name.raw_name,
-                                          &mech_types)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return c_create_oid_set(mech_types)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def _display_status(unsigned int error_code, bint is_major_code,
-                    OID mech=None, unsigned int message_context=0):
-    cdef int status_type
-    cdef gss_OID c_mech_type
-
-    if is_major_code:
-        status_type = GSS_C_GSS_CODE
-    else:
-        status_type = GSS_C_MECH_CODE
-
-    if mech is None:
-        c_mech_type = GSS_C_NO_OID
-    else:
-        c_mech_type = &mech.raw_oid
-
-    cdef OM_uint32 maj_stat
-    cdef OM_uint32 min_stat
-    cdef OM_uint32 msg_ctx_out = message_context
-    cdef gss_buffer_desc msg_buff
-
-    maj_stat = gss_display_status(&min_stat, error_code, status_type,
-                                  c_mech_type, &msg_ctx_out, &msg_buff)
-
-    if maj_stat == GSS_S_COMPLETE:
-        call_again = bool(msg_ctx_out)
-        msg_out = (msg_buff.value)[:msg_buff.length]
-        gss_release_buffer(&min_stat, &msg_buff)
-        return (msg_out, msg_ctx_out, call_again)
-    else:
-        # This hides whatever error gss_display_status is complaining about,
-        # but obviates infinite recursion into stack exhaustion.  The
-        # exception raised here is handled by get_all_statuses(), which prints
-        # the code.
-        raise ValueError("gss_display_status call returned failure "
-                         "(major {0}, minor {1}).".format(maj_stat, min_stat))
-
-
-class GSSErrorRegistry(type):
-    __registry = {}
-
-    def __init__(cls, name, bases, attributes):
-        calling_code = getattr(cls, 'CALLING_CODE', None)
-        routine_code = getattr(cls, 'ROUTINE_CODE', None)
-        supplementary_code = getattr(cls, 'SUPPLEMENTARY_CODE', None)
-
-        # NB(directxman12): we ignore minor code since it's mech-specific
-
-        if any([calling_code, routine_code, supplementary_code]):
-            if calling_code not in cls.__registry:
-                cls.__registry[calling_code] = {}
-
-            call_reg = cls.__registry[calling_code]
-
-            if routine_code not in call_reg:
-                call_reg[routine_code] = {}
-
-            routine_reg = call_reg[routine_code]
-
-            routine_reg[supplementary_code] = cls
-
-    @staticmethod
-    def __get_registry(code, parent_reg):
-        return parent_reg.get(code, parent_reg.get(None, {}))
-
-    def __find_error(cls, maj_code):
-        codes = cls._parse_major_code(maj_code)
-        calling_code, routine_code, suppl_code = codes
-
-        call_reg = cls.__get_registry(calling_code, cls.__registry)
-        routine_reg = cls.__get_registry(routine_code, call_reg)
-
-        return routine_reg.get(suppl_code, routine_reg.get(None, None))
-
-    def __call__(cls, maj_code, min_code, *args, **kwargs):
-        new_cls = cls.__find_error(maj_code) or cls
-
-        return super(GSSErrorRegistry, new_cls).__call__(maj_code, min_code,
-                                                         *args, **kwargs)
-
-
-# NB(directxman12): this needs to be here (and not in another file)
-#                   so that display_status can use it
-class GSSError(Exception, metaclass=GSSErrorRegistry):
-
-    MESSAGE = u"Major ({maj_stat}): {maj_str}, Minor ({min_stat}): {min_str}"
-
-    @classmethod
-    def _parse_major_code(cls, maj_code):
-        # major status codes consist of
-        # calling error | routine error | supplementary info
-        # in non-overlapping bits
-
-        calling_code = GSS_CALLING_ERROR(maj_code) or None
-        routine_code = GSS_ROUTINE_ERROR(maj_code) or None
-        supplementary_code = GSS_SUPPLEMENTARY_INFO(maj_code) or None
-
-        return (calling_code, routine_code, supplementary_code)
-
-    def __init__(self, maj_code, min_code, token=None):
-        self.maj_code = maj_code
-        self.min_code = min_code
-
-        self.token = token
-
-        split_codes = self._parse_major_code(maj_code)
-        self.calling_code = split_codes[0]
-        self.routine_code = split_codes[1]
-        self.supplementary_code = split_codes[2]
-
-        super(GSSError, self).__init__(self.gen_message())
-
-    def get_all_statuses(self, code, is_maj):
-        try:
-            msg_encoding = locale.getlocale(locale.LC_MESSAGES)[1] or 'UTF-8'
-        except AttributeError:  # Windows doesn't have LC_MESSAGES
-            msg_encoding = 'UTF-8'
-
-        res = []
-        try:
-            msg, ctx, cont = _display_status(code, is_maj)
-            res.append(msg.decode(msg_encoding))
-        except ValueError as e:
-            res.append(u'{0}  Decoding code: {1}'.format(e, code))
-            cont = False
-
-        while cont:
-            try:
-                msg, ctx, cont = _display_status(code, is_maj,
-                                                 message_context=ctx)
-                res.append(msg.decode(msg_encoding))
-            except ValueError as e:
-                res.append(u'{0}  Decoding code: {1}'.format(e, code))
-                cont = False
-
-        return res
-
-    def gen_message(self):
-        maj_statuses = self.get_all_statuses(self.maj_code, True)
-        min_statuses = self.get_all_statuses(self.min_code, False)
-
-        maj_str = u' -- '.join(maj_statuses)
-        min_str = u' -- '.join(min_statuses)
-
-        return self.MESSAGE.format(maj_stat=self.maj_code,
-                                   maj_str=maj_str,
-                                   min_stat=self.min_code,
-                                   min_str=min_str)
diff --git a/gssapi/raw/named_tuples.py b/gssapi/raw/named_tuples.py
deleted file mode 100644
index 4eda145c..00000000
--- a/gssapi/raw/named_tuples.py
+++ /dev/null
@@ -1,223 +0,0 @@
-from typing import List, NamedTuple, Optional, Set, TYPE_CHECKING
-
-from gssapi.raw.oids import OID
-from gssapi.raw.types import RequirementFlag
-
-if TYPE_CHECKING:
-    import gssapi
-
-
-class AcquireCredResult(NamedTuple):
-    """Credential result when acquiring a GSSAPI credential."""
-    #: GSSAPI credentials that were acquired
-    creds: "gssapi.raw.creds.Creds"
-    #: Set of mechs the cred is for
-    mechs: Set[OID]
-    #: Number of seconds for which the cred will remain valid
-    lifetime: int
-
-
-class InquireCredResult(NamedTuple):
-    """Information about the credential."""
-    #: The principal associated with the credential
-    name: Optional["gssapi.raw.names.Name"]
-    #: Number of seconds which the cred is valid for
-    lifetime: Optional[int]
-    #: How the credential can be used
-    usage: Optional[str]
-    #: Set of mechs the cred is for
-    mechs: Optional[Set[OID]]
-
-
-class InquireCredByMechResult(NamedTuple):
-    """Information about the credential for a specific mechanism."""
-    #: The principal associated with the credential
-    name: Optional["gssapi.raw.names.Name"]
-    #: Time valid for initiation, in seconds
-    init_lifetime: Optional[int]
-    #: Time valid for accepting, in seconds
-    accept_lifetime: Optional[int]
-    #: How the credential can be used
-    usage: Optional[str]
-
-
-class AddCredResult(NamedTuple):
-    """Result of adding to a GSSAPI credential."""
-    #: The credential that was generated
-    creds: Optional["gssapi.raw.creds.Creds"]
-    #: Set of mechs the cred is for
-    mechs: Set[OID]
-    #: Time valid for initiation, in seconds
-    init_lifetime: int
-    #: Time valid for accepting, in seconds
-    accept_lifetime: int
-
-
-class DisplayNameResult(NamedTuple):
-    """Textual representation of a GSSAPI name."""
-    #: The representation of the GSSAPI name
-    name: bytes
-    #: The type of GSSAPI name
-    name_type: Optional[OID]
-
-
-class WrapResult(NamedTuple):
-    """Wrapped message result."""
-    #: The wrapped message
-    message: bytes
-    #: Whether the message is encrypted and not just signed
-    encrypted: bool
-
-
-class UnwrapResult(NamedTuple):
-    """Unwrapped message result."""
-    #: The unwrapped message
-    message: bytes
-    #: Whether the message was encrypted and not just signed
-    encrypted: bool
-    #: The quality of protection applied to the message
-    qop: int
-
-
-class AcceptSecContextResult(NamedTuple):
-    """Result when accepting a security context by an initiator."""
-    #: The acceptor security context
-    context: "gssapi.raw.sec_contexts.SecurityContext"
-    #: The authenticated name of the initiator
-    initiator_name: "gssapi.raw.names.Name"
-    #: Mechanism with which the context was established
-    mech: OID
-    #: Token to be returned to the initiator
-    token: Optional[bytes]
-    #: Services requested by the initiator
-    flags: RequirementFlag
-    #: Seconds for which the context is valid for
-    lifetime: int
-    #: Delegated credentials
-    delegated_creds: Optional["gssapi.raw.creds.Creds"]
-    #: More input is required to complete the exchange
-    more_steps: bool
-
-
-class InitSecContextResult(NamedTuple):
-    """Result when initiating a security context"""
-    #: The initiator security context
-    context: "gssapi.raw.sec_contexts.SecurityContext"
-    #: Mechanism used in the security context
-    mech: OID
-    #: Services available for the context
-    flags: RequirementFlag
-    #: Token to be sent to the acceptor
-    token: Optional[bytes]
-    #: Seconds for which the context is valid for
-    lifetime: int
-    #: More input is required to complete the exchange
-    more_steps: bool
-
-
-class InquireContextResult(NamedTuple):
-    """Information about the security context."""
-    #: Name of the initiator
-    initiator_name: Optional["gssapi.raw.names.Name"]
-    #: Name of the acceptor
-    target_name: Optional["gssapi.raw.names.Name"]
-    #: Time valid for the security context, in seconds
-    lifetime: Optional[int]
-    #: Mech used to create the security context
-    mech: Optional[OID]
-    #: Services available for the context
-    flags: Optional[RequirementFlag]
-    #: Context was initiated locally
-    locally_init: Optional[bool]
-    #: Context has been established and ready to use
-    complete: Optional[bool]
-
-
-class StoreCredResult(NamedTuple):
-    """Result of the credential storing operation."""
-    #: Mechs that were stored in the credential store
-    mechs: List[OID]
-    #: How the credential can be used
-    usage: str
-
-
-class IOVUnwrapResult(NamedTuple):
-    """Unwrapped IOV message result."""
-    #: Whether the message was encrypted and not just signed
-    encrypted: bool
-    #: The quality of protection applied to the message
-    qop: int
-
-
-class InquireNameResult(NamedTuple):
-    """Information about a GSSAPI Name."""
-    #: Set of attribute names
-    attrs: List[bytes]
-    #: Name is a mechanism name
-    is_mech_name: bool
-    #: The mechanism if is_name_mech is True
-    mech: OID
-
-
-class GetNameAttributeResult(NamedTuple):
-    """GSSAPI Name attribute values."""
-    #: Raw values
-    values: List[bytes]
-    #: Human-readable values
-    display_values: List[bytes]
-    #: Attribute has been authenticated
-    authenticated: bool
-    #: Attribute value is marked as complete
-    complete: bool
-
-
-class InquireAttrsResult(NamedTuple):
-    """Set of attributes supported and known by a mechanism."""
-    #: The mechanisms attributes
-    mech_attrs: Set[OID]
-    #: Known attributes of the mechanism
-    known_mech_attrs: Set[OID]
-
-
-class DisplayAttrResult(NamedTuple):
-    """Information about an attribute."""
-    #: The mechanism name
-    name: bytes
-    #: Short description of the mechanism
-    short_desc: bytes
-    #: Long description of the mechanism
-    long_desc: bytes
-
-
-class InquireSASLNameResult(NamedTuple):
-    """SASL informmation about a GSSAPI Name."""
-    #: The SASL name
-    sasl_mech_name: bytes
-    #: The mechanism name
-    mech_name: bytes
-    #: The mechanism description
-    mech_description: bytes
-
-
-class Rfc1964KeyData(NamedTuple):
-    """Security context key data based on RFC1964."""
-    #: Signing algorithm identifier
-    sign_alg: int
-    #: Sealing algorithm identifier
-    seal_alg: int
-    #: Key encryption type identifier
-    key_type: int
-    #: Encryption key data
-    key: bytes
-
-
-class CfxKeyData(NamedTuple):
-    """Securty context key data."""
-    #: Context key encryption type identifier
-    ctx_key_type: int
-    #: Context key data - session or sub-session key
-    ctx_key: bytes
-    #: Acceptor key enc type identifier
-    acceptor_subkey_type: Optional[int]
-    #: Acceptor key data
-    acceptor_subkey: Optional[bytes]
diff --git a/gssapi/raw/names.pxd b/gssapi/raw/names.pxd
deleted file mode 100644
index 02cfa9ae..00000000
--- a/gssapi/raw/names.pxd
+++ /dev/null
@@ -1,5 +0,0 @@
-from gssapi.raw.cython_types cimport gss_name_t
-
-cdef class Name:
-    cdef gss_name_t raw_name
-    cdef bint _free_on_dealloc
diff --git a/gssapi/raw/names.pyi b/gssapi/raw/names.pyi
deleted file mode 100644
index 85d91611..00000000
--- a/gssapi/raw/names.pyi
+++ /dev/null
@@ -1,170 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.named_tuples import DisplayNameResult
-    from gssapi.raw.oids import OID
-
-class Name:
-    """
-    A GSSAPI Name
-    """
-
-    def __new__(
-        cls,
-        cpy: t.Optional["Name"] = None,
-    ) -> "Name": ...
-
-
-def import_name(
-    name: bytes,
-    name_type: t.Optional["OID"] = None,
-) -> Name:
-    """Convert a string and a name type into a GSSAPI name.
-
-    This method takes a string name and a name type and converts
-    them into a GSSAPI :class:`Name`.
-
-    Args:
-        name (~gssapi.raw.names.Name): the string version of the name
-        name_type (~gssapi.raw.types.MechType): the type of this name
-
-    Returns:
-        Name: the GSSAPI version of the name
-
-    Raises:
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-        ~gssapi.exceptions.BadMechanismError
-    """
-
-
-def display_name(
-    name: Name,
-    name_type: bool = True,
-) -> "DisplayNameResult":
-    """Convert a GSSAPI name into its components.
-
-    This method converts a GSSAPI :class:`Name` back into its
-    text form.  If ``name_type`` is True, it also attempts to
-    retrieve the :class:`~gssapi.raw.types.NameType` of the name (otherwise the
-    returned name type will be ``None``).
-
-    Args:
-        name (~gssapi.raw.names.Name): the name in question
-        name_type (~gssapi.raw.types.MechType): whether or not to retrieve the
-            name type
-
-    Returns:
-        DisplayNameResult: the text part of the name and its type
-
-    Raises:
-        ~gssapi.exceptions.BadNameError
-    """
-
-
-def compare_name(
-    name1: Name,
-    name2: Name,
-) -> bool:
-    """Check two GSSAPI names to see if they are the same.
-
-    This method compares two GSSAPI names, checking to
-    see if they are equivalent.
-
-    Args:
-        name1 (~gssapi.raw.names.Name): the first name to compare
-        name2 (~gssapi.raw.names.Name): the second name to compare
-
-    Returns:
-        bool: whether or not the names are equal
-
-    Raises:
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-    """
-
-
-def export_name(
-    name: Name,
-) -> bytes:
-    """Export a GSSAPI name.
-
-    This method "produces a canonical contigous string representation
-    of a mechanism name, suitable for direct comparison for use in
-    authorization functions".
-
-    The input name must be a valid GSSAPI mechanism name, as generated by
-    :func:`canonicalize_name` or
-    :func:`~gssapi.raw.sec_contexts.accept_sec_context`.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to export
-
-    Returns:
-        bytes: the exported name
-
-    Raises:
-        ~gssapi.exceptions.MechanismNameRequiredError
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-    """
-
-
-def canonicalize_name(
-    name: Name,
-    mech: "OID",
-) -> Name:
-    """Canonicalize an arbitrary GSSAPI Name into a Mechanism Name
-
-    This method turns any GSSAPI name into a "mechanism name" --
-    a full form name specific to a mechanism.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to canonicalize
-        mech (~gssapi.raw.types.MechType): the mechanism type to use to
-            canonicalize the name
-
-    Returns:
-        Name: a canonicalized version of the input name
-
-    Raises:
-        ~gssapi.exceptions.BadMechanismError
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-    """
-
-
-def duplicate_name(
-    name: Name,
-) -> Name:
-    """Duplicate a GSSAPI name.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name to duplicate
-
-    Returns:
-        Name: a duplicate of the input name
-
-    Raises:
-        ~gssapi.exceptions.BadNameError
-    """
-
-
-def release_name(
-    name: Name,
-) -> None:
-    """Release a GSSAPI name.
-
-    This method frees a GSSAPI :class:`Name`.
-    You probably won't have to do this.
-
-    Warning:
-        This method is deprecated.  Names are
-        automatically freed by Python.
-
-    Args:
-        name (~gssapi.raw.names.Name): the name in question
-
-    Raises:
-        ~gssapi.exceptions.BadNameError
-    """
diff --git a/gssapi/raw/names.pyx b/gssapi/raw/names.pyx
deleted file mode 100644
index f4d22bef..00000000
--- a/gssapi/raw/names.pyx
+++ /dev/null
@@ -1,204 +0,0 @@
-GSSAPI="BASE"  # this ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import DisplayNameResult
-
-
-cdef extern from "python_gssapi.h":
-    OM_uint32 gss_import_name(OM_uint32 *min_stat,
-                              const gss_buffer_t input_buffer,
-                              const gss_OID name_type,
-                              gss_name_t *output_name) nogil
-
-    OM_uint32 gss_display_name(OM_uint32 *min_stat,
-                               const gss_name_t name,
-                               gss_buffer_t output_buffer,
-                               gss_OID *output_name_type) nogil
-
-    OM_uint32 gss_compare_name(OM_uint32 *min_stat,
-                               const gss_name_t name1,
-                               const gss_name_t name2,
-                               int *is_equal) nogil
-
-    OM_uint32 gss_export_name(OM_uint32 *min_stat,
-                              const gss_name_t name,
-                              gss_buffer_t output_buffer) nogil
-
-    OM_uint32 gss_canonicalize_name(OM_uint32 *min_stat,
-                                    const gss_name_t input_name,
-                                    const gss_OID mech_type,
-                                    gss_name_t *output_name) nogil
-
-    OM_uint32 gss_duplicate_name(OM_uint32 *min_stat,
-                                 const gss_name_t input_name,
-                                 gss_name_t *output_name) nogil
-
-    OM_uint32 gss_release_name(OM_uint32 *min_stat,
-                               gss_name_t *name) nogil
-
-
-cdef class Name:
-    # defined in pxd
-    # cdef gss_name_t raw_name
-
-    def __cinit__(self, Name cpy=None):
-        if cpy is not None:
-            self.raw_name = cpy.raw_name
-            cpy.raw_name = GSS_C_NO_NAME
-        else:
-            self.raw_name = GSS_C_NO_NAME
-
-    def __dealloc__(self):
-        # essentially just releaseName(self), but it is unsafe to call
-        # methods
-        cdef OM_uint32 maj_stat, min_stat
-        if self.raw_name is not GSS_C_NO_NAME:
-            maj_stat = gss_release_name(&min_stat, &self.raw_name)
-            if maj_stat != GSS_S_COMPLETE:
-                raise GSSError(maj_stat, min_stat)
-            self.raw_name = NULL
-
-
-def import_name(name not None, OID name_type=None):
-    cdef gss_OID nt
-    if name_type is None:
-        nt = GSS_C_NO_OID
-    else:
-        nt = &name_type.raw_oid
-
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc name_buffer = gss_buffer_desc(0, NULL)
-    name_buffer.length = len(name)
-    name_buffer.value = name
-
-    cdef gss_name_t output_name
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_import_name(&min_stat, &name_buffer,
-                                   nt, &output_name)
-
-    cdef Name on = Name()
-    if maj_stat == GSS_S_COMPLETE:
-        on.raw_name = output_name
-        return on
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def display_name(Name name not None, name_type=True):
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_buffer = gss_buffer_desc(0, NULL)
-
-    cdef gss_OID output_name_type
-    cdef gss_OID *output_name_type_ptr
-    if name_type:
-        output_name_type_ptr = &output_name_type
-    else:
-        output_name_type_ptr = NULL
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_display_name(&min_stat, name.raw_name,
-                                &output_buffer, output_name_type_ptr)
-
-    cdef OID py_name_type
-    if maj_stat == GSS_S_COMPLETE:
-        text = (output_buffer.value)[:output_buffer.length]
-        gss_release_buffer(&min_stat, &output_buffer)
-        if name_type:
-            if output_name_type == GSS_C_NO_OID:
-                # whoops, an implementation was being lazy...
-                py_name_type = None
-            else:
-                py_name_type = OID()
-                py_name_type.raw_oid = output_name_type[0]
-        else:
-            py_name_type = None
-
-        return DisplayNameResult(text, py_name_type)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def compare_name(Name name1=None, Name name2=None):
-    # check for either value being None
-    if name1 is None and name2 is None:
-        return True
-    elif name1 is None or name2 is None:
-        return False
-
-    cdef int is_equal
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_compare_name(&min_stat, name1.raw_name,
-                                name2.raw_name, &is_equal)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return is_equal
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def export_name(Name name not None):
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc exported_name = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_export_name(&min_stat, name.raw_name, &exported_name)
-
-    if maj_stat == GSS_S_COMPLETE:
-        # force conversion to a python string with the specified length
-        # (we use the slice to tell cython that we know the length already)
-        res = (exported_name.value)[:exported_name.length]
-        gss_release_buffer(&min_stat, &exported_name)
-        return res
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def canonicalize_name(Name name not None, OID mech not None):
-    cdef gss_name_t canonicalized_name
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_canonicalize_name(&min_stat, name.raw_name,
-                                         &mech.raw_oid,
-                                         &canonicalized_name)
-
-    cdef Name cn = Name()
-    if maj_stat == GSS_S_COMPLETE:
-        cn.raw_name = canonicalized_name
-        return cn
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def duplicate_name(Name name not None):
-    cdef gss_name_t new_name
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_duplicate_name(&min_stat, name.raw_name, &new_name)
-
-    cdef Name on = Name()
-    if maj_stat == GSS_S_COMPLETE:
-        on.raw_name = new_name
-        return on
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def release_name(Name name not None):
-    cdef OM_uint32 maj_stat, min_stat
-    maj_stat = gss_release_name(&min_stat, &name.raw_name)
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-    name.raw_name = NULL
diff --git a/gssapi/raw/oids.pxd b/gssapi/raw/oids.pxd
deleted file mode 100644
index 9c7f268c..00000000
--- a/gssapi/raw/oids.pxd
+++ /dev/null
@@ -1,10 +0,0 @@
-from gssapi.raw.cython_types cimport gss_OID_desc
-
-
-cdef class OID:
-    # NB(directxman12): this is a pointer, not a gss_OID_desc
-    cdef gss_OID_desc raw_oid
-    cdef bint _free_on_dealloc
-
-    cdef int _copy_from(OID self, gss_OID_desc base) except -1
-    cdef int _from_bytes(OID self, object elements) except -1
diff --git a/gssapi/raw/oids.pyi b/gssapi/raw/oids.pyi
deleted file mode 100644
index 7815601b..00000000
--- a/gssapi/raw/oids.pyi
+++ /dev/null
@@ -1,50 +0,0 @@
-import typing as t
-
-class OID:
-    """
-    A GSSAPI OID
-
-    A new OID may be created by passing the `elements` argument
-    to the constructor.  The `elements` argument should be a
-    :class:`bytes` consisting of the BER-encoded values in the OID.
-
-    To retrieve the underlying bytes, use the :class:`bytes`
-    function in Python 3.
-
-    This object is hashable, and may be compared using equality
-    operators.
-    """
-
-    def __new__(
-        cls,
-        cpy: t.Optional["OID"] = None,
-        elements: t.Optional[bytes] = None,
-    ) -> "OID": ...
-
-    @classmethod
-    def from_int_seq(
-        cls,
-        integer_sequence: t.Union[str, t.Iterable[int]],
-    ) -> "OID":
-        """Create a OID from a sequence of integers.
-
-        This method creates an OID from a sequence of integers.
-        The sequence can either be in dotted form as a string,
-        or in list form.
-
-        This method is not for BER-encoded byte strings, which
-        can be passed directly to the OID constructor.
-
-        Args:
-            integer_sequence: either a list of integers or
-                a string in dotted form
-
-        Returns:
-            OID: the OID represented by the given integer sequence
-
-        Raises:
-            ValueError: the sequence is less than two elements long
-        """
-
-    @property
-    def dotted_form(self) -> str: ...
diff --git a/gssapi/raw/oids.pyx b/gssapi/raw/oids.pyx
deleted file mode 100644
index aa0e17af..00000000
--- a/gssapi/raw/oids.pyx
+++ /dev/null
@@ -1,133 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from libc.string cimport memcmp, memcpy
-from libc.stdlib cimport free, malloc
-
-from gssapi.raw.cython_types cimport gss_OID
-
-cdef inline bint c_compare_oids(gss_OID a, gss_OID b):
-    return (a.length == b.length and not
-            memcmp(a.elements, b.elements, a.length))
-
-
-cdef class OID:
-    # defined in pxd
-    # cdef gss_OID_desc raw_oid = NULL
-    # cdef bint _free_on_dealloc = NULL
-
-    def __cinit__(OID self, OID cpy=None, elements=None):
-        """
-        Note: cpy is named such for historical reasons. To perform a deep
-        copy, specify the elements parameter; this will copy the value of the
-        OID. To perform a shallow copy and take ownership of an existing OID,
-        use the cpy (default) argument.
-        """
-        if cpy is not None and elements is not None:
-            raise TypeError("Cannot instantiate a OID from both a copy and "
-                            " a new set of elements")
-        if cpy is not None:
-            self.raw_oid = cpy.raw_oid
-            # take ownership of this OID (for dynamic cases)
-            self._free_on_dealloc = cpy._free_on_dealloc
-            cpy._free_on_dealloc = False
-
-        if elements is None:
-            self._free_on_dealloc = False
-        else:
-            self._from_bytes(elements)
-
-    cdef int _copy_from(OID self, gss_OID_desc base) except -1:
-        self.raw_oid.length = base.length
-        self.raw_oid.elements = malloc(self.raw_oid.length)
-        if self.raw_oid.elements is NULL:
-            raise MemoryError("Could not allocate memory for OID elements!")
-        memcpy(self.raw_oid.elements, base.elements, self.raw_oid.length)
-        self._free_on_dealloc = True
-        return 0
-
-    cdef int _from_bytes(OID self, object base) except -1:
-        base_bytes = bytes(base)
-        cdef char* byte_str = base_bytes
-
-        self.raw_oid.length = len(base_bytes)
-        self.raw_oid.elements = malloc(self.raw_oid.length)
-        if self.raw_oid.elements is NULL:
-            raise MemoryError("Could not allocate memory for OID elements!")
-        self._free_on_dealloc = True
-        memcpy(self.raw_oid.elements, byte_str, self.raw_oid.length)
-        return 0
-
-    @classmethod
-    def from_int_seq(cls, integer_sequence):
-        if isinstance(integer_sequence, str):
-            integer_sequence = integer_sequence.split('.')
-
-        oid_seq = [int(x) for x in integer_sequence]
-
-        elements = cls._encode_asn1ber(oid_seq)
-
-        return cls(elements=elements)
-
-    @staticmethod
-    def _encode_asn1ber(oid_seq):
-        if len(oid_seq) < 2:
-            raise ValueError("Sequence must be 2 or more elements long.")
-
-        byte_seq = bytearray([oid_seq[0] * 40 + oid_seq[1]])
-        for element in oid_seq[2:]:
-            element_seq = [element & 0x7f]
-
-            while element > 127:
-                element >>= 7
-                element_seq.insert(0, (element & 0x7f) | 0x80)
-
-            byte_seq.extend(element_seq)
-
-        return bytes(byte_seq)
-
-    def __dealloc__(self):
-        # NB(directxman12): MIT Kerberos has gss_release_oid
-        #                   for this purpose, but it's not in the RFC
-        if self._free_on_dealloc:
-            free(self.raw_oid.elements)
-
-    def __bytes__(self):
-        return (self.raw_oid.elements)[:self.raw_oid.length]
-
-    def _decode_asn1ber(self):
-        ber_encoding = self.__bytes__()
-
-        decoded = [ber_encoding[0] // 40, ber_encoding[0] % 40]
-        pos = 1
-        value = 0
-        while pos < len(ber_encoding):
-            byte = ber_encoding[pos]
-            if byte & 0x80:
-                # This is one of the leading bytes
-                value <<= 7
-                value += ((byte & 0x7f) * 128)
-            else:
-                # This is the last byte of this value
-                value += (byte & 0x7f)
-                decoded.append(value)
-                value = 0
-            pos += 1
-        return decoded
-
-    @property
-    def dotted_form(self):
-        return '.'.join(str(x) for x in self._decode_asn1ber())
-
-    def __repr__(self):
-        return "".format(self.dotted_form)
-
-    def __hash__(self):
-        return hash(self.__bytes__())
-
-    def __richcmp__(OID self, OID other, op):
-        if op == 2:  # ==
-            return c_compare_oids(&self.raw_oid, &other.raw_oid)
-        elif op == 3:  # !=
-            return not c_compare_oids(&self.raw_oid, &other.raw_oid)
-        else:
-            return NotImplemented
diff --git a/gssapi/raw/python_gssapi.h b/gssapi/raw/python_gssapi.h
deleted file mode 100644
index 94c5776c..00000000
--- a/gssapi/raw/python_gssapi.h
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifdef OSX_HAS_GSS_FRAMEWORK
-#include 
-#elif defined(__MINGW32__) && defined(__MSYS__)
-#include 
-#else
-#include 
-#endif
diff --git a/gssapi/raw/python_gssapi_ext.h b/gssapi/raw/python_gssapi_ext.h
deleted file mode 100644
index 11376d9a..00000000
--- a/gssapi/raw/python_gssapi_ext.h
+++ /dev/null
@@ -1,48 +0,0 @@
-#ifdef OSX_HAS_GSS_FRAMEWORK
-#include 
-
-/*
- * Starting in macOS 10.7, Apple's GSS defines these in
- * gssapi_private.h. However, that header isn't present on the host, so we
- * need to explicitly define them.  The originals can be found at:
- * https://opensource.apple.com/source/Heimdal/Heimdal-172.18/lib/gssapi/gssapi/gssapi_spi.h.auto.html
- */
-
-OM_uint32 __ApplePrivate_gss_unwrap_iov(OM_uint32 *minor_status,
-                                        gss_ctx_id_t context_handle,
-                                        int *conf_state, gss_qop_t *qop_state,
-                                        gss_iov_buffer_desc *iov,
-                                        int iov_count);
-
-OM_uint32 __ApplePrivate_gss_wrap_iov(OM_uint32 *minor_status,
-                                      gss_ctx_id_t context_handle,
-                                      int conf_req_flag, gss_qop_t qop_req,
-                                      int *conf_state,
-                                      gss_iov_buffer_desc *iov,
-                                      int iov_count);
-
-OM_uint32 __ApplePrivate_gss_wrap_iov_length(OM_uint32 *minor_status,
-                                             gss_ctx_id_t context_handle,
-                                             int conf_req_flag,
-                                             gss_qop_t qop_req,
-                                             int *conf_state,
-                                             gss_iov_buffer_desc *iov,
-                                             int iov_count);
-
-OM_uint32 __ApplePrivate_gss_release_iov_buffer(OM_uint32 *minor_status,
-                                                gss_iov_buffer_desc *iov,
-                                                int iov_count);
-
-#else /* !OSX_HAS_GSS_FRAMEWORK */
-
-#if defined(__MINGW32__) && defined(__MSYS__)
-#include 
-#else
-#ifdef HAS_GSSAPI_EXT_H
-#include 
-#else
-#include 
-#endif
-#endif
-
-#endif /* !OSX_HAS_GSS_FRAMEWORK */
diff --git a/gssapi/raw/python_gssapi_krb5.h b/gssapi/raw/python_gssapi_krb5.h
deleted file mode 100644
index 1ca45e01..00000000
--- a/gssapi/raw/python_gssapi_krb5.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifdef OSX_HAS_GSS_FRAMEWORK
-#include 
-
-/* These functions are "private" in macOS GSS. They need to be redeclared so
- * Cython can see them. */
-OM_uint32
-__ApplePrivate_gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor,
-                                                         gss_ctx_id_t context,
-                                                         void *authtime);
-
-OM_uint32 __ApplePrivate_gss_krb5_import_cred(OM_uint32 *minor_status,
-                                              void *id,
-                                              void *keytab_principal,
-                                              void *keytab,
-                                              gss_cred_id_t *cred);
-
-OM_uint32 __ApplePrivate_gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
-                                                gss_ctx_id_t context_handle,
-                                                void *tkt_flags);
-
-#elif defined(__MINGW32__) && defined(__MSYS__)
-#include 
-#else
-#include 
-#endif
diff --git a/gssapi/raw/sec_contexts.pxd b/gssapi/raw/sec_contexts.pxd
deleted file mode 100644
index b0514acb..00000000
--- a/gssapi/raw/sec_contexts.pxd
+++ /dev/null
@@ -1,5 +0,0 @@
-from gssapi.raw.cython_types cimport gss_ctx_id_t
-
-cdef class SecurityContext:
-    cdef gss_ctx_id_t raw_ctx
-    cdef bint _free_on_dealloc
diff --git a/gssapi/raw/sec_contexts.pyi b/gssapi/raw/sec_contexts.pyi
deleted file mode 100644
index 40022053..00000000
--- a/gssapi/raw/sec_contexts.pyi
+++ /dev/null
@@ -1,294 +0,0 @@
-import typing as t
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.chan_bindings import ChannelBindings
-    from gssapi.raw.creds import Creds
-    from gssapi.raw.named_tuples import (
-        AcceptSecContextResult,
-        InitSecContextResult,
-        InquireContextResult,
-    )
-    from gssapi.raw.names import Name
-    from gssapi.raw.oids import OID
-    from gssapi.raw.types import RequirementFlag
-
-class SecurityContext:
-    """
-    A GSSAPI Security Context
-    """
-
-    def __new__(
-        cls,
-        cpy: t.Optional["SecurityContext"] = None,
-    ) -> "SecurityContext": ...
-
-    @property
-    def _started(self) -> bool: ...
-
-
-def init_sec_context(
-    name: "Name",
-    creds: t.Optional["Creds"] = None,
-    context: t.Optional[SecurityContext] = None,
-    mech: t.Optional["OID"] = None,
-    flags: t.Optional[t.Union[
-        int, "RequirementFlag",
-        t.Iterable[int], t.Iterable["RequirementFlag"]
-    ]] = None,
-    lifetime: t.Optional[int] = None,
-    channel_bindings: t.Optional["ChannelBindings"] = None,
-    input_token: t.Optional[bytes] = None,
-) -> "InitSecContextResult":
-    """Initiate a GSSAPI security context.
-
-    This method initiates a GSSAPI security context, targeting the given
-    target name.  To create a basic context, just provide the target name.
-    Further calls used to update the context should pass in the output context
-    of the last call, as well as the input token received from the acceptor.
-
-    Warning:
-        This changes the input context!
-
-    Args:
-        target_name (~gssapi.raw.names.Name): the target for the security
-            context
-        creds (Creds): the credentials to use to initiate the context,
-            or None to use the default credentials
-        context (~gssapi.raw.sec_contexts.SecurityContext): the security
-            context to update, or None to create a new context
-        mech (~gssapi.raw.types.MechType): the mechanism type for this security
-            context, or None for the default mechanism type
-        flags (list): the flags to request for the security context, or
-            None to use the default set: mutual_authentication and
-            out_of_sequence_detection.  This may also be an
-            :class:`IntEnumFlagSet`
-        lifetime (int): the request lifetime of the security context in seconds
-            (a value of 0 or None means indefinite)
-        channel_bindings (ChannelBindings): The channel bindings (or None for
-            no channel bindings)
-        input_token (bytes): the token to use to update the security context,
-            or None if you are creating a new context
-
-    Returns:
-        InitSecContextResult: the output security context, the actual mech
-        type, the actual flags used, the output token to send to the acceptor,
-        the actual lifetime of the context in seconds (or None if not supported
-        or indefinite), and whether or not more calls are needed to finish the
-        initiation.
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.InvalidCredentialsError
-        ~gssapi.exceptions.MissingCredentialsError
-        ~gssapi.exceptions.ExpiredCredentialsError
-        ~gssapi.exceptions.BadChannelBindingsError
-        ~gssapi.exceptions.BadMICError
-        ~gssapi.exceptions.ExpiredTokenError
-        ~gssapi.exceptions.DuplicateTokenError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.BadNameTypeError
-        ~gssapi.exceptions.BadNameError
-        ~gssapi.exceptions.BadMechanismError
-    """
-
-
-def accept_sec_context(
-    input_token: bytes,
-    acceptor_creds: t.Optional["Creds"] = None,
-    context: t.Optional[SecurityContext] = None,
-    channel_bindings: t.Optional["ChannelBindings"] = None,
-) -> "AcceptSecContextResult":
-    """Accept a GSSAPI security context.
-
-    This method accepts a GSSAPI security context using a token sent by the
-    initiator, using the given credentials.  It can either be used to accept a
-    security context and create a new security context object, or to update an
-    existing security context object.
-
-    Warning:
-        This changes the input context!
-
-    Args:
-        input_token (bytes): the token sent by the context initiator
-        acceptor_creds (Creds): the credentials to be used to accept the
-            context (or None to use the default credentials)
-        context (~gssapi.raw.sec_contexts.SecurityContext): the security
-            context to update (or None to create a new security context object)
-        channel_bindings (ChannelBindings): The channel bindings (or None for
-            no channel bindings)
-
-    Returns:
-        AcceptSecContextResult: the resulting security context, the initiator
-        name, the mechanism being used, the output token, the flags in use,
-        the lifetime of the context in seconds (or None for indefinite or not
-        supported), the delegated credentials (valid only if the
-        delegate_to_peer flag is set), and whether or not further token
-        exchanges are needed to finalize the security context.
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.InvalidCredentialsError
-        ~gssapi.exceptions.MissingCredentialsError
-        ~gssapi.exceptions.ExpiredCredentialsError
-        ~gssapi.exceptions.BadChannelBindingsError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.BadMICError
-        ~gssapi.exceptions.ExpiredTokenError
-        ~gssapi.exceptions.DuplicateTokenError
-        ~gssapi.exceptions.BadMechanismError
-    """
-
-
-def inquire_context(
-    context: SecurityContext,
-    initiator_name: bool = True,
-    target_name: bool = True,
-    lifetime: bool = True,
-    mech: bool = True,
-    flags: bool = True,
-    locally_init: bool = True,
-    complete: bool = True,
-) -> "InquireContextResult":
-    """Get information about a security context.
-
-    This method obtains information about a security context, including
-    the initiator and target names, as well as the TTL, mech,
-    flags, and its current state (open vs closed).
-
-    Note:
-        the target name may be ``None`` if it would have been ``GSS_C_NO_NAME``
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the context in
-            question
-
-    Returns:
-        InquireContextResult: the initiator name, the target name, the TTL
-        (can be None for indefinite or not supported), the mech type, the
-        flags, whether or not the context was locally initiated,
-        and whether or not the context is currently fully established
-
-    Raises:
-        ~gssapi.exceptions.MissingContextError
-    """
-
-
-def context_time(
-    context: SecurityContext,
-) -> int:
-    """Get the amount of time for which the given context will remain valid.
-
-    This method determines the amount of time for which the given
-    security context will remain valid.  An expired context will
-    give a result of 0.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the security
-            context in question
-
-    Returns:
-        int: the number of seconds for which the context will be valid
-
-    Raises:
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-    """
-
-
-def process_context_token(
-    context: SecurityContext,
-    token: bytes,
-) -> None:
-    """Process a token asynchronously.
-
-    This method provides a way to process a token, even if the
-    given security context is not expecting one.  For example,
-    if the initiator has the initSecContext return that the context
-    is complete, but the acceptor is unable to accept the context,
-    and wishes to send a token to the initiator, letting the
-    initiator know of the error.
-
-    Warning:
-        This method has been essentially deprecated by :rfc:`2744`.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the security
-            context against which to process the token
-        token (bytes): the token to process
-
-    Raises:
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.MissingContextError
-    """
-
-
-def import_sec_context(
-    token: bytes,
-) -> SecurityContext:
-    """Import a context from another process.
-
-    This method imports a security context established in another process
-    by reading the specified token which was output by
-    :func:`export_sec_context`.
-
-    Raises:
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.InvalidTokenError
-        ~gssapi.exceptions.OperationUnavailableError
-        ~gssapi.exceptions.UnauthorizedError
-    """
-
-
-def export_sec_context(
-    context: SecurityContext,
-) -> bytes:
-    """Export a context for use in another process.
-
-    This method exports a security context, deactivating in the current process
-    and creating a token which can then be imported into another process
-    with :func:`import_sec_context`.
-
-    Warning: this modifies the input context
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the context to send
-            to another process
-
-    Returns:
-        bytes: the output token to be imported
-
-    Raises:
-        ~gssapi.exceptions.ExpiredContextError
-        ~gssapi.exceptions.MissingContextError
-        ~gssapi.exceptions.OperationUnavailableError
-    """
-
-
-def delete_sec_context(
-    context: SecurityContext,
-    local_only: bool = True,
-) -> bytes:
-    """Delete a GSSAPI security context.
-
-    This method deletes a GSSAPI security context,
-    returning an output token to send to the other
-    holder of the security context to notify them
-    of the deletion.
-
-    Note:
-        This method generally should not be used.  :class:`SecurityContext`
-        objects will automatically be freed by Python.
-
-    Args:
-        context (~gssapi.raw.sec_contexts.SecurityContext): the security
-            context in question
-        local_only (bool): should we request local deletion (True), or also
-            remote deletion (False), in which case a token is also returned
-
-    Returns:
-        bytes: the output token (if remote deletion is requested).  Generally
-            this is None, but bytes for compatibility.
-
-    Raises:
-        ~gssapi.exceptions.MissingContextError
-    """
diff --git a/gssapi/raw/sec_contexts.pyx b/gssapi/raw/sec_contexts.pyx
deleted file mode 100644
index d2c92051..00000000
--- a/gssapi/raw/sec_contexts.pyx
+++ /dev/null
@@ -1,443 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from libc.stdlib cimport free
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_py_ttl_to_c, c_c_ttl_to_py
-from gssapi.raw.creds cimport Creds
-from gssapi.raw.names cimport Name
-from gssapi.raw.oids cimport OID
-from gssapi.raw.chan_bindings cimport ChannelBindings
-
-from gssapi.raw.types import MechType, RequirementFlag, IntEnumFlagSet
-from gssapi.raw.misc import GSSError
-from gssapi.raw.named_tuples import AcceptSecContextResult
-from gssapi.raw.named_tuples import InitSecContextResult
-from gssapi.raw.named_tuples import InquireContextResult
-
-
-cdef extern from "python_gssapi.h":
-    OM_uint32 gss_init_sec_context(OM_uint32 *min_stat,
-                                   const gss_cred_id_t initiator_creds,
-                                   gss_ctx_id_t *context,
-                                   const gss_name_t target_name,
-                                   const gss_OID mech_type,
-                                   OM_uint32 flags,
-                                   OM_uint32 ttl,
-                                   const gss_channel_bindings_t chan_bdgs,
-                                   const gss_buffer_t input_token,
-                                   gss_OID *actual_mech_type,
-                                   gss_buffer_t output_token,
-                                   OM_uint32 *actual_flags,
-                                   OM_uint32 *actual_ttl) nogil
-
-    OM_uint32 gss_accept_sec_context(OM_uint32 *min_stat,
-                                     gss_ctx_id_t *context,
-                                     const gss_cred_id_t acceptor_creds,
-                                     const gss_buffer_t input_token,
-                                     const gss_channel_bindings_t chan_bdgs,
-                                     const gss_name_t *initiator_name,
-                                     gss_OID *mech_type,
-                                     gss_buffer_t output_token,
-                                     OM_uint32 *flags,
-                                     OM_uint32 *ttl,
-                                     gss_cred_id_t *delegated_creds) nogil
-
-    OM_uint32 gss_delete_sec_context(OM_uint32 *min_stat,
-                                     gss_ctx_id_t *context,
-                                     gss_buffer_t output_token) nogil
-
-    OM_uint32 gss_process_context_token(OM_uint32 *min_stat,
-                                        const gss_ctx_id_t context,
-                                        const gss_buffer_t token) nogil
-
-    OM_uint32 gss_context_time(OM_uint32 *min_stat,
-                               const gss_ctx_id_t context_handle,
-                               OM_uint32 *ttl) nogil
-
-    OM_uint32 gss_inquire_context(OM_uint32 *min_stat,
-                                  const gss_ctx_id_t context,
-                                  gss_name_t *initiator_name,
-                                  gss_name_t *target_name,
-                                  OM_uint32 *ttl,
-                                  gss_OID *mech_type,
-                                  OM_uint32 *ctx_flags,
-                                  int *locally_initiated,
-                                  int *is_open) nogil
-
-    OM_uint32 gss_export_sec_context(OM_uint32 *min_stat,
-                                     gss_ctx_id_t *context,
-                                     gss_buffer_t interprocess_token) nogil
-
-    OM_uint32 gss_import_sec_context(OM_uint32 *min_stat,
-                                     const gss_buffer_t interprocess_token,
-                                     gss_ctx_id_t *context) nogil
-
-
-cdef class SecurityContext:
-    # defined in pxd
-    # cdef gss_ctx_id_t raw_ctx
-
-    def __cinit__(self, SecurityContext cpy=None):
-        if cpy is not None:
-            self.raw_ctx = cpy.raw_ctx
-            cpy.raw_ctx = GSS_C_NO_CONTEXT
-        else:
-            self.raw_ctx = GSS_C_NO_CONTEXT
-
-    property _started:
-        """Whether the underlying context is NULL."""
-
-        def __get__(self):
-            return self.raw_ctx is not NULL
-
-    def __dealloc__(self):
-        # basically just deleteSecContext, but we are not
-        # allowed to call methods here
-        cdef OM_uint32 maj_stat, min_stat
-        if self.raw_ctx is not GSS_C_NO_CONTEXT:
-            # local deletion only
-            maj_stat = gss_delete_sec_context(&min_stat, &self.raw_ctx,
-                                              GSS_C_NO_BUFFER)
-            if maj_stat != GSS_S_COMPLETE:
-                raise GSSError(maj_stat, min_stat)
-
-            self.raw_ctx = NULL
-
-
-# TODO(directxman12): figure out whether GSS_C_NO_NAME can be passed in here
-def init_sec_context(Name target_name not None, Creds creds=None,
-                     SecurityContext context=None,
-                     OID mech=None,
-                     flags=None, lifetime=None,
-                     ChannelBindings channel_bindings=None,
-                     input_token=None):
-    cdef gss_OID mech_oid
-    if mech is not None:
-        mech_oid = &mech.raw_oid
-    else:
-        mech_oid = GSS_C_NO_OID
-
-    # TODO(directxman12): should we default to this?
-    cdef OM_uint32 req_flags = IntEnumFlagSet(RequirementFlag, flags or [
-        RequirementFlag.mutual_authentication,
-        RequirementFlag.out_of_sequence_detection])
-
-    cdef gss_channel_bindings_t bdng
-    if channel_bindings is not None:
-        bdng = channel_bindings.__cvalue__()
-    else:
-        bdng = GSS_C_NO_CHANNEL_BINDINGS
-
-    cdef gss_buffer_desc input_token_buffer = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 input_ttl = c_py_ttl_to_c(lifetime)
-
-    cdef SecurityContext output_context = context
-    if output_context is None:
-        output_context = SecurityContext()
-
-    cdef gss_cred_id_t act_cred
-    if creds is not None:
-        act_cred = creds.raw_creds
-    else:
-        act_cred = GSS_C_NO_CREDENTIAL
-
-    if input_token is not None:
-        input_token_buffer.value = input_token
-        input_token_buffer.length = len(input_token)
-
-    cdef gss_OID actual_mech_type = GSS_C_NO_OID
-    cdef gss_buffer_desc output_token_buffer = gss_buffer_desc(0, NULL)
-    cdef OM_uint32 ret_flags
-    cdef OM_uint32 output_ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_init_sec_context(&min_stat, act_cred,
-                                        &output_context.raw_ctx,
-                                        target_name.raw_name,
-                                        mech_oid, req_flags, input_ttl,
-                                        bdng, &input_token_buffer,
-                                        &actual_mech_type,
-                                        &output_token_buffer,
-                                        &ret_flags, &output_ttl)
-
-    output_token = None
-    if output_token_buffer.length:
-        output_token = \
-            (output_token_buffer.value)[:output_token_buffer.length]
-    cdef OM_uint32 tmp_min_stat
-    gss_release_buffer(&tmp_min_stat, &output_token_buffer)
-
-    if channel_bindings is not None:
-        free(bdng)
-
-    cdef OID output_mech_type = OID()
-    if maj_stat == GSS_S_COMPLETE or maj_stat == GSS_S_CONTINUE_NEEDED:
-        if actual_mech_type is not GSS_C_NO_OID:
-            output_mech_type.raw_oid = actual_mech_type[0]
-
-        return InitSecContextResult(output_context, output_mech_type,
-                                    IntEnumFlagSet(RequirementFlag, ret_flags),
-                                    output_token,
-                                    c_c_ttl_to_py(output_ttl),
-                                    maj_stat == GSS_S_CONTINUE_NEEDED)
-    else:
-        raise GSSError(maj_stat, min_stat, token=output_token)
-
-
-def accept_sec_context(input_token not None, Creds acceptor_creds=None,
-                       SecurityContext context=None,
-                       ChannelBindings channel_bindings=None):
-    cdef gss_channel_bindings_t bdng
-    if channel_bindings is not None:
-        bdng = channel_bindings.__cvalue__()
-    else:
-        bdng = GSS_C_NO_CHANNEL_BINDINGS
-
-    cdef gss_buffer_desc input_token_buffer = gss_buffer_desc(len(input_token),
-                                                              input_token)
-
-    cdef SecurityContext output_context = context
-    if output_context is None:
-        output_context = SecurityContext()
-
-    cdef gss_cred_id_t act_acceptor_cred
-    if acceptor_creds is not None:
-        act_acceptor_cred = acceptor_creds.raw_creds
-    else:
-        act_acceptor_cred = GSS_C_NO_CREDENTIAL
-
-    cdef gss_name_t initiator_name
-    cdef gss_OID mech_type
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_token_buffer = gss_buffer_desc(0, NULL)
-    cdef OM_uint32 ret_flags
-    cdef OM_uint32 output_ttl
-    cdef gss_cred_id_t delegated_cred
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_accept_sec_context(&min_stat, &output_context.raw_ctx,
-                                          act_acceptor_cred,
-                                          &input_token_buffer, bdng,
-                                          &initiator_name,
-                                          &mech_type, &output_token_buffer,
-                                          &ret_flags, &output_ttl,
-                                          &delegated_cred)
-
-    output_token = None
-    if output_token_buffer.length:
-        output_token = \
-            (output_token_buffer.value)[:output_token_buffer.length]
-    cdef OM_uint32 tmp_min_stat
-    gss_release_buffer(&tmp_min_stat, &output_token_buffer)
-
-    if channel_bindings is not None:
-        free(bdng)
-
-    cdef Name on = Name()
-    cdef Creds oc = None
-    cdef OID py_mech_type
-    if maj_stat == GSS_S_COMPLETE or maj_stat == GSS_S_CONTINUE_NEEDED:
-        if output_ttl == GSS_C_INDEFINITE:
-            output_ttl_py = None
-        else:
-            output_ttl_py = output_ttl
-
-        on.raw_name = initiator_name
-
-        if delegated_cred is not NULL:
-            oc = Creds()
-            oc.raw_creds = delegated_cred
-
-        if mech_type is not NULL:
-            py_mech_type = OID()
-            py_mech_type.raw_oid = mech_type[0]
-        else:
-            py_mech_type = None
-
-        return AcceptSecContextResult(output_context, on, py_mech_type,
-                                      output_token,
-                                      IntEnumFlagSet(RequirementFlag,
-                                                     ret_flags),
-                                      output_ttl_py, oc,
-                                      maj_stat == GSS_S_CONTINUE_NEEDED)
-    else:
-        raise GSSError(maj_stat, min_stat, token=output_token)
-
-
-def inquire_context(SecurityContext context not None, initiator_name=True,
-                    target_name=True, lifetime=True, mech=True,
-                    flags=True, locally_init=True, complete=True):
-    cdef gss_name_t output_init_name
-    cdef gss_name_t *init_name_ptr = NULL
-    if initiator_name:
-        init_name_ptr = &output_init_name
-
-    cdef gss_name_t output_target_name
-    cdef gss_name_t *target_name_ptr = NULL
-    if target_name:
-        target_name_ptr = &output_target_name
-
-    cdef OM_uint32 ttl
-    cdef OM_uint32 *ttl_ptr = NULL
-    if lifetime:
-        ttl_ptr = &ttl
-
-    cdef gss_OID output_mech_type
-    cdef gss_OID *mech_type_ptr = NULL
-    if mech:
-        mech_type_ptr = &output_mech_type
-
-    cdef OM_uint32 output_flags
-    cdef OM_uint32 *flags_ptr = NULL
-    if flags:
-        flags_ptr = &output_flags
-
-    cdef int output_locally_init
-    cdef int *locally_init_ptr = NULL
-    if locally_init:
-        locally_init_ptr = &output_locally_init
-
-    cdef int is_complete
-    cdef int *is_complete_ptr = NULL
-    if complete:
-        is_complete_ptr = &is_complete
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_inquire_context(&min_stat, context.raw_ctx, init_name_ptr,
-                                   target_name_ptr, ttl_ptr, mech_type_ptr,
-                                   flags_ptr, locally_init_ptr,
-                                   is_complete_ptr)
-
-    cdef Name sn
-    cdef OID py_mech_type
-    cdef Name tn
-    if maj_stat == GSS_S_COMPLETE:
-        if initiator_name:
-            sn = Name()
-            sn.raw_name = output_init_name
-        else:
-            sn = None
-
-        if target_name and output_target_name != GSS_C_NO_NAME:
-            tn = Name()
-            tn.raw_name = output_target_name
-        else:
-            tn = None
-
-        if mech:
-            py_mech_type = OID()
-            py_mech_type.raw_oid = output_mech_type[0]
-        else:
-            py_mech_type = None
-
-        if lifetime and ttl != GSS_C_INDEFINITE:
-            py_ttl = ttl
-        else:
-            py_ttl = None
-
-        if flags:
-            py_flags = IntEnumFlagSet(RequirementFlag, output_flags)
-        else:
-            py_flags = None
-
-        if locally_init:
-            py_locally_init = output_locally_init
-        else:
-            py_locally_init = None
-
-        if complete:
-            py_complete = is_complete
-        else:
-            py_complete = None
-
-        return InquireContextResult(sn, tn, py_ttl, py_mech_type, py_flags,
-                                    py_locally_init, py_complete)
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def context_time(SecurityContext context not None):
-    cdef OM_uint32 ttl
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    maj_stat = gss_context_time(&min_stat, context.raw_ctx, &ttl)
-
-    if maj_stat == GSS_S_COMPLETE:
-        return ttl
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def process_context_token(SecurityContext context not None, token):
-    cdef gss_buffer_desc token_buffer = gss_buffer_desc(len(token), token)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_process_context_token(&min_stat, context.raw_ctx,
-                                             &token_buffer)
-
-    if maj_stat != GSS_S_COMPLETE:
-        raise GSSError(maj_stat, min_stat)
-
-
-def import_sec_context(token not None):
-    cdef gss_buffer_desc token_buffer = gss_buffer_desc(len(token), token)
-
-    cdef gss_ctx_id_t ctx
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_import_sec_context(&min_stat, &token_buffer, &ctx)
-
-    if maj_stat == GSS_S_COMPLETE:
-        res = SecurityContext()
-        res.raw_ctx = ctx
-        return res
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def export_sec_context(SecurityContext context not None):
-    cdef gss_buffer_desc output_token = gss_buffer_desc(0, NULL)
-
-    cdef OM_uint32 maj_stat, min_stat
-
-    with nogil:
-        maj_stat = gss_export_sec_context(&min_stat, &context.raw_ctx,
-                                          &output_token)
-
-    if maj_stat == GSS_S_COMPLETE:
-        res_token = (output_token.value)[:output_token.length]
-        gss_release_buffer(&min_stat, &output_token)
-        return res_token
-    else:
-        raise GSSError(maj_stat, min_stat)
-
-
-def delete_sec_context(SecurityContext context not None, local_only=True):
-    cdef OM_uint32 maj_stat, min_stat
-    # GSS_C_EMPTY_BUFFER
-    cdef gss_buffer_desc output_token = gss_buffer_desc(0, NULL)
-    if not local_only:
-        maj_stat = gss_delete_sec_context(&min_stat, &context.raw_ctx,
-                                          &output_token)
-    else:
-        maj_stat = gss_delete_sec_context(&min_stat, &context.raw_ctx,
-                                          GSS_C_NO_BUFFER)
-
-    if maj_stat == GSS_S_COMPLETE:
-        res = (output_token.value)[:output_token.length]
-        context.raw_ctx = NULL
-        return res
-    else:
-        raise GSSError(maj_stat, min_stat)
diff --git a/gssapi/raw/types.pyi b/gssapi/raw/types.pyi
deleted file mode 100644
index 8d928664..00000000
--- a/gssapi/raw/types.pyi
+++ /dev/null
@@ -1,174 +0,0 @@
-import numbers
-import typing as t
-
-from collections.abc import MutableSet
-from enum import IntEnum
-
-if t.TYPE_CHECKING:
-    from gssapi.raw.oids import OID
-
-
-class NameType:
-    """
-    GSSAPI Name Types
-
-    This enum-like object represents GSSAPI name
-    types (to be used with :func:`~gssapi.raw.names.import_name`, etc)
-    """
-    #: GSS_C_NT_ANONYMOUS 1.3.6.1.5.6.3
-    anonymous: "OID" = ...
-    #: GSS_C_NT_EXPORT_NAME 1.3.6.1.5.6.4
-    export: "OID" = ...
-    #: GSS_C_NT_HOSTBASED_SERVICE 1.2.840.113554.1.2.1.4
-    hostbased_service: "OID" = ...
-    #: GSS_C_NT_MACHINE_UID_NAME 1.2.840.113554.1.2.1.2
-    machine_uid: "OID" = ...
-    #: GSS_C_NT_STRING_UID_NAME 1.2.840.113554.1.2.1.3
-    string_uid: "OID" = ...
-    #: GSS_C_NT_USER_NAME 1.2.840.113554.1.2.1.1
-    user: "OID" = ...
-
-    # Provided through optional extensions
-    #: GSS_C_NT_COMPOSITE_EXPORT 1.3.6.1.5.6.6
-    composite_export: "OID" = ...
-    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
-    kerberos_principal: "OID" = ...
-    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
-    krb5_nt_principal_name: "OID" = ...
-
-
-class RequirementFlag(IntEnum):
-    """
-    GSSAPI Requirement Flags
-
-    This :class:`~enum.IntEnum` represents flags used with the
-    :class:`~gssapi.raw.sec_contexts.SecurityContext`-related methods (e.g.
-    :func:`~gssapi.raw.sec_contexts.init_sec_context`)
-
-    The numbers behind the values correspond directly
-    to their C counterparts.
-    """
-    # Note the values are only set here for documentation and type hints
-    delegate_to_peer = 1 #: GSS_C_DELEG_FLAG
-    mutual_authentication = 2 #: GSS_C_MUTUAL_FLAG
-    replay_detection = 4 #: GSS_C_REPLAY_FLAG
-    out_of_sequence_detection = 8 #: GSS_C_SEQUENCE_FLAG
-    confidentiality = 16 #: GSS_C_CONF_FLAG
-    integrity = 32 #: GSS_C_INTEG_FLAG
-    anonymity = 64 #: GSS_C_ANON_FLAG
-    protection_ready = 128 #: GSS_C_PROT_READY_FLAG
-    transferable = 256 #: GSS_C_TRANS_FLAG
-    channel_bound = 2048 #: GSS_C_CHANNEL_BOUND_FLAG
-    dce_style = 4096 #: GSS_C_DCE_STYLE
-    identify = 8192 #: GSS_C_IDENTIFY_FLAG
-    extended_error = 16384 #: GSS_C_EXTENDED_ERROR_FLAG
-    ok_as_delegate = 32768 #: GSS_C_DELEG_POLICY_FLAG
-
-
-class AddressType(IntEnum):
-    """
-    GSSAPI Channel Bindings Address Types
-
-    This :class:`~enum.IntEnum` represents the various address
-    types used with the :class:`~gssapi.raw.chan_bindings.ChannelBindings`
-    structure.
-
-    The numbers behind the values correspond directly
-    to their C counterparts.  There is no value for
-    ``GSS_C_AF_UNSPEC``, since this is represented
-    by ``None``.
-    """
-    # Note the values are only set here for documentation and type hints
-    local = 1 #: GSS_C_AF_LOCAL
-    ip = 2 #: GSS_C_AF_INET
-    arpanet = 3 #: GSS_C_AF_IMPLINK
-    pup = 4 #: GSS_C_AF_PUP
-    chaos = 5 #: GSS_C_AF_CHAOS
-    xerox_ns = 6 #: GSS_C_AF_NS
-    nbs = 7 #: GSS_C_AF_NBS
-    ecma = 8 #: GSS_C_AF_ECMA
-    datakit = 9 #: GSS_C_AF_DATAKIT
-    ccitt = 10 #: GSS_C_AF_CCITT
-    ibm_sna = 11 #: GSS_C_AF_SNA
-    decnet = 12 #: GSS_C_AF_DECnet
-    dli = 13 #: GSS_C_AF_DLI
-    lat = 14 #: GSS_C_AF_LAT
-    hyperchannel = 15 #: GSS_C_AF_HYLINK
-    appletalk = 16 #: GSS_C_AF_APPLETALK
-    bisync = 17 #: GSS_C_AF_BSC
-    dss = 18 #: GSS_C_AF_DSS
-    osi_tp4 = 19 #: GSS_C_AF_OSI
-    x25 = 21 #: GSS_C_AF_X25
-    null = 255 #: GSS_C_AF_NULLADDR
-
-
-class MechType:
-    """
-    GSSAPI Mechanism Types
-
-    This enum-like object contains any mechanism :class:`~gssapi.raw.oids.OID`
-    values registered by imported mechanisms.
-    """
-    kerberos: "OID" #: gss_mech_krb5 1.2.840.113554.1.2.2
-
-
-class GenericFlagSet(MutableSet):
-    """A set backed by a 32-bit integer
-
-    This is a set backed by a 32 bit integer.
-    the members are integers where only one
-    bit is set.
-
-    The class supports normal set operations,
-    as well as traditional "flag set" operations,
-    such as bitwise AND, OR, and XOR.
-    """
-
-    MAX_VAL: int
-
-    def __init__(
-        self,
-        flags: t.Optional[
-            t.Union[GenericFlagSet, numbers.Integral, int]
-        ] = None,
-    ) -> None: ...
-
-    def __contains__(
-        self,
-        flag: object,
-    ) -> bool: ...
-
-    def __iter__(self) -> t.Iterator[int]: ...
-
-    def __len__(self) -> int: ...
-
-    def add(
-        self,
-        flag: int,
-    ) -> None: ...
-
-    def discard(
-        self,
-        flag: int,
-    ) -> None: ...
-
-
-class IntEnumFlagSet(GenericFlagSet):
-    """A set backed by a 32-bit integer with enum members
-
-    This class is a :class:`GenericFlagSet` where the returned
-    members are values in an :class:`~enum.IntEnum`.
-
-    It functions exactly like a `GenericFlagSet`, except that
-    it also supports bitwise operations with the enum values.
-    """
-
-    def __init__(
-        self,
-        enum: t.Type[IntEnum],
-        flags: t.Optional[
-            t.Union[GenericFlagSet, numbers.Integral, int]
-        ] = None,
-    ) -> None: ...
-
-    def __iter__(self) -> t.Iterator[IntEnum]: ...
diff --git a/gssapi/raw/types.pyx b/gssapi/raw/types.pyx
deleted file mode 100644
index 37697a13..00000000
--- a/gssapi/raw/types.pyx
+++ /dev/null
@@ -1,238 +0,0 @@
-GSSAPI="BASE"  # This ensures that a full module is generated by Cython
-
-from gssapi.raw.cython_types cimport *
-from gssapi.raw.cython_converters cimport c_make_oid
-from gssapi.raw.oids cimport OID
-
-from gssapi.raw._enum_extensions import ExtendableEnum
-
-from enum import IntEnum
-import collections
-import copy
-import numbers
-import operator
-
-from collections.abc import MutableSet
-
-
-class NameType(object):
-    # mech-agnostic name types
-    hostbased_service = c_make_oid(GSS_C_NT_HOSTBASED_SERVICE)
-    # NB(directxman12): skip GSS_C_NT_HOSTBASED_SERVICE_X since it's deprecated
-    user = c_make_oid(GSS_C_NT_USER_NAME)
-    anonymous = c_make_oid(GSS_C_NT_ANONYMOUS)
-    machine_uid = c_make_oid(GSS_C_NT_MACHINE_UID_NAME)
-    string_uid = c_make_oid(GSS_C_NT_STRING_UID_NAME)
-    export = c_make_oid(GSS_C_NT_EXPORT_NAME)
-
-    # mech-specific name types are added automatically on import
-
-
-class RequirementFlag(IntEnum, metaclass=ExtendableEnum):
-    delegate_to_peer = GSS_C_DELEG_FLAG
-    mutual_authentication = GSS_C_MUTUAL_FLAG
-    replay_detection = GSS_C_REPLAY_FLAG
-    out_of_sequence_detection = GSS_C_SEQUENCE_FLAG
-    confidentiality = GSS_C_CONF_FLAG
-    integrity = GSS_C_INTEG_FLAG
-    anonymity = GSS_C_ANON_FLAG
-    protection_ready = GSS_C_PROT_READY_FLAG
-    transferable = GSS_C_TRANS_FLAG
-
-    # GSS_C_DELEG_POLICY_FLAG.  cython can't do compile-time detection of
-    # this, so take the value from RFC 5896.  Implementations that don't
-    # support it will ignore it.
-    ok_as_delegate = 32768
-
-    # GSS_C_CHANNEL_BOUND_FLAG, implemented in MIT krb5-1.19
-    # See draft-ietf-kitten-channel-bound-flag-04
-    channel_bound = 2048
-
-
-class AddressType(IntEnum, metaclass=ExtendableEnum):
-    # unspecified = GSS_C_AF_UNSPEC  # None --> GSS_C_AF_UNSPEC
-    local = GSS_C_AF_LOCAL
-    ip = GSS_C_AF_INET
-    arpanet = GSS_C_AF_IMPLINK  # ARPAnet support, heh, heh
-    pup = GSS_C_AF_PUP
-    chaos = GSS_C_AF_CHAOS
-    xerox_ns = GSS_C_AF_NS  # and XEROX too?
-    nbs = GSS_C_AF_NBS
-    ecma = GSS_C_AF_ECMA
-    datakit = GSS_C_AF_DATAKIT
-    ccitt = GSS_C_AF_CCITT
-    ibm_sna = GSS_C_AF_SNA
-    decnet = GSS_C_AF_DECnet
-    dli = GSS_C_AF_DLI
-    lat = GSS_C_AF_LAT
-    hyperchannel = GSS_C_AF_HYLINK
-    appletalk = GSS_C_AF_APPLETALK  # this list just keeps getting better
-    bisync = GSS_C_AF_BSC
-    dss = GSS_C_AF_DSS
-    osi_tp4 = GSS_C_AF_OSI
-    x25 = GSS_C_AF_X25
-    null = GSS_C_AF_NULLADDR
-
-
-class MechType(object):
-    pass
-
-    # these are added in by the individual mechanism files on import
-
-
-class GenericFlagSet(MutableSet):
-
-    __slots__ = '_val'
-    MAX_VAL = 1 << 31
-
-    def __init__(self, flags=None):
-        self._val = 0
-        if isinstance(flags, GenericFlagSet):
-            self._val = flags._val
-        if isinstance(flags, numbers.Integral):
-            self._val = int(flags)
-        elif flags is not None:
-            for flag in flags:
-                self._val |= flag
-
-    def __contains__(self, flag):
-        return self._val & flag
-
-    def __iter__(self):
-        i = 1
-        while i < self.MAX_VAL:
-            if i & self._val:
-                yield i
-
-            i <<= 1
-
-    def __len__(self):
-        # get the Hamming weight of _val
-        cdef unsigned int size = 0
-        cdef unsigned int i = 1
-        while i < self.MAX_VAL:
-            if i & self._val:
-                size += 1
-
-            i <<= 1
-
-        return size
-
-    def add(self, flag):
-        self._val |= flag
-
-    def discard(self, flag):
-        # NB(directxman12): the 0xFFFFFFFF mask is needed to
-        #                   make Python's invert work properly
-        self._val = self._val & (~flag & 0xFFFFFFFF)
-
-    def __and__(self, other):
-        if isinstance(other, numbers.Integral):
-            return self._val & other
-        else:
-            return super(GenericFlagSet, self).__and__(other)
-
-    def __rand__(self, other):
-        return self.__and__(other)
-
-    def __or__(self, other):
-        if isinstance(other, numbers.Integral):
-            return self._val | other
-        else:
-            return super(GenericFlagSet, self).__or__(other)
-
-    def __ror__(self, other):
-        return self.__or__(other)
-
-    def __xor__(self, other):
-        if isinstance(other, numbers.Integral):
-            return self._val ^ other
-        else:
-            return super(GenericFlagSet, self).__xor__(other)
-
-    def __rxor__(self, other):
-        return self.__xor__(other)
-
-    def __int__(self):
-        return self._val
-
-    def __long__(self):
-        return long(self._val)
-
-    def __eq__(self, other):
-        if isinstance(other, GenericFlagSet):
-            return self._val == other._val
-        else:
-            return False
-
-    def __ne__(self, other):
-        return not self.__eq__(other)
-
-    def __repr__(self):
-        bits = "{0:032b}".format(self._val & 0xFFFFFFFF)
-        return "<{name} {bits}>".format(name=type(self).__name__,
-                                        bits=bits)
-
-
-class IntEnumFlagSet(GenericFlagSet):
-
-    __slots__ = ('_val', '_enum')
-
-    def __init__(self, enum, flags=None):
-        if not issubclass(enum, IntEnum):
-            raise Exception('"enum" not an Enum')
-        self._enum = enum
-        super(IntEnumFlagSet, self).__init__(flags)
-
-    def __iter__(self):
-        for i in super(IntEnumFlagSet, self).__iter__():
-            yield self._enum(i)
-
-    def __repr__(self):
-        fmt_str = "{name}({enum}, [{vals}])"
-        vals = ', '.join([elem.name for elem in self])
-        return fmt_str.format(name=type(self).__name__,
-                              enum=self._enum.__name__,
-                              vals=vals)
-
-    def __and__(self, other):
-        if isinstance(other, self._enum):
-            return other in self
-        else:
-            res = super(IntEnumFlagSet, self).__and__(other)
-            if isinstance(res, GenericFlagSet):
-                return IntEnumFlagSet(self._enum, res)
-            else:
-                return res
-
-    def __or__(self, other):
-        if isinstance(other, self._enum):
-            cpy = copy.copy(self)
-            cpy.add(other)
-            return cpy
-        else:
-            res = super(IntEnumFlagSet, self).__or__(other)
-            if isinstance(res, GenericFlagSet):
-                return IntEnumFlagSet(self._enum, res)
-            else:
-                return res
-
-    def __xor__(self, other):
-        if isinstance(other, self._enum):
-            cpy = copy.copy(self)
-            cpy._val = cpy._val ^ other
-            return cpy
-        else:
-            res = super(IntEnumFlagSet, self).__xor__(other)
-            if isinstance(res, GenericFlagSet):
-                return IntEnumFlagSet(self._enum, res)
-            else:
-                return res
-
-    def __sub__(self, other):
-        return IntEnumFlagSet(self._enum,
-                              super(IntEnumFlagSet, self).__sub__(other))
-
-    @classmethod
-    def _from_iterable(cls, it):
-        return GenericFlagSet(it)
diff --git a/gssapi/sec_contexts.py b/gssapi/sec_contexts.py
deleted file mode 100644
index adbbf301..00000000
--- a/gssapi/sec_contexts.py
+++ /dev/null
@@ -1,622 +0,0 @@
-import typing as t
-
-from gssapi.raw import chan_bindings as rchan_bindings
-from gssapi.raw import sec_contexts as rsec_contexts
-from gssapi.raw import message as rmessage
-from gssapi.raw import named_tuples as tuples
-from gssapi.raw import names as rnames
-from gssapi.raw import oids as roids
-from gssapi.raw.types import RequirementFlag, IntEnumFlagSet
-
-import gssapi.exceptions as excs
-from gssapi import _utils
-from gssapi.names import Name
-from gssapi.creds import Credentials
-
-
-class SecurityContext(rsec_contexts.SecurityContext,
-                      metaclass=_utils.CheckLastError):
-    """A GSSAPI Security Context
-
-    This class represents a GSSAPI security context that may be used
-    with and/or returned by other GSSAPI methods.
-
-    It inherits from the low-level GSSAPI
-    :class:`~gssapi.raw.sec_contexts.SecurityContext` class,
-    and thus may used with both low-level and high-level API methods.
-
-    This class may be pickled and unpickled (the attached delegated
-    credentials object will not be preserved, however).
-    """
-
-    def __new__(
-        cls,
-        base: t.Optional[rsec_contexts.SecurityContext] = None,
-        token: t.Optional[bytes] = None,
-        name: t.Optional[rnames.Name] = None,
-        creds: t.Optional[Credentials] = None,
-        lifetime: t.Optional[int] = None,
-        flags: t.Optional[int] = None,
-        mech: t.Optional[roids.OID] = None,
-        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
-        usage: t.Optional[str] = None,
-    ) -> "SecurityContext":
-
-        if token is not None:
-            base = rsec_contexts.import_sec_context(token)
-
-        return t.cast("SecurityContext",
-                      super(SecurityContext, cls).__new__(cls, base))
-
-    def __init__(
-        self,
-        base: t.Optional[rsec_contexts.SecurityContext] = None,
-        token: t.Optional[bytes] = None,
-        name: t.Optional[rnames.Name] = None,
-        creds: t.Optional[Credentials] = None,
-        lifetime: t.Optional[int] = None,
-        flags: t.Optional[int] = None,
-        mech: t.Optional[roids.OID] = None,
-        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
-        usage: t.Optional[str] = None,
-    ) -> None:
-        """
-        The constructor creates a new security context, but does not begin
-        the initiate or accept process.
-
-        If the `base` argument is used, an existing
-        :class:`~gssapi.raw.sec_contexts.SecurityContext` object from
-        the low-level API is converted into a high-level object.
-
-        If the `token` argument is passed, the security context is imported
-        using the token.
-
-        Otherwise, a new security context is created.
-
-        If the `usage` argument is not passed, the constructor will attempt
-        to detect what the appropriate usage is based on either the existing
-        security context (if `base` or `token` are used) or the argument set.
-
-        For a security context of the `initiate` usage, the `name` argument
-        must be used, and the `creds`, `mech`, `flags`,
-        `lifetime`, and `channel_bindings` arguments may be
-        used as well.
-
-        For a security context of the `accept` usage, the `creds` and
-        `channel_bindings` arguments may optionally be used.
-        """
-
-        # NB(directxman12): _last_err must be set first
-        self._last_err = None
-
-        # determine the usage ('initiate' vs 'accept')
-        if base is None and token is None:
-            # this will be a new context
-            if usage is not None:
-                if usage not in ('initiate', 'accept'):
-                    msg = "Usage must be either 'initiate' or 'accept'"
-                    raise excs.UnknownUsageError(msg, obj="security context")
-
-                self.usage = usage
-            elif creds is not None and creds.usage != 'both':
-                self.usage = creds.usage
-            elif name is not None:
-                # if we pass a name, assume the usage is 'initiate'
-                self.usage = 'initiate'
-            else:
-                # if we don't pass a name, assume the usage is 'accept'
-                self.usage = 'accept'
-
-            # check for appropriate arguments
-            if self.usage == 'initiate':
-                # takes: creds?, target_name, mech?, flags?,
-                #        channel_bindings?
-                if name is None:
-                    raise TypeError("You must pass the 'name' argument when "
-                                    "creating an initiating security context")
-                self._target_name = name
-                self._mech = mech
-                self._desired_flags = IntEnumFlagSet(RequirementFlag, flags)
-                self._desired_lifetime = lifetime
-            else:
-                # takes creds?
-                if (name is not None or flags is not None or
-                        mech is not None or lifetime is not None):
-                    raise TypeError("You must pass at most the 'creds' "
-                                    "argument when creating an accepting "
-                                    "security context")
-
-            self._channel_bindings = channel_bindings
-            self._creds = creds
-
-            self._delegated_creds = None
-
-        else:
-            # we already have a context in progress, just inspect it
-            # NB(directxman12): MIT krb5 refuses to inquire about a context
-            # if it's partially established, so we have to check here
-
-            try:
-                if self.locally_initiated:
-                    self.usage = 'initiate'
-                else:
-                    self.usage = 'accept'
-            except excs.MissingContextError:
-                msg = ("Cannot extract usage from a partially completed "
-                       "context")
-                raise excs.UnknownUsageError(msg, obj="security context")
-
-        # This is to work around an MIT krb5 bug (see the `complete` property)
-        self._complete: t.Optional[bool] = None
-
-    # NB(directxman12): DO NOT ADD AN __del__ TO THIS CLASS -- it screws up
-    #                   the garbage collector if _last_tb is still defined
-
-    # TODO(directxman12): implement flag properties
-
-    def get_signature(
-        self,
-        message: bytes,
-    ) -> bytes:
-        """Calculate the signature for a message.
-
-        This method calculates the signature (called a MIC) for
-        the given message, which may be then used with
-        :meth:`verify_signature` to confirm the validity of the
-        signature.  This is useful if you wish to transmit the
-        message signature and message in your own format.
-
-        Args:
-            message (bytes): the input message
-
-        Returns:
-            bytes: the message signature
-
-        Raises:
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-            ~gssapi.exceptions.BadQoPError
-        """
-
-        # TODO(directxman12): check flags?
-        return rmessage.get_mic(self, message)
-
-    def verify_signature(
-        self,
-        message: bytes,
-        mic: bytes,
-    ) -> int:
-        """Verify the signature for a message.
-
-        This method verifies that a signature (generated by
-        :meth:`get_signature` is valid for the given message.
-
-        If the signature is valid, the method will return.
-        Otherwise, it will raise an error.
-
-        Args:
-            message (bytes): the message
-            mic (bytes): the signature to verify
-
-        Returns:
-            int: the QoP used.
-
-        Raises:
-            ~gssapi.exceptions.BadMICError: the signature was not valid
-            ~gssapi.exceptions.InvalidTokenError
-            ~gssapi.exceptions.DuplicateTokenError
-            ~gssapi.exceptions.ExpiredTokenError
-            ~gssapi.exceptions.TokenTooLateError
-            ~gssapi.exceptions.TokenTooEarlyError
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-        """
-
-        return rmessage.verify_mic(self, message, mic)
-
-    def wrap(
-        self,
-        message: bytes,
-        encrypt: bool,
-    ) -> tuples.WrapResult:
-        """Wrap a message, optionally with encryption
-
-        This wraps a message, signing it and optionally
-        encrypting it.
-
-        Args:
-            message (bytes): the message to wrap
-            encrypt (bool): whether or not to encrypt the message
-
-        Returns:
-            WrapResult: the wrapped message and details about it
-            (e.g. whether encryption was used succesfully)
-
-        Raises:
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-            ~gssapi.exceptions.BadQoPError
-        """
-
-        return rmessage.wrap(self, message, encrypt)
-
-    def unwrap(
-        self,
-        message: bytes,
-    ) -> tuples.UnwrapResult:
-        """Unwrap a wrapped message.
-
-        This method unwraps/unencrypts a wrapped message,
-        verifying the signature along the way.
-
-        Args:
-            message (bytes): the message to unwrap/decrypt
-
-        Returns:
-            UnwrapResult: the unwrapped message and details about it
-            (e.g. wheter encryption was used)
-
-        Raises:
-            ~gssapi.exceptions.InvalidTokenError
-            ~gssapi.exceptions.BadMICError
-            ~gssapi.exceptions.DuplicateTokenError
-            ~gssapi.exceptions.ExpiredTokenError
-            ~gssapi.exceptions.TokenTooLateError
-            ~gssapi.exceptions.TokenTooEarlyError
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-        """
-
-        return rmessage.unwrap(self, message)
-
-    def encrypt(
-        self,
-        message: bytes,
-    ) -> bytes:
-        """Encrypt a message.
-
-        This method wraps and encrypts a message, similarly to
-        :meth:`wrap`.  The difference is that encryption is always
-        used, and the method will raise an exception if this is
-        not possible.  Additionally, this method simply returns
-        the encrypted message directly.
-
-        Args:
-            message (bytes): the message to encrypt
-
-        Returns:
-            bytes: the encrypted message
-
-        Raises:
-            ~gssapi.exceptions.EncryptionNotUsed: the encryption could not be
-                used
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-            ~gssapi.exceptions.BadQoPError
-        """
-
-        res = self.wrap(message, encrypt=True)
-
-        if not res.encrypted:
-            raise excs.EncryptionNotUsed("Wrapped message was not encrypted")
-
-        return res.message
-
-    def decrypt(
-        self,
-        message: bytes,
-    ) -> bytes:
-        """Decrypt a message.
-
-        This method decrypts and unwraps a message, verifying the signature
-        along the way, similarly to :meth:`unwrap`.  The difference is that
-        this method will raise an exception if encryption was established
-        by the context and not used, and simply returns the decrypted
-        message directly.
-
-        Args:
-            message (bytes): the encrypted message
-
-        Returns:
-            bytes: the decrypted message
-
-        Raises:
-            ~gssapi.exceptions.EncryptionNotUsed: encryption was expected, but
-                not used
-            ~gssapi.exceptions.InvalidTokenError
-            ~gssapi.exceptions.BadMICError
-            ~gssapi.exceptions.DuplicateTokenError
-            ~gssapi.exceptions.ExpiredTokenError
-            ~gssapi.exceptions.TokenTooLateError
-            ~gssapi.exceptions.TokenTooEarlyError
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-        """
-
-        res = self.unwrap(message)
-
-        if (not res.encrypted and
-                self.actual_flags & RequirementFlag.confidentiality):
-            raise excs.EncryptionNotUsed("The context was established with "
-                                         "encryption, but unwrapped message "
-                                         "was not encrypted",
-                                         unwrapped_message=res.message)
-
-        return res.message
-
-    def get_wrap_size_limit(
-        self,
-        desired_output_size: int,
-        encrypted: bool = True,
-    ) -> int:
-        """Calculate the maximum message size for a given wrapped message size.
-
-        This method calculates the maximum input message size for a given
-        maximum wrapped/encrypted message size.
-
-        Args:
-            desired_output_size (int): the maximum output message size
-            encrypted (bool): whether or not encryption should be taken
-                into account
-
-        Returns:
-            int: the maximum input message size
-
-        Raises:
-            ~gssapi.exceptions.MissingContextError
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.BadQoPError
-        """
-
-        return rmessage.wrap_size_limit(self, desired_output_size,
-                                        encrypted)
-
-    def process_token(
-        self,
-        token: bytes,
-    ) -> None:
-        """Process an output token asynchronously.
-
-        This method processes an output token even when the security context
-        was not expecting it.
-
-        Warning:
-            This method is deprecated.
-
-        Args:
-            token (bytes): the token to process
-
-        Raises:
-            ~gssapi.exceptions.InvalidTokenError
-            ~gssapi.exceptions.MissingContextError
-        """
-
-        rsec_contexts.process_context_token(self, token)
-
-    def export(self) -> bytes:
-        """Export a security context.
-
-        This method exports a security context, allowing it to be passed
-        between processes.
-
-        Returns:
-            bytes: the exported security context
-
-        Raises:
-            ~gssapi.exceptions.ExpiredContextError
-            ~gssapi.exceptions.MissingContextError
-            ~gssapi.exceptions.OperationUnavailableError
-        """
-
-        return rsec_contexts.export_sec_context(self)
-
-    _INQUIRE_ARGS = ('initiator_name', 'target_name', 'lifetime',
-                     'mech', 'flags', 'locally_init', 'complete')
-
-    @_utils.check_last_err
-    def _inquire(
-        self,
-        **kwargs: bool,
-    ) -> tuples.InquireContextResult:
-        """Inspect the security context for information
-
-        This method inspects the security context for information.
-
-        If no keyword arguments are passed, all available information
-        is returned.  Otherwise, only the keyword arguments that
-        are passed and set to `True` are returned.
-
-        Args:
-            initiator_name (bool): get the initiator name for this context
-            target_name (bool): get the target name for this context
-            lifetime (bool): get the remaining lifetime, in seconds, for this
-                context
-            mech (bool): get the :class:`MechType` used by this context
-            flags (bool): get the flags set on this context
-            locally_init (bool): get whether this context was locally initiated
-            complete (bool): get whether negotiation on this context has
-                been completed
-
-        Returns:
-            InquireContextResult: the results of the inquiry, with unused
-            fields set to None
-
-        Raises:
-            ~gssapi.exceptions.MissingContextError
-        """
-        if not kwargs:
-            default_val = True
-        else:
-            default_val = False
-
-        for arg in self._INQUIRE_ARGS:
-            kwargs[arg] = kwargs.get(arg, default_val)
-
-        res = rsec_contexts.inquire_context(self, **kwargs)
-
-        if (kwargs.get('initiator_name', False) and
-                res.initiator_name is not None):
-            init_name = Name(res.initiator_name)
-        else:
-            init_name = None
-
-        if (kwargs.get('target_name', False) and
-                res.target_name is not None):
-            target_name = Name(res.target_name)
-        else:
-            target_name = None
-
-        return tuples.InquireContextResult(init_name, target_name,
-                                           res.lifetime, res.mech,
-                                           res.flags, res.locally_init,
-                                           res.complete)
-
-    @property
-    def lifetime(self) -> int:
-        """The amount of time for which this context remains valid"""
-        return rsec_contexts.context_time(self)
-
-    @property
-    def delegated_creds(self) -> t.Optional[Credentials]:
-        """The credentials delegated from the initiator to the acceptor
-
-        .. warning::
-
-            This value will not be preserved across picklings.  These should
-            be separately exported and transferred.
-
-        """
-        return self._delegated_creds
-
-    initiator_name = _utils.inquire_property(
-        'initiator_name', 'The :class:`Name` of the initiator of this context')
-    target_name = _utils.inquire_property(
-        'target_name', 'The :class:`Name` of the target of this context')
-    mech = _utils.inquire_property(
-        'mech', 'The mechanism (:class:`MechType`) in use by this context')
-    actual_flags = _utils.inquire_property(
-        'flags', 'The flags set on this context')
-    locally_initiated = _utils.inquire_property(
-        'locally_init', 'Whether this context was locally intiated')
-
-    @property  # type: ignore # https://github.com/python/mypy/issues/1362
-    @_utils.check_last_err
-    def complete(self) -> bool:
-        """Whether negotiation for this context has been completed"""
-        # NB(directxman12): MIT krb5 has a bug where it refuses to
-        #                   inquire about partially completed contexts,
-        #                   so we can't just use `self._inquire` generally
-        if self._started:
-            complete = self._complete
-            if complete is None:
-                try:
-                    complete = self._inquire(complete=True).complete
-                except excs.MissingContextError:
-                    return False
-                else:
-                    self._complete = complete
-
-            return complete
-        else:
-            return False
-
-    @_utils.catch_and_return_token
-    def step(
-        self,
-        token: t.Optional[bytes] = None,
-    ) -> t.Optional[bytes]:
-        """Perform a negotation step.
-
-        This method performs a negotiation step based on the usage type
-        of this context.  If `__DEFER_STEP_ERRORS__` is set to True on
-        the class, this method will return a token, even when exceptions
-        would be thrown.  The generated exception will be thrown on the next
-        method call or property lookup on the context.
-        **This is the default behavior.**
-
-        This method should be used in a while loop, as such:
-
-        .. code-block:: python
-
-           input_token = None
-           try:
-               while not ctx.complete:
-                   output_token = ctx.step(input_token)
-                   if not output_token:
-                       break
-                   input_token = send_and_receive(output_token)
-           except GSSError as e:
-                handle_the_issue()
-
-        .. tip::
-
-            Disabling `__DEFER_STEP_ERRORS__` is rarely necessary.
-            When this method is used in a loop (as above),
-            `__DEFER_STEP_ERRORS__` will ensure that you always
-            send an error token when it's available,
-            keeping the other end of the security context updated
-            with the status of the negotiation.
-
-        Args:
-            token (bytes): the input token from the other participant's step
-
-        Returns:
-            bytes: the output token to send to the other participant
-
-        Raises:
-            ~gssapi.exceptions.InvalidTokenError
-            ~gssapi.exceptions.InvalidCredentialsError
-            ~gssapi.exceptions.MissingCredentialsError
-            ~gssapi.exceptions.ExpiredCredentialsError
-            ~gssapi.exceptions.BadChannelBindingsError
-            ~gssapi.exceptions.BadMICError
-            ~gssapi.exceptions.ExpiredTokenError: (initiate only)
-            ~gssapi.exceptions.DuplicateTokenError
-            ~gssapi.exceptions.MissingContextError
-            ~gssapi.exceptions.BadNameTypeError: (initiate only)
-            ~gssapi.exceptions.BadNameError: (initiate only)
-            ~gssapi.exceptions.BadMechanismError
-        """
-
-        if self.usage == 'accept':
-            return self._acceptor_step(token=token or b"")
-        else:
-            return self._initiator_step(token=token)
-
-    def _acceptor_step(
-        self,
-        token: bytes,
-    ) -> t.Optional[bytes]:
-        res = rsec_contexts.accept_sec_context(token, self._creds,
-                                               self, self._channel_bindings)
-
-        if res.delegated_creds is not None:
-            self._delegated_creds = Credentials(res.delegated_creds)
-        else:
-            self._delegated_creds = None
-
-        self._complete = not res.more_steps
-
-        return res.token
-
-    def _initiator_step(
-        self,
-        token: t.Optional[bytes] = None,
-    ) -> t.Optional[bytes]:
-        res = rsec_contexts.init_sec_context(self._target_name, self._creds,
-                                             self, self._mech,
-                                             self._desired_flags,
-                                             self._desired_lifetime,
-                                             self._channel_bindings,
-                                             token)
-
-        self._complete = not res.more_steps
-
-        return res.token
-
-    # pickle protocol support
-    def __reduce__(
-        self,
-    ) -> t.Tuple[t.Type["SecurityContext"], t.Tuple[None, bytes]]:
-        # the unpickle arguments to new are (base=None, token=self.export())
-        return (type(self), (None, self.export()))
diff --git a/gssapi/tests/__init__.py b/gssapi/tests/__init__.py
deleted file mode 100644
index e69de29b..00000000
diff --git a/gssapi/tests/test_high_level.py b/gssapi/tests/test_high_level.py
deleted file mode 100644
index ed6a4a0f..00000000
--- a/gssapi/tests/test_high_level.py
+++ /dev/null
@@ -1,937 +0,0 @@
-import copy
-import os
-import socket
-import sys
-import pickle
-
-from parameterized import parameterized
-
-from gssapi import creds as gsscreds
-from gssapi import mechs as gssmechs
-from gssapi import names as gssnames
-from gssapi import sec_contexts as gssctx
-from gssapi import raw as gb
-from gssapi import _utils as gssutils
-from gssapi import exceptions as excs
-import k5test.unit as ktu
-import k5test as kt
-
-
-TARGET_SERVICE_NAME = b'host'
-FQDN = (
-    'localhost' if sys.platform == 'darwin' else socket.getfqdn()
-).encode('utf-8')
-SERVICE_PRINCIPAL = TARGET_SERVICE_NAME + b'/' + FQDN
-
-# disable error deferring to catch errors immediately
-gssctx.SecurityContext.__DEFER_STEP_ERRORS__ = False  # type: ignore
-
-
-class _GSSAPIKerberosTestCase(kt.KerberosTestCase):
-    @classmethod
-    def setUpClass(cls):
-        super(_GSSAPIKerberosTestCase, cls).setUpClass()
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-
-        cls.realm.kinit(svc_princ, flags=['-k'])
-
-        cls._init_env()
-
-        cls.USER_PRINC = cls.realm.user_princ.split('@')[0].encode("UTF-8")
-        cls.ADMIN_PRINC = cls.realm.admin_princ.split('@')[0].encode("UTF-8")
-
-    @classmethod
-    def _init_env(cls):
-        cls._saved_env = copy.deepcopy(os.environ)
-        for k, v in cls.realm.env.items():
-            os.environ[k] = v
-
-    @classmethod
-    def _restore_env(cls):
-        for k in copy.deepcopy(os.environ):
-            if k in cls._saved_env:
-                os.environ[k] = cls._saved_env[k]
-            else:
-                del os.environ[k]
-
-        cls._saved_env = None
-
-    @classmethod
-    def tearDownClass(cls):
-        super(_GSSAPIKerberosTestCase, cls).tearDownClass()
-        cls._restore_env()
-
-
-def _perms_cycle(elem, rest, old_d):
-    if elem is None:
-        name_str = "with_params_"
-        true_keys = [k for (k, v) in old_d.items() if v]
-        if not true_keys:
-            name_str += 'none'
-        else:
-            name_str += '_'.join(true_keys)
-
-        return [(name_str, old_d)]
-    else:
-        if len(rest) > 0:
-            next_elem = rest.pop()
-        else:
-            next_elem = None
-
-        res = []
-        for v in (True, False):
-            new_d = copy.deepcopy(old_d)
-            new_d[elem] = v
-            res.extend(_perms_cycle(next_elem, copy.deepcopy(rest), new_d))
-
-        return res
-
-
-def exist_perms(**kwargs):
-    all_elems = list(kwargs.keys())
-    curr_elems = copy.deepcopy(all_elems)
-
-    perms = _perms_cycle(curr_elems.pop(), curr_elems, {})
-    res = []
-    for name_str, perm in perms:
-        args = dict([(k, v) for (k, v) in kwargs.items() if perm[k]])
-        res.append((name_str, args))
-
-    return parameterized.expand(res)
-
-
-def true_false_perms(*all_elems_tuple):
-    all_elems = list(all_elems_tuple)
-    curr_elems = copy.deepcopy(all_elems)
-
-    perms = _perms_cycle(curr_elems.pop(), curr_elems, {})
-    return parameterized.expand(perms)
-
-
-# NB(directxman12): MIT Kerberos completely ignores input TTLs for
-#                   credentials.  I suspect this is because the TTL
-#                   is actually set when kinit is called.
-# NB(directxman12): the above note used to be wonderfully sarcastic
-class CredsTestCase(_GSSAPIKerberosTestCase):
-    def setUp(self):
-        super(CredsTestCase, self).setUp()
-
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-        self.realm.kinit(svc_princ, flags=['-k'])
-
-        self.name = gssnames.Name(SERVICE_PRINCIPAL,
-                                  gb.NameType.kerberos_principal)
-
-    @exist_perms(lifetime=30, mechs=[gb.MechType.kerberos],
-                 usage='both')
-    def test_acquire_by_init(self, str_name, kwargs):
-        creds = gsscreds.Credentials(name=self.name, **kwargs)
-        if sys.platform != 'darwin':
-            self.assertIsInstance(creds.lifetime, int)
-        del creds
-
-    @exist_perms(lifetime=30, mechs=[gb.MechType.kerberos],
-                 usage='both')
-    def test_acquire_by_method(self, str_name, kwargs):
-        cred_resp = gsscreds.Credentials.acquire(name=self.name,
-                                                 **kwargs)
-        self.assertIsNotNone(cred_resp)
-
-        creds, actual_mechs, ttl = cred_resp
-        self.assertIsInstance(creds, gsscreds.Credentials)
-        self.assertIn(gb.MechType.kerberos, actual_mechs)
-        if sys.platform != 'darwin':
-            self.assertIsInstance(ttl, int)
-
-        del creds
-
-    @ktu.gssapi_extension_test('rfc5588', 'RFC 5588')
-    def test_store_acquire(self):
-        # we need to acquire a forwardable ticket
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-        self.realm.kinit(svc_princ, flags=['-k', '-f'])
-
-        target_name = gssnames.Name(TARGET_SERVICE_NAME,
-                                    gb.NameType.hostbased_service)
-
-        client_creds = gsscreds.Credentials(usage='initiate')
-        client_ctx = gssctx.SecurityContext(
-            name=target_name, creds=client_creds,
-            flags=gb.RequirementFlag.delegate_to_peer)
-
-        client_token = client_ctx.step()
-
-        server_creds = gsscreds.Credentials(usage='accept')
-        server_ctx = gssctx.SecurityContext(creds=server_creds)
-        server_ctx.step(client_token)
-
-        deleg_creds = server_ctx.delegated_creds
-        self.assertIsNotNone(deleg_creds)
-
-        store_res = deleg_creds.store(usage='initiate', set_default=True,
-                                      mech=gb.MechType.kerberos,
-                                      overwrite=True)
-        # While Heimdal doesn't fail it doesn't set the return values as exp.
-        if self.realm.provider.lower() != 'heimdal':
-            self.assertEqual(store_res.usage, "initiate")
-            self.assertIn(gb.MechType.kerberos, store_res.mechs)
-
-        reacquired_creds = gsscreds.Credentials(name=deleg_creds.name,
-                                                usage='initiate')
-        self.assertIsNotNone(reacquired_creds)
-
-    @ktu.gssapi_extension_test('cred_store', 'credentials store')
-    def test_store_into_acquire_from(self):
-        CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir)
-        KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir)
-        store = {'ccache': CCACHE, 'keytab': KT}
-
-        princ_name = 'service/cs@' + self.realm.realm
-        self.realm.addprinc(princ_name)
-        self.realm.extract_keytab(princ_name, KT)
-        self.realm.kinit(princ_name, None, ['-k', '-t', KT])
-
-        initial_creds = gsscreds.Credentials(name=None,
-                                             usage='initiate')
-
-        acquire_kwargs = {}
-        expected_usage = 'initiate'
-        if self.realm.provider.lower() == 'heimdal':
-            acquire_kwargs['usage'] = 'initiate'
-            acquire_kwargs['mech'] = gb.MechType.kerberos
-            expected_usage = 'both'
-
-        store_res = initial_creds.store(store, overwrite=True,
-                                        **acquire_kwargs)
-        self.assertIsNotNone(store_res.mechs)
-        self.assertGreater(len(store_res.mechs), 0)
-        self.assertEqual(store_res.usage, expected_usage)
-
-        name = gssnames.Name(princ_name)
-        retrieved_creds = gsscreds.Credentials(name=name, store=store)
-        self.assertIsNotNone(retrieved_creds)
-
-    def test_create_from_other(self):
-        raw_creds = gb.acquire_cred(None, usage='accept').creds
-
-        high_level_creds = gsscreds.Credentials(raw_creds)
-        self.assertEqual(high_level_creds.usage, "accept")
-
-    @true_false_perms('name', 'lifetime', 'usage', 'mechs')
-    def test_inquire(self, str_name, kwargs):
-        creds = gsscreds.Credentials(name=self.name)
-        resp = creds.inquire(**kwargs)
-
-        if kwargs['name']:
-            self.assertEqual(resp.name, self.name)
-            self.assertIsInstance(resp.name, gssnames.Name)
-        else:
-            self.assertIsNone(resp.name)
-
-        if kwargs['lifetime'] and sys.platform != 'darwin':
-            self.assertIsInstance(resp.lifetime, int)
-        else:
-            self.assertIsNone(resp.lifetime)
-
-        if kwargs['usage']:
-            expected = "accept" if sys.platform == "darwin" else "both"
-            self.assertEqual(resp.usage, expected)
-        else:
-            self.assertIsNone(resp.usage)
-
-        if kwargs['mechs']:
-            self.assertIn(gb.MechType.kerberos, resp.mechs)
-        else:
-            self.assertIsNone(resp.mechs)
-
-    @true_false_perms('name', 'init_lifetime', 'accept_lifetime', 'usage')
-    def test_inquire_by_mech(self, str_name, kwargs):
-        creds = gsscreds.Credentials(name=self.name)
-        resp = creds.inquire_by_mech(mech=gb.MechType.kerberos, **kwargs)
-
-        if kwargs['name']:
-            self.assertEqual(resp.name, self.name)
-            self.assertIsInstance(resp.name, gssnames.Name)
-        else:
-            self.assertIsNone(resp.name)
-
-        if kwargs['init_lifetime']:
-            self.assertIsInstance(resp.init_lifetime, int)
-        else:
-            self.assertIsNone(resp.init_lifetime)
-
-        if kwargs['accept_lifetime'] and sys.platform != "darwin":
-            self.assertIsInstance(resp.accept_lifetime, int)
-        else:
-            self.assertIsNone(resp.accept_lifetime)
-
-        if kwargs['usage']:
-            expected = "accept" if sys.platform == "darwin" else "both"
-            self.assertEqual(resp.usage, expected)
-        else:
-            self.assertIsNone(resp.usage)
-
-    def test_add(self):
-        if sys.platform == 'darwin':
-            self.skipTest("macOS Heimdal broken")
-
-        input_creds = gsscreds.Credentials(gb.Creds())
-        name = gssnames.Name(SERVICE_PRINCIPAL)
-        new_creds = input_creds.add(name, gb.MechType.kerberos,
-                                    usage='initiate')
-        self.assertIsInstance(new_creds, gsscreds.Credentials)
-
-    @ktu.gssapi_extension_test('cred_store', 'credentials store')
-    def test_store_into_add_from(self):
-        CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir)
-        KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir)
-        store = {'ccache': CCACHE, 'keytab': KT}
-
-        princ_name = 'service_add_from/cs@' + self.realm.realm
-        self.realm.addprinc(princ_name)
-        self.realm.extract_keytab(princ_name, KT)
-        self.realm.kinit(princ_name, None, ['-k', '-t', KT])
-
-        initial_creds = gsscreds.Credentials(name=None,
-                                             usage='initiate')
-
-        store_kwargs = {}
-        expected_usage = 'initiate'
-        if self.realm.provider.lower() == 'heimdal':
-            store_kwargs['usage'] = 'initiate'
-            store_kwargs['mech'] = gb.MechType.kerberos
-            expected_usage = 'both'
-
-        store_res = initial_creds.store(store, overwrite=True, **store_kwargs)
-        self.assertIsNotNone(store_res.mechs)
-        self.assertGreater(len(store_res.mechs), 0)
-        self.assertEqual(store_res.usage, expected_usage)
-
-        name = gssnames.Name(princ_name)
-        input_creds = gsscreds.Credentials(gb.Creds())
-        retrieved_creds = input_creds.add(name, gb.MechType.kerberos,
-                                          store=store)
-        self.assertIsInstance(retrieved_creds, gsscreds.Credentials)
-
-    @ktu.gssapi_extension_test('cred_imp_exp', 'credentials import-export')
-    def test_export(self):
-        creds = gsscreds.Credentials(name=self.name,
-                                     mechs=[gb.MechType.kerberos])
-        token = creds.export()
-        self.assertIsInstance(token, bytes)
-
-    @ktu.gssapi_extension_test('cred_imp_exp', 'credentials import-export')
-    def test_import_by_init(self):
-        creds = gsscreds.Credentials(name=self.name,
-                                     mechs=[gb.MechType.kerberos])
-        token = creds.export()
-        imported_creds = gsscreds.Credentials(token=token)
-
-        # lifetime seems to be None in Heimdal
-        if self.realm.provider.lower() != 'heimdal':
-            self.assertEqual(imported_creds.lifetime, creds.lifetime)
-
-        self.assertEqual(imported_creds.name, creds.name)
-
-    @ktu.gssapi_extension_test('cred_imp_exp', 'credentials import-export')
-    def test_pickle_unpickle(self):
-        creds = gsscreds.Credentials(name=self.name,
-                                     mechs=[gb.MechType.kerberos])
-        pickled_creds = pickle.dumps(creds)
-        unpickled_creds = pickle.loads(pickled_creds)
-
-        # lifetime seems to be None in Heimdal
-        if self.realm.provider.lower() != 'heimdal':
-            self.assertEqual(unpickled_creds.lifetime, creds.lifetime)
-        self.assertEqual(unpickled_creds.name, creds.name)
-
-    @exist_perms(lifetime=30, mechs=[gb.MechType.kerberos],
-                 usage='initiate')
-    @ktu.gssapi_extension_test('s4u', 'S4U')
-    def test_impersonate(self, str_name, kwargs):
-        server_name = gssnames.Name(SERVICE_PRINCIPAL,
-                                    gb.NameType.kerberos_principal)
-
-        password = self.realm.password("user")
-        self.realm.kinit(self.realm.user_princ, password=password,
-                         flags=["-f"])
-        client_ctx = gssctx.SecurityContext(
-            name=server_name, flags=gb.RequirementFlag.delegate_to_peer)
-        client_token = client_ctx.step()
-
-        self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"])
-        server_creds = gsscreds.Credentials(usage="both")
-        server_ctx = gssctx.SecurityContext(creds=server_creds)
-        server_ctx.step(client_token)
-        self.assertTrue(server_ctx.complete)
-
-        imp_creds = server_ctx.delegated_creds.impersonate(server_name,
-                                                           **kwargs)
-        self.assertIsInstance(imp_creds, gsscreds.Credentials)
-
-    @ktu.gssapi_extension_test('s4u', 'S4U')
-    def test_add_with_impersonate(self):
-        server_name = gssnames.Name(SERVICE_PRINCIPAL,
-                                    gb.NameType.kerberos_principal)
-
-        password = self.realm.password("user")
-        self.realm.kinit(self.realm.user_princ, password=password,
-                         flags=["-f"])
-        client_ctx = gssctx.SecurityContext(
-            name=server_name, flags=gb.RequirementFlag.delegate_to_peer)
-        client_token = client_ctx.step()
-
-        self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"])
-        server_creds = gsscreds.Credentials(usage="both")
-        server_ctx = gssctx.SecurityContext(creds=server_creds)
-        server_ctx.step(client_token)
-        self.assertTrue(server_ctx.complete)
-
-        # use empty creds to test here
-        input_creds = gsscreds.Credentials(gb.Creds())
-        new_creds = input_creds.add(
-            server_name, gb.MechType.kerberos,
-            impersonator=server_ctx.delegated_creds, usage='initiate')
-        self.assertIsInstance(new_creds, gsscreds.Credentials)
-
-
-class MechsTestCase(_GSSAPIKerberosTestCase):
-    def test_indicate_mechs(self):
-        mechs = gssmechs.Mechanism.all_mechs()
-        for mech in mechs:
-            s = str(mech)
-            self.assertGreater(len(s), 0)
-
-    @ktu.gssapi_extension_test('rfc5801', 'RFC 5801: SASL Names')
-    def test_sasl_properties(self):
-        mechs = gssmechs.Mechanism.all_mechs()
-        for mech in mechs:
-            s = str(mech)
-            self.assertGreater(len(s), 0)
-            self.assertIsInstance(s, str)
-
-            # Note that some mechanisms don't have SASL names or SASL
-            # descriptions; in this case, GSSAPI returns empty strings.
-            if mech.sasl_name:
-                self.assertIsInstance(mech.sasl_name, str)
-
-            if mech.description:
-                self.assertIsInstance(mech.description, str)
-
-            # Heimdal fails with Unknown mech-code on sanon
-            if not (self.realm.provider.lower() == "heimdal" and
-                    s == '1.3.6.1.4.1.5322.26.1.110'):
-                cmp_mech = gssmechs.Mechanism.from_sasl_name(mech.sasl_name)
-
-                # For some reason macOS sometimes returns this for mechs
-                if not (sys.platform == 'darwin' and
-                        str(cmp_mech) == '1.2.752.43.14.2'):
-                    self.assertEqual(str(cmp_mech), str(mech))
-
-    @ktu.gssapi_extension_test('rfc5587', 'RFC 5587: Mech Inquiry')
-    def test_mech_inquiry(self):
-        mechs = list(gssmechs.Mechanism.all_mechs())
-        c = len(mechs)
-
-        g_M_from_attrs = gssmechs.Mechanism.from_attrs
-
-        for mech in mechs:
-            attrs = mech.attrs
-            known_attrs = mech.known_attrs
-
-            for attr in attrs:
-                from_desired = g_M_from_attrs(desired_attrs=[attr])
-                from_except = g_M_from_attrs(except_attrs=[attr])
-
-                from_desired = list(from_desired)
-                from_except = list(from_except)
-
-                self.assertEqual(len(from_desired) + len(from_except), c)
-                self.assertIn(mech, from_desired)
-                self.assertNotIn(mech, from_except)
-
-            for attr in known_attrs:
-                from_desired = g_M_from_attrs(desired_attrs=[attr])
-                from_except = g_M_from_attrs(except_attrs=[attr])
-
-                from_desired = list(from_desired)
-                from_except = list(from_except)
-
-                self.assertEqual(len(from_desired) + len(from_except), c)
-
-
-class NamesTestCase(_GSSAPIKerberosTestCase):
-    def test_create_from_other(self):
-        raw_name = gb.import_name(SERVICE_PRINCIPAL)
-        high_level_name = gssnames.Name(raw_name)
-
-        self.assertEqual(bytes(high_level_name), SERVICE_PRINCIPAL)
-
-    def test_create_from_name_no_type(self):
-        name = gssnames.Name(SERVICE_PRINCIPAL)
-        self.assertIsNotNone(name)
-
-    def test_create_from_name_and_type(self):
-        name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal)
-        self.assertIsNotNone(name)
-        self.assertEqual(name.name_type, gb.NameType.kerberos_principal)
-
-    def test_create_from_token(self):
-        name1 = gssnames.Name(TARGET_SERVICE_NAME,
-                              gb.NameType.hostbased_service)
-        exported_name = name1.canonicalize(gb.MechType.kerberos).export()
-        name2 = gssnames.Name(token=exported_name)
-
-        self.assertEqual(name2.name_type, gb.NameType.kerberos_principal)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_provider_test(['mit'], 'gss_display_name_ext as it is not '
-                           'implemented for krb5')
-    def test_display_as(self):
-        name = gssnames.Name(TARGET_SERVICE_NAME,
-                             gb.NameType.hostbased_service)
-        canonical_name = name.canonicalize(gb.MechType.kerberos)
-
-        # NB(directxman12): krb5 doesn't implement display_name_ext, so just
-        # check to make sure we return the right types and a reasonable value
-        krb_name = canonical_name.display_as(
-            gb.NameType.hostbased_service)
-
-        princ_str = SERVICE_PRINCIPAL.decode('utf-8') + '@'
-        self.assertEqual(str(canonical_name), princ_str)
-        self.assertIsInstance(krb_name, str)
-        self.assertEqual(krb_name, princ_str)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_provider_test(['mit'], 'gss_canonicalize_name as it is not '
-                           'implemented for krb5')
-    def test_create_from_composite_token_no_attrs(self):
-        name1 = gssnames.Name(TARGET_SERVICE_NAME,
-                              gb.NameType.hostbased_service)
-        exported_name = name1.canonicalize(
-            gb.MechType.kerberos).export(composite=True)
-        name2 = gssnames.Name(token=exported_name, composite=True)
-
-        self.assertIsNotNone(name2)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_plugin_test('authdata', 'greet_client')
-    def test_create_from_composite_token_with_attrs(self):
-        name1 = gssnames.Name(TARGET_SERVICE_NAME,
-                              gb.NameType.hostbased_service)
-
-        canon_name = name1.canonicalize(gb.MechType.kerberos)
-        canon_name.attributes['urn:greet:greeting'] = b'some val'
-
-        exported_name = canon_name.export(composite=True)
-
-        # TODO(directxman12): when you just import a token as composite,
-        # appears as this name whose text is all garbled, since it contains
-        # all of the attributes, etc, but doesn't properly have the attributes.
-        # Once it's canonicalized, the attributes reappear.  However, if you
-        # just import it as normal export, the attributes appear directly.
-        # It is thus unclear as to what is going on
-        # name2_raw = gssnames.Name(token=exported_name, composite=True)
-        # name2 = name2_raw.canonicalize(gb.MechType.kerberos)
-
-        name2 = gssnames.Name(token=exported_name)
-        self.assertIsNotNone(name2)
-
-        ugg = name2.attributes["urn:greet:greeting"]
-        self.assertEqual(ugg.values, set([b"some val"]))
-        self.assertTrue(ugg.complete)
-        self.assertFalse(ugg.authenticated)
-
-    def test_to_str(self):
-        name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal)
-
-        name_str = str(name)
-
-        if sys.version_info[0] == 2:
-            target_val = SERVICE_PRINCIPAL
-        else:
-            target_val = SERVICE_PRINCIPAL.decode(gssutils._get_encoding())
-
-        self.assertEqual(name_str, target_val)
-
-    def test_to_unicode(self):
-        name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal)
-        self.assertEqual(str(name),
-                         SERVICE_PRINCIPAL.decode(gssutils._get_encoding()))
-
-    def test_to_bytes(self):
-        name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal)
-
-        # NB(directxman12): bytes only calles __bytes__ on Python 3+
-        self.assertEqual(name.__bytes__(), SERVICE_PRINCIPAL)
-
-    def test_compare(self):
-        name1 = gssnames.Name(SERVICE_PRINCIPAL)
-        name2 = gssnames.Name(SERVICE_PRINCIPAL)
-        name3 = gssnames.Name(TARGET_SERVICE_NAME,
-                              gb.NameType.hostbased_service)
-
-        self.assertEqual(name1, name2)
-        self.assertNotEqual(name1, name3)
-
-    def test_canoncialize_and_export(self):
-        name = gssnames.Name(SERVICE_PRINCIPAL, gb.NameType.kerberos_principal)
-        canonical_name = name.canonicalize(gb.MechType.kerberos)
-        exported_name = canonical_name.export()
-
-        self.assertIsInstance(exported_name, bytes)
-
-    def test_canonicalize(self):
-        name = gssnames.Name(TARGET_SERVICE_NAME,
-                             gb.NameType.hostbased_service)
-
-        canonicalized_name = name.canonicalize(gb.MechType.kerberos)
-        self.assertIsInstance(canonicalized_name, gssnames.Name)
-
-        expected = SERVICE_PRINCIPAL + b"@"
-        if sys.platform == 'darwin':
-            # No idea - just go with it
-            expected = b"host/wellknown:org.h5l.hostbased-service@" \
-                b"H5L.HOSTBASED-SERVICE"
-        elif self.realm.provider.lower() == 'heimdal':
-            expected += self.realm.realm.encode('utf-8')
-
-        self.assertEqual(bytes(canonicalized_name), expected)
-
-    def test_copy(self):
-        name1 = gssnames.Name(SERVICE_PRINCIPAL)
-        name2 = copy.copy(name1)
-
-        self.assertEqual(name1, name2)
-
-    # NB(directxman12): we don't test display_name_ext because the krb5 mech
-    # doesn't actually implement it
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_provider_test(['mit'], 'Heimdal does not implemented for krb5')
-    def test_is_mech_name(self):
-        name = gssnames.Name(TARGET_SERVICE_NAME,
-                             gb.NameType.hostbased_service)
-        self.assertFalse(name.is_mech_name)
-
-        canon_name = name.canonicalize(gb.MechType.kerberos)
-        self.assertTrue(canon_name.is_mech_name)
-        self.assertIsInstance(canon_name.mech, gb.OID)
-        self.assertEqual(canon_name.mech, gb.MechType.kerberos)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_provider_test(['mit'], 'Heimdal does not implemented for krb5')
-    def test_export_name_composite_no_attrs(self):
-        name = gssnames.Name(TARGET_SERVICE_NAME,
-                             gb.NameType.hostbased_service)
-        canon_name = name.canonicalize(gb.MechType.kerberos)
-        exported_name = canon_name.export(composite=True)
-
-        self.assertIsInstance(exported_name, bytes)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_plugin_test('authdata', 'greet_client')
-    def test_export_name_composite_with_attrs(self):
-        name = gssnames.Name(TARGET_SERVICE_NAME,
-                             gb.NameType.hostbased_service)
-        canon_name = name.canonicalize(gb.MechType.kerberos)
-        canon_name.attributes['urn:greet:greeting'] = b'some val'
-        exported_name = canon_name.export(composite=True)
-
-        self.assertIsInstance(exported_name, bytes)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_plugin_test('authdata', 'greet_client')
-    def test_basic_get_set_del_name_attribute_no_auth(self):
-        name = gssnames.Name(TARGET_SERVICE_NAME,
-                             gb.NameType.hostbased_service)
-        canon_name = name.canonicalize(gb.MechType.kerberos)
-
-        canon_name.attributes['urn:greet:greeting'] = (b'some val', True)
-        ugg = canon_name.attributes["urn:greet:greeting"]
-        self.assertEqual(ugg.values, set([b"some val"]))
-        self.assertTrue(ugg.complete)
-        self.assertFalse(ugg.authenticated)
-
-        del canon_name.attributes['urn:greet:greeting']
-
-        # NB(directxman12): for some reason, the greet:greeting handler plugin
-        # doesn't properly delete itself -- it just clears the value.  If we
-        # try to get its value now, we segfault (due to an issue with
-        # greet:greeting's delete).  Instead, just set the value again.
-        canon_name.attributes['urn:greet:greeting'] = b'some other val'
-
-
-class SecurityContextTestCase(_GSSAPIKerberosTestCase):
-    def setUp(self):
-        super(SecurityContextTestCase, self).setUp()
-        gssctx.SecurityContext.__DEFER_STEP_ERRORS__ = False
-        self.client_name = gssnames.Name(self.USER_PRINC)
-        self.client_creds = gsscreds.Credentials(name=None,
-                                                 usage='initiate')
-
-        if sys.platform == "darwin":
-            spn = TARGET_SERVICE_NAME + b"@" + FQDN
-            self.target_name = gssnames.Name(spn,
-                                             gb.NameType.hostbased_service)
-        else:
-            self.target_name = gssnames.Name(TARGET_SERVICE_NAME,
-                                             gb.NameType.hostbased_service)
-
-        self.server_name = gssnames.Name(SERVICE_PRINCIPAL)
-        self.server_creds = gsscreds.Credentials(name=self.server_name,
-                                                 usage='accept')
-
-    def _create_client_ctx(self, **kwargs):
-        return gssctx.SecurityContext(name=self.target_name, **kwargs)
-
-    # NB(directxman12): we skip testing process_context_token, because there is
-    #                   no concrete, non-deprecated was to obtain an "async"
-    #                   token
-
-    def test_create_from_other(self):
-        raw_client_ctx, raw_server_ctx = self._create_completed_contexts()
-        high_level_ctx = gssctx.SecurityContext(raw_client_ctx)
-
-        expected = self.target_name
-        if self.realm.provider.lower() == "heimdal":
-            expected = gssnames.Name(self.realm.host_princ.encode('utf-8'),
-                                     name_type=gb.NameType.kerberos_principal)
-        self.assertEqual(high_level_ctx.target_name, expected)
-
-    @exist_perms(lifetime=30, flags=[],
-                 mech=gb.MechType.kerberos,
-                 channel_bindings=None)
-    def test_create_new_init(self, str_name, kwargs):
-        client_ctx = gssctx.SecurityContext(name=self.target_name,
-                                            creds=self.client_creds,
-                                            **kwargs)
-        self.assertEqual(client_ctx.usage, "initiate")
-
-        client_ctx = self._create_client_ctx(**kwargs)
-        self.assertEqual(client_ctx.usage, "initiate")
-
-    def test_create_new_accept(self):
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds)
-        self.assertEqual(server_ctx.usage, "accept")
-
-    def test_init_throws_error_on_invalid_args(self):
-        self.assertRaises(TypeError, gssctx.SecurityContext, usage='accept',
-                          name=self.target_name)
-
-    def _create_completed_contexts(self):
-        client_ctx = self._create_client_ctx(lifetime=400)
-
-        client_token = client_ctx.step()
-        self.assertIsInstance(client_token, bytes)
-
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds)
-        server_token = server_ctx.step(client_token)
-        self.assertIsInstance(server_token, bytes)
-
-        client_ctx.step(server_token)
-
-        return (client_ctx, server_ctx)
-
-    def test_complete_on_partially_completed(self):
-        client_ctx = self._create_client_ctx()
-        client_tok = client_ctx.step()
-        self.assertFalse(client_ctx.complete)
-
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds)
-        server_tok = server_ctx.step(client_tok)
-
-        client_ctx.step(server_tok)
-        self.assertTrue(client_ctx.complete)
-        self.assertTrue(server_ctx.complete)
-
-    def test_initiate_accept_steps(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-
-        # KDC may allow for clockskew by increasing acceptor context lifetime
-        self.assertLessEqual(server_ctx.lifetime, 400 + 300)
-        self.assertEqual(server_ctx.initiator_name, client_ctx.initiator_name)
-        self.assertIsInstance(server_ctx.mech, gb.OID)
-        self.assertIsInstance(server_ctx.actual_flags, gb.IntEnumFlagSet)
-        self.assertFalse(server_ctx.locally_initiated)
-        self.assertTrue(server_ctx.complete)
-
-        self.assertLessEqual(client_ctx.lifetime, 400)
-
-        expected = self.target_name
-        if self.realm.provider.lower() == "heimdal":
-            expected = gssnames.Name(self.realm.host_princ.encode('utf-8'),
-                                     name_type=gb.NameType.kerberos_principal)
-        self.assertEqual(client_ctx.target_name, expected)
-
-        self.assertIsInstance(client_ctx.mech, gb.OID)
-        self.assertIsInstance(client_ctx.actual_flags, gb.IntEnumFlagSet)
-        self.assertTrue(client_ctx.locally_initiated)
-        self.assertTrue(client_ctx.complete)
-
-    def test_channel_bindings(self):
-        bdgs = gb.ChannelBindings(application_data=b'abcxyz',
-                                  initiator_address_type=gb.AddressType.ip,
-                                  initiator_address=b'127.0.0.1',
-                                  acceptor_address_type=gb.AddressType.ip,
-                                  acceptor_address=b'127.0.0.1')
-        client_ctx = self._create_client_ctx(lifetime=400,
-                                             channel_bindings=bdgs)
-
-        client_token = client_ctx.step()
-        self.assertIsInstance(client_token, bytes)
-
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds,
-                                            channel_bindings=bdgs)
-        server_token = server_ctx.step(client_token)
-        self.assertIsInstance(server_token, bytes)
-
-        client_ctx.step(server_token)
-
-    def test_bad_channel_bindings_raises_error(self):
-        if sys.platform == "darwin":
-            self.skipTest("macOS Heimdal doesn't fail as expected")
-
-        bdgs = gb.ChannelBindings(application_data=b'abcxyz',
-                                  initiator_address_type=gb.AddressType.ip,
-                                  initiator_address=b'127.0.0.1',
-                                  acceptor_address_type=gb.AddressType.ip,
-                                  acceptor_address=b'127.0.0.1')
-        client_ctx = self._create_client_ctx(lifetime=400,
-                                             channel_bindings=bdgs)
-
-        client_token = client_ctx.step()
-        self.assertIsInstance(client_token, bytes)
-
-        bdgs.acceptor_address = b'127.0.1.0'
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds,
-                                            channel_bindings=bdgs)
-        self.assertRaises(gb.BadChannelBindingsError, server_ctx.step,
-                          client_token)
-
-    def test_export_create_from_token(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-        token = client_ctx.export()
-        self.assertIsInstance(token, bytes)
-
-        imported_ctx = gssctx.SecurityContext(token=token)
-        self.assertEqual(imported_ctx.usage, "initiate")
-
-        expected = self.target_name
-        if self.realm.provider.lower() == "heimdal":
-            expected = gssnames.Name(self.realm.host_princ.encode('utf-8'),
-                                     name_type=gb.NameType.kerberos_principal)
-
-        self.assertEqual(imported_ctx.target_name, expected)
-
-    def test_pickle_unpickle(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-        pickled_ctx = pickle.dumps(client_ctx)
-
-        unpickled_ctx = pickle.loads(pickled_ctx)
-        self.assertIsInstance(unpickled_ctx, gssctx.SecurityContext)
-        self.assertEqual(unpickled_ctx.usage, "initiate")
-
-        expected = self.target_name
-        if self.realm.provider.lower() == "heimdal":
-            expected = gssnames.Name(self.realm.host_princ.encode('utf-8'),
-                                     name_type=gb.NameType.kerberos_principal)
-        self.assertEqual(unpickled_ctx.target_name, expected)
-
-    def test_encrypt_decrypt(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-
-        encrypted_msg = client_ctx.encrypt(b'test message')
-        self.assertIsInstance(encrypted_msg, bytes)
-
-        decrypted_msg = server_ctx.decrypt(encrypted_msg)
-        self.assertIsInstance(decrypted_msg, bytes)
-        self.assertEqual(decrypted_msg, b"test message")
-
-    def test_encrypt_decrypt_throws_error_on_no_encryption(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-
-        wrap_res = client_ctx.wrap(b'test message', False)
-        self.assertIsInstance(wrap_res, gb.WrapResult)
-        self.assertFalse(wrap_res.encrypted)
-        self.assertIsInstance(wrap_res.message, bytes)
-
-        self.assertRaises(excs.EncryptionNotUsed, server_ctx.decrypt,
-                          wrap_res.message)
-
-    def test_wrap_unwrap(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-
-        wrap_res = client_ctx.wrap(b'test message', True)
-        self.assertIsInstance(wrap_res, gb.WrapResult)
-        self.assertTrue(wrap_res.encrypted)
-        self.assertIsInstance(wrap_res.message, bytes)
-
-        unwrap_res = server_ctx.unwrap(wrap_res.message)
-        self.assertIsInstance(unwrap_res, gb.UnwrapResult)
-        self.assertIsInstance(unwrap_res.message, bytes)
-        self.assertEqual(unwrap_res.message, b"test message")
-        self.assertTrue(unwrap_res.encrypted)
-
-    def test_get_wrap_size_limit(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-
-        with_conf = client_ctx.get_wrap_size_limit(100)
-        without_conf = client_ctx.get_wrap_size_limit(100, encrypted=True)
-
-        self.assertIsInstance(with_conf, int)
-        self.assertIsInstance(without_conf, int)
-        self.assertLessEqual(with_conf, 100)
-        self.assertLessEqual(without_conf, 100)
-
-    def test_get_signature(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-        mic_token = client_ctx.get_signature(b'some message')
-
-        self.assertIsInstance(mic_token, bytes)
-        self.assertGreater(len(mic_token), 0)
-
-    def test_verify_signature_raise(self):
-        client_ctx, server_ctx = self._create_completed_contexts()
-        mic_token = client_ctx.get_signature(b'some message')
-        server_ctx.verify_signature(b'some message', mic_token)
-
-        self.assertRaises(gb.GSSError, server_ctx.verify_signature,
-                          b"other message", mic_token)
-
-    @ktu.krb_minversion_test("1.11", "returning tokens", provider="mit")
-    @ktu.krb_provider_test(["mit"], "returning tokens")
-    def test_defer_step_error_on_method(self):
-        gssctx.SecurityContext.__DEFER_STEP_ERRORS__ = True
-        bdgs = gb.ChannelBindings(application_data=b'abcxyz')
-        client_ctx = self._create_client_ctx(lifetime=400,
-                                             channel_bindings=bdgs)
-
-        client_token = client_ctx.step()
-        self.assertIsInstance(client_token, bytes)
-
-        bdgs.application_data = b'defuvw'
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds,
-                                            channel_bindings=bdgs)
-        self.assertIsInstance(server_ctx.step(client_token), bytes)
-        self.assertRaises(gb.BadChannelBindingsError, server_ctx.encrypt,
-                          b"test")
-
-    @ktu.krb_minversion_test("1.11", "returning tokens", provider="mit")
-    @ktu.krb_provider_test(["mit"], "returning tokens")
-    def test_defer_step_error_on_complete_property_access(self):
-        gssctx.SecurityContext.__DEFER_STEP_ERRORS__ = True
-        bdgs = gb.ChannelBindings(application_data=b'abcxyz')
-        client_ctx = self._create_client_ctx(lifetime=400,
-                                             channel_bindings=bdgs)
-
-        client_token = client_ctx.step()
-        self.assertIsInstance(client_token, bytes)
-
-        bdgs.application_data = b'defuvw'
-        server_ctx = gssctx.SecurityContext(creds=self.server_creds,
-                                            channel_bindings=bdgs)
-        self.assertIsInstance(server_ctx.step(client_token), bytes)
-
-        self.assertRaises(gb.BadChannelBindingsError,
-                          lambda: server_ctx.complete)
diff --git a/gssapi/tests/test_raw.py b/gssapi/tests/test_raw.py
deleted file mode 100644
index 1ab7ab3a..00000000
--- a/gssapi/tests/test_raw.py
+++ /dev/null
@@ -1,1880 +0,0 @@
-import copy
-import ctypes
-import ctypes.util
-import os
-import socket
-import sys
-import unittest
-
-import gssapi.raw as gb
-import gssapi.raw.misc as gbmisc
-import k5test.unit as ktu
-import k5test as kt
-
-from collections.abc import Set
-
-
-TARGET_SERVICE_NAME = b'host'
-FQDN = (
-    'localhost' if sys.platform == 'darwin' else socket.getfqdn()
-).encode('utf-8')
-SERVICE_PRINCIPAL = TARGET_SERVICE_NAME + b'/' + FQDN
-
-if sys.platform == 'darwin':
-    TARGET_SERVICE_NAME += b"@" + FQDN
-
-
-class _GSSAPIKerberosTestCase(kt.KerberosTestCase):
-    @classmethod
-    def setUpClass(cls):
-        super(_GSSAPIKerberosTestCase, cls).setUpClass()
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-
-        cls.realm.kinit(svc_princ, flags=['-k'])
-
-        cls._init_env()
-
-        cls.USER_PRINC = cls.realm.user_princ.split('@')[0].encode("UTF-8")
-        cls.ADMIN_PRINC = cls.realm.admin_princ.split('@')[0].encode("UTF-8")
-        cls.KRB5_LIB_PATH = os.environ.get("GSSAPI_KRB5_MAIN_LIB", None)
-
-    @classmethod
-    def _init_env(cls):
-        cls._saved_env = copy.deepcopy(os.environ)
-        for k, v in cls.realm.env.items():
-            os.environ[k] = v
-
-    @classmethod
-    def _restore_env(cls):
-        for k in copy.deepcopy(os.environ):
-            if k in cls._saved_env:
-                os.environ[k] = cls._saved_env[k]
-            else:
-                del os.environ[k]
-
-        cls._saved_env = None
-
-    @classmethod
-    def tearDownClass(cls):
-        super(_GSSAPIKerberosTestCase, cls).tearDownClass()
-        cls._restore_env()
-
-
-class TestBaseUtilities(_GSSAPIKerberosTestCase):
-    def setUp(self):
-        self.realm.kinit(SERVICE_PRINCIPAL.decode("UTF-8"), flags=['-k'])
-
-    def test_indicate_mechs(self):
-        mechs = gb.indicate_mechs()
-        self.assertIsInstance(mechs, set)
-        self.assertIn(gb.MechType.kerberos, mechs)
-
-    def test_import_name(self):
-        imported_name = gb.import_name(TARGET_SERVICE_NAME)
-        self.assertIsInstance(imported_name, gb.Name)
-
-        gb.release_name(imported_name)
-
-    def test_canonicalize_export_name(self):
-        imported_name = gb.import_name(self.ADMIN_PRINC,
-                                       gb.NameType.kerberos_principal)
-
-        canonicalized_name = gb.canonicalize_name(imported_name,
-                                                  gb.MechType.kerberos)
-        self.assertIsInstance(canonicalized_name, gb.Name)
-
-        exported_name = gb.export_name(canonicalized_name)
-        self.assertIsInstance(exported_name, bytes)
-        self.assertGreater(len(exported_name), 0)
-
-    def test_duplicate_name(self):
-        orig_name = gb.import_name(TARGET_SERVICE_NAME)
-        new_name = gb.duplicate_name(orig_name)
-        self.assertIsNotNone(new_name)
-        self.assertTrue(gb.compare_name(orig_name, new_name))
-
-    def test_display_name(self):
-        imported_name = gb.import_name(TARGET_SERVICE_NAME,
-                                       gb.NameType.hostbased_service)
-        displ_resp = gb.display_name(imported_name)
-        self.assertIsNotNone(displ_resp)
-
-        displayed_name, out_type = displ_resp
-        self.assertIsInstance(displayed_name, bytes)
-        self.assertEqual(displayed_name, TARGET_SERVICE_NAME)
-        self.assertEqual(out_type, gb.NameType.hostbased_service)
-
-    # NB(directxman12): we don't test display_name_ext because the krb5 mech
-    # doesn't actually implement it
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_provider_test(['mit'], 'Heimdal does not implemented for krb5')
-    def test_inquire_name_not_mech_name(self):
-        base_name = gb.import_name(TARGET_SERVICE_NAME,
-                                   gb.NameType.hostbased_service)
-
-        inquire_res = gb.inquire_name(base_name)
-        self.assertIsNotNone(inquire_res)
-        self.assertFalse(inquire_res.is_mech_name)
-        self.assertIsNone(inquire_res.mech)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_provider_test(['mit'], 'Heimdal does not implemented for krb5')
-    def test_inquire_name_mech_name(self):
-        base_name = gb.import_name(TARGET_SERVICE_NAME,
-                                   gb.NameType.hostbased_service)
-        mech_name = gb.canonicalize_name(base_name, gb.MechType.kerberos)
-
-        inquire_res = gb.inquire_name(mech_name)
-        self.assertIsNotNone(inquire_res)
-        self.assertTrue(inquire_res.is_mech_name)
-        self.assertIsInstance(inquire_res.mech, gb.OID)
-        self.assertEqual(inquire_res.mech, gb.MechType.kerberos)
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.gssapi_extension_test('rfc6680_comp_oid',
-                               'RFC 6680 (COMPOSITE_EXPORT OID)')
-    def test_import_export_name_composite_no_attrs(self):
-        base_name = gb.import_name(TARGET_SERVICE_NAME,
-                                   gb.NameType.hostbased_service)
-        canon_name = gb.canonicalize_name(base_name,
-                                          gb.MechType.kerberos)
-
-        exported_name = gb.export_name_composite(canon_name)
-        self.assertIsInstance(exported_name, bytes)
-
-        imported_name = gb.import_name(exported_name,
-                                       gb.NameType.composite_export)
-        self.assertIsInstance(imported_name, gb.Name)
-
-    # NB(directxman12): the greet_client plugin only allows for one value
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_plugin_test('authdata', 'greet_client')
-    def test_inquire_name_with_attrs(self):
-        base_name = gb.import_name(TARGET_SERVICE_NAME,
-                                   gb.NameType.hostbased_service)
-        canon_name = gb.canonicalize_name(base_name, gb.MechType.kerberos)
-        gb.set_name_attribute(canon_name, b'urn:greet:greeting',
-                              [b'some greeting'])
-
-        inquire_res = gb.inquire_name(canon_name)
-        self.assertIsInstance(inquire_res.attrs, list)
-        self.assertEqual(inquire_res.attrs, [b"urn:greet:greeting"])
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_plugin_test('authdata', 'greet_client')
-    def test_basic_get_set_delete_name_attributes_no_auth(self):
-        base_name = gb.import_name(TARGET_SERVICE_NAME,
-                                   gb.NameType.hostbased_service)
-        canon_name = gb.canonicalize_name(base_name, gb.MechType.kerberos)
-
-        gb.set_name_attribute(canon_name, b'urn:greet:greeting',
-                              [b'some other val'], complete=True)
-
-        get_res = gb.get_name_attribute(canon_name, b'urn:greet:greeting')
-        self.assertIsNotNone(get_res)
-        self.assertIsInstance(get_res.values, list)
-        self.assertEqual(get_res.values, [b"some other val"])
-        self.assertIsInstance(get_res.display_values, list)
-        self.assertEqual(get_res.display_values, get_res.values)
-        self.assertTrue(get_res.complete)
-        self.assertFalse(get_res.authenticated)
-
-        gb.delete_name_attribute(canon_name, b'urn:greet:greeting')
-
-        # NB(directxman12): the code below currently segfaults due to the way
-        # that krb5 and the krb5 greet plugin is written
-        # gb.get_name_attribute.should_raise(
-        #     gb.exceptions.OperationUnavailableError, canon_name,
-        #     'urn:greet:greeting')
-
-    @ktu.gssapi_extension_test('rfc6680', 'RFC 6680')
-    @ktu.krb_plugin_test('authdata', 'greet_client')
-    def test_import_export_name_composite(self):
-        base_name = gb.import_name(TARGET_SERVICE_NAME,
-                                   gb.NameType.hostbased_service)
-        canon_name = gb.canonicalize_name(base_name, gb.MechType.kerberos)
-        gb.set_name_attribute(canon_name, b'urn:greet:greeting', [b'some val'])
-
-        exported_name = gb.export_name_composite(canon_name)
-        self.assertIsInstance(exported_name, bytes)
-
-        # TODO(directxman12): when you just import a token as composite,
-        # appears as this name whose text is all garbled, since it contains
-        # all of the attributes, etc, but doesn't properly have the attributes.
-        # Once it's canonicalized, the attributes reappear.  However, if you
-        # just import it as normal export, the attributes appear directly.
-        # It is thus unclear as to what is going on
-
-        # imported_name_raw = gb.import_name(exported_name,
-        #                                    gb.NameType.composite_export)
-        # imported_name = gb.canonicalize_name(imported_name_r,
-        #                                      gb.MechType.kerberos)
-
-        imported_name = gb.import_name(exported_name, gb.NameType.export)
-        self.assertIsInstance(imported_name, gb.Name)
-
-        get_res = gb.get_name_attribute(imported_name, b'urn:greet:greeting')
-        self.assertEqual(get_res.values, [b"some val"])
-
-    def test_compare_name(self):
-        service_name1 = gb.import_name(TARGET_SERVICE_NAME)
-        service_name2 = gb.import_name(TARGET_SERVICE_NAME)
-        init_name = gb.import_name(self.ADMIN_PRINC,
-                                   gb.NameType.kerberos_principal)
-
-        self.assertTrue(gb.compare_name(service_name1, service_name2))
-        self.assertTrue(gb.compare_name(service_name2, service_name1))
-        self.assertFalse(gb.compare_name(service_name1, init_name))
-
-        gb.release_name(service_name1)
-        gb.release_name(service_name2)
-        gb.release_name(init_name)
-
-    def test_display_status(self):
-        status_resp = gbmisc._display_status(0, False)
-        self.assertIsNotNone(status_resp)
-
-        status, ctx, cont = status_resp
-        self.assertIsInstance(status, bytes)
-        self.assertGreater(len(status), 0)
-        self.assertIsInstance(ctx, int)
-        self.assertIsInstance(cont, bool)
-        self.assertFalse(cont)
-
-    def test_acquire_creds(self):
-        name = gb.import_name(SERVICE_PRINCIPAL,
-                              gb.NameType.kerberos_principal)
-        cred_resp = gb.acquire_cred(name)
-        self.assertIsNotNone(cred_resp)
-
-        creds, actual_mechs, ttl = cred_resp
-        self.assertIsInstance(creds, gb.Creds)
-        self.assertIn(gb.MechType.kerberos, actual_mechs)
-        if sys.platform != 'darwin':
-            self.assertIsInstance(ttl, int)
-
-        gb.release_name(name)
-        gb.release_cred(creds)
-
-    @ktu.gssapi_extension_test('cred_imp_exp', 'credentials import-export')
-    def test_cred_import_export(self):
-        creds = gb.acquire_cred(None).creds
-        token = gb.export_cred(creds)
-        imported_creds = gb.import_cred(token)
-
-        inquire_orig = gb.inquire_cred(creds, name=True)
-        inquire_imp = gb.inquire_cred(imported_creds, name=True)
-        self.assertTrue(gb.compare_name(inquire_orig.name, inquire_imp.name))
-
-    def test_context_time(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(target_name)
-
-        client_token1 = ctx_resp[3]
-        client_ctx = ctx_resp[0]
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token1,
-                                            acceptor_creds=server_creds)
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=client_ctx,
-                                           input_token=server_tok)
-        ctx = client_resp2[0]
-
-        ttl = gb.context_time(ctx)
-        self.assertIsInstance(ttl, int)
-        self.assertGreater(ttl, 0)
-
-    def test_inquire_context(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(target_name)
-
-        client_token1 = ctx_resp[3]
-        client_ctx = ctx_resp[0]
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token1,
-                                            acceptor_creds=server_creds)
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=client_ctx,
-                                           input_token=server_tok)
-        ctx = client_resp2[0]
-
-        inq_resp = gb.inquire_context(ctx)
-        self.assertIsNotNone(inq_resp)
-
-        src_name, target_name, ttl, mech_type, flags, local_est, is_open = \
-            inq_resp
-        self.assertIsInstance(src_name, gb.Name)
-        self.assertIsInstance(target_name, gb.Name)
-        self.assertIsInstance(ttl, int)
-        self.assertEqual(mech_type, gb.MechType.kerberos)
-        self.assertIsInstance(flags, Set)
-        self.assertGreater(len(flags), 0)
-        self.assertIsInstance(local_est, bool)
-        self.assertTrue(local_est)
-        self.assertIsInstance(is_open, bool)
-        self.assertTrue(is_open)
-
-    # NB(directxman12): We don't test `process_context_token` because
-    #                   there is no clear non-deprecated way to test it
-
-    @ktu.gssapi_extension_test('s4u', 'S4U')
-    def test_add_cred_impersonate_name(self):
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-
-        password = self.realm.password('user')
-        self.realm.kinit(self.realm.user_princ, password=password,
-                         flags=["-f"])
-        name = gb.import_name(b"user", gb.NameType.kerberos_principal)
-        client_creds = gb.acquire_cred(name, usage="initiate").creds
-        cctx_res = gb.init_sec_context(
-            server_name, creds=client_creds,
-            flags=gb.RequirementFlag.delegate_to_peer)
-
-        self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"])
-        server_creds = gb.acquire_cred(server_name, usage="both").creds
-        sctx_res = gb.accept_sec_context(cctx_res.token, server_creds)
-        self.assertTrue(gb.inquire_context(sctx_res.context).complete)
-
-        input_creds = gb.Creds()
-        imp_resp = gb.add_cred_impersonate_name(input_creds,
-                                                sctx_res.delegated_creds,
-                                                server_name,
-                                                gb.MechType.kerberos)
-        self.assertIsNotNone(imp_resp)
-        self.assertIsInstance(imp_resp, gb.AddCredResult)
-        self.assertIsInstance(imp_resp.creds, gb.Creds)
-        self.assertIn(gb.MechType.kerberos, imp_resp.mechs)
-        self.assertIsInstance(imp_resp.init_lifetime, int)
-        self.assertGreater(imp_resp.init_lifetime, 0)
-        self.assertIsInstance(imp_resp.accept_lifetime, int)
-        self.assertEqual(imp_resp.accept_lifetime, 0)
-
-    @ktu.gssapi_extension_test('s4u', 'S4U')
-    def test_acquire_creds_impersonate_name(self):
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-
-        password = self.realm.password('user')
-        self.realm.kinit(self.realm.user_princ, password=password,
-                         flags=["-f"])
-        name = gb.import_name(b'user', gb.NameType.kerberos_principal)
-        client_creds = gb.acquire_cred(name, usage="initiate").creds
-        cctx_res = gb.init_sec_context(
-            server_name, creds=client_creds,
-            flags=gb.RequirementFlag.delegate_to_peer)
-
-        self.realm.kinit(SERVICE_PRINCIPAL.decode("utf-8"), flags=["-k"])
-        server_creds = gb.acquire_cred(server_name, usage='both').creds
-        sctx_res = gb.accept_sec_context(cctx_res.token, server_creds)
-        self.assertTrue(gb.inquire_context(sctx_res.context).complete)
-
-        imp_resp = gb.acquire_cred_impersonate_name(sctx_res.delegated_creds,
-                                                    server_name)
-        self.assertIsInstance(imp_resp, gb.AcquireCredResult)
-        self.assertIsInstance(imp_resp.creds, gb.Creds)
-        self.assertIn(gb.MechType.kerberos, imp_resp.mechs)
-        self.assertIsInstance(imp_resp.lifetime, int)
-        self.assertGreater(imp_resp.lifetime, 0)
-
-    @ktu.gssapi_extension_test('s4u', 'S4U')
-    @ktu.krb_minversion_test('1.11',
-                             'returning delegated S4U2Proxy credentials',
-                             provider='mit')
-    def test_always_get_delegated_creds(self):
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-        self.realm.kinit(svc_princ, flags=['-k', '-f'])
-
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-
-        client_token = gb.init_sec_context(target_name).token
-
-        # if our acceptor creds have a usage of both, we get
-        # s4u2proxy delegated credentials
-        server_creds = gb.acquire_cred(None, usage='both').creds
-        server_ctx_resp = gb.accept_sec_context(client_token,
-                                                acceptor_creds=server_creds)
-        self.assertIsNotNone(server_ctx_resp)
-        self.assertIsInstance(server_ctx_resp.delegated_creds, gb.Creds)
-
-    @ktu.gssapi_extension_test('rfc5588', 'RFC 5588')
-    def test_store_cred_acquire_cred(self):
-        # we need to acquire a forwardable ticket
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-        self.realm.kinit(svc_princ, flags=['-k', '-f'])
-
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-
-        client_creds = gb.acquire_cred(None, usage='initiate').creds
-        client_ctx_resp = gb.init_sec_context(
-            target_name, creds=client_creds,
-            flags=gb.RequirementFlag.delegate_to_peer)
-
-        client_token = client_ctx_resp[3]
-
-        server_creds = gb.acquire_cred(None, usage='accept').creds
-        server_ctx_resp = gb.accept_sec_context(client_token,
-                                                acceptor_creds=server_creds)
-
-        deleg_creds = server_ctx_resp.delegated_creds
-        self.assertIsNotNone(deleg_creds)
-
-        store_res = gb.store_cred(deleg_creds, usage='initiate',
-                                  mech=gb.MechType.kerberos,
-                                  set_default=True, overwrite=True)
-        self.assertIsNotNone(store_res)
-
-        if self.realm.provider.lower() != 'heimdal':
-            # Heimdal does not return this info as expected
-            self.assertEqual(store_res.usage, "initiate")
-            self.assertIn(gb.MechType.kerberos, store_res.mechs)
-
-        deleg_name = gb.inquire_cred(deleg_creds).name
-        acq_resp = gb.acquire_cred(deleg_name, usage='initiate')
-        self.assertIsNotNone(acq_resp)
-
-    @ktu.gssapi_extension_test('cred_store', 'credentials store')
-    def test_store_cred_into_acquire_cred(self):
-        CCACHE = 'FILE:{tmpdir}/other_ccache'.format(tmpdir=self.realm.tmpdir)
-        KT = '{tmpdir}/other_keytab'.format(tmpdir=self.realm.tmpdir)
-        store = {b'ccache': CCACHE.encode('UTF-8'),
-                 b'keytab': KT.encode('UTF-8')}
-
-        princ_name = 'service/cs@' + self.realm.realm
-        self.realm.addprinc(princ_name)
-        self.realm.extract_keytab(princ_name, KT)
-        self.realm.kinit(princ_name, None, ['-k', '-t', KT])
-
-        initial_creds = gb.acquire_cred(None, usage='initiate').creds
-
-        # NB(sross): overwrite because the ccache doesn't exist yet
-        expected_usage = 'initiate'
-        store_kwargs = {}
-        if self.realm.provider.lower() == 'heimdal':
-            expected_usage = 'both'
-            store_kwargs['mech'] = gb.MechType.kerberos
-            store_kwargs['usage'] = 'initiate'
-
-        store_res = gb.store_cred_into(store, initial_creds, overwrite=True,
-                                       **store_kwargs)
-        self.assertIsNotNone(store_res.mechs)
-        self.assertEqual(store_res.usage, expected_usage)
-
-        name = gb.import_name(princ_name.encode('UTF-8'))
-        retrieve_res = gb.acquire_cred_from(store, name)
-
-        self.assertIsNotNone(retrieve_res)
-        self.assertIsNotNone(retrieve_res.creds)
-        self.assertIsInstance(retrieve_res.creds, gb.Creds)
-        self.assertIn(gb.MechType.kerberos, retrieve_res.mechs)
-        self.assertIsInstance(retrieve_res.lifetime, int)
-
-    def test_add_cred(self):
-        if sys.platform == 'darwin':
-            self.skipTest('macOS fails to find the credential')
-
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        client_ctx_resp = gb.init_sec_context(target_name)
-        client_token = client_ctx_resp[3]
-        del client_ctx_resp  # free all the things (except the token)!
-
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name, usage='both')[0]
-        server_ctx_resp = gb.accept_sec_context(client_token,
-                                                acceptor_creds=server_creds)
-
-        input_creds = gb.Creds()
-        imp_resp = gb.add_cred(input_creds,
-                               server_ctx_resp[1],
-                               gb.MechType.kerberos)
-        self.assertIsNotNone(imp_resp)
-
-        new_creds, actual_mechs, output_init_ttl, output_accept_ttl = imp_resp
-        self.assertIsInstance(new_creds, gb.Creds)
-        self.assertIn(gb.MechType.kerberos, actual_mechs)
-        self.assertIsInstance(output_init_ttl, int)
-        self.assertIsInstance(output_accept_ttl, int)
-
-    # NB(sross): we skip testing add_cred with mutate for the same reasons
-    #            that testing add_cred in the high-level API is skipped
-
-    def test_inquire_creds(self):
-        name = gb.import_name(SERVICE_PRINCIPAL,
-                              gb.NameType.kerberos_principal)
-        cred = gb.acquire_cred(name).creds
-
-        inq_resp = gb.inquire_cred(cred)
-        self.assertIsNotNone(inq_resp)
-        self.assertIsInstance(inq_resp.name, gb.Name)
-
-        if self.realm.provider.lower() == 'heimdal':
-            name = gb.import_name(self.realm.host_princ.encode('utf-8'),
-                                  gb.NameType.kerberos_principal)
-
-        self.assertTrue(gb.compare_name(name, inq_resp.name))
-
-        if sys.platform == 'darwin':
-            self.assertEqual(inq_resp.usage, "accept")
-        else:
-            self.assertIsInstance(inq_resp.lifetime, int)
-            self.assertEqual(inq_resp.usage, "both")
-
-        self.assertIn(gb.MechType.kerberos, inq_resp.mechs)
-
-    def test_create_oid_from_bytes(self):
-        kerberos_bytes = gb.MechType.kerberos.__bytes__()
-        new_oid = gb.OID(elements=kerberos_bytes)
-
-        self.assertEqual(new_oid, gb.MechType.kerberos)
-
-        del new_oid  # make sure we can dealloc
-
-    def test_error_dispatch(self):
-        err_code1 = gb.ParameterReadError.CALLING_CODE
-        err_code2 = gb.BadNameError.ROUTINE_CODE
-
-        err = gb.GSSError(err_code1 | err_code2, 0)
-        self.assertIsInstance(err, gb.NameReadError)
-        self.assertEqual(err.maj_code, err_code1 | err_code2)
-
-    def test_inquire_names_for_mech(self):
-        res = gb.inquire_names_for_mech(gb.MechType.kerberos)
-        self.assertIsNotNone(res)
-        self.assertIn(gb.NameType.kerberos_principal, res)
-
-    def test_inquire_mechs_for_name(self):
-        name = gb.import_name(self.USER_PRINC,
-                              gb.NameType.kerberos_principal)
-
-        res = gb.inquire_mechs_for_name(name)
-        self.assertIsNotNone(res)
-        self.assertIn(gb.MechType.kerberos, res)
-
-    @ktu.gssapi_extension_test('password', 'Password')
-    def test_acquire_cred_with_password(self):
-        password = self.realm.password('user')
-        self.realm.kinit(self.realm.user_princ, password=password)
-
-        name = gb.import_name(b'user', gb.NameType.kerberos_principal)
-
-        imp_resp = gb.acquire_cred_with_password(name,
-                                                 password.encode('UTF-8'))
-        self.assertIsNotNone(imp_resp)
-
-        imp_creds, actual_mechs, output_ttl = imp_resp
-        self.assertIsNotNone(imp_creds)
-        self.assertIsInstance(imp_creds, gb.Creds)
-        if sys.platform == 'darwin':
-            self.assertIn(gb.OID.from_int_seq('1.3.6.1.5.2.5'), actual_mechs)
-        else:
-            self.assertIn(gb.MechType.kerberos, actual_mechs)
-            self.assertIsInstance(output_ttl, int)
-
-    @ktu.gssapi_extension_test('password_add', 'Password (add)')
-    def test_add_cred_with_password(self):
-        password = self.realm.password('user')
-        self.realm.kinit(self.realm.user_princ, password=password)
-
-        name = gb.import_name(b'user', gb.NameType.kerberos_principal)
-
-        input_creds = gb.Creds()
-        imp_resp = gb.add_cred_with_password(input_creds, name,
-                                             gb.MechType.kerberos,
-                                             password.encode('UTF-8'))
-        self.assertIsNotNone(imp_resp)
-
-        new_creds, actual_mechs, output_init_ttl, output_accept_ttl = imp_resp
-        self.assertIsInstance(new_creds, gb.Creds)
-        self.assertIn(gb.MechType.kerberos, actual_mechs)
-        self.assertIsInstance(output_init_ttl, int)
-        self.assertIsInstance(output_accept_ttl, int)
-
-    @ktu.gssapi_extension_test('rfc5587', 'RFC 5587')
-    def test_rfc5587(self):
-        if sys.platform == "darwin":
-            self.skipTest("too many edge cases on macOS")
-
-        mechs = gb.indicate_mechs_by_attrs(None, None, None)
-        self.assertIsInstance(mechs, set)
-        self.assertGreater(len(mechs), 0)
-
-        # We're validating RFC 5587 here: by iterating over all mechanisms,
-        # we can query their attributes and build a mapping of attr->{mechs}.
-        # To test indicate_mechs_by_attrs, we can use this mapping and
-        # ensure that, when the attribute is placed in a slot, we get the
-        # expected result (e.g., attr in have --> mechs are present).
-        attrs_dict = {}
-        known_attrs_dict = {}
-
-        for mech in mechs:
-            self.assertIsInstance(mech, gb.OID)
-
-            inquire_out = gb.inquire_attrs_for_mech(mech)
-            mech_attrs = inquire_out.mech_attrs
-            known_mech_attrs = inquire_out.known_mech_attrs
-
-            self.assertIsInstance(mech_attrs, set)
-            self.assertIsInstance(known_mech_attrs, set)
-
-            # Verify that we get data for every available
-            # attribute. Testing the contents of a few known
-            # attributes is done in test_display_mech_attr().
-            for mech_attr in mech_attrs:
-                self.assertIsInstance(mech_attr, gb.OID)
-
-                display_out = gb.display_mech_attr(mech_attr)
-                self.assertIsInstance(display_out.name, bytes)
-                self.assertIsInstance(display_out.short_desc, bytes)
-                self.assertIsInstance(display_out.long_desc, bytes)
-
-                if mech_attr not in attrs_dict:
-                    attrs_dict[mech_attr] = set()
-                attrs_dict[mech_attr].add(mech)
-
-            for mech_attr in known_mech_attrs:
-                self.assertIsInstance(mech_attr, gb.OID)
-
-                display_out = gb.display_mech_attr(mech_attr)
-                self.assertIsInstance(display_out.name, bytes)
-                self.assertIsInstance(display_out.short_desc, bytes)
-                self.assertIsInstance(display_out.long_desc, bytes)
-
-                if mech_attr not in known_attrs_dict:
-                    known_attrs_dict[mech_attr] = set()
-                known_attrs_dict[mech_attr].add(mech)
-
-        for attr, expected_mechs in attrs_dict.items():
-            attrs = set([attr])
-
-            mechs = gb.indicate_mechs_by_attrs(attrs, None, None)
-            self.assertGreater(len(mechs), 0)
-            self.assertEqual(mechs, expected_mechs)
-
-            mechs = gb.indicate_mechs_by_attrs(None, attrs, None)
-            for expected_mech in expected_mechs:
-                self.assertNotIn(expected_mech, mechs)
-
-        if self.realm.provider.lower() != 'heimdal':
-            # Heimdal doesn't fully implement gss_indicate_mechs_by_attrs
-            for attr, expected_mechs in known_attrs_dict.items():
-                attrs = set([attr])
-
-                mechs = gb.indicate_mechs_by_attrs(None, None, attrs)
-                self.assertGreater(len(mechs), 0)
-                self.assertEqual(mechs, expected_mechs)
-
-    @ktu.gssapi_extension_test('rfc5587', 'RFC 5587')
-    def test_display_mech_attr(self):
-        test_attrs = [
-            # oid, name, short_desc, long_desc
-            # Taken from krb5/src/tests/gssapi/t_saslname
-            [gb.OID.from_int_seq("1.3.6.1.5.5.13.24"),
-                b"GSS_C_MA_CBINDINGS", b"channel-bindings",
-                b"Mechanism supports channel bindings."],
-            [gb.OID.from_int_seq("1.3.6.1.5.5.13.1"),
-                b"GSS_C_MA_MECH_CONCRETE", b"concrete-mech",
-                b"Mechanism is neither a pseudo-mechanism nor a composite "
-                b"mechanism."]
-        ]
-
-        if self.realm.provider.lower() == 'heimdal':
-            test_attrs[0][3] = b""
-            test_attrs[1][3] = b"Indicates that a mech is neither a " \
-                b"pseudo-mechanism nor a composite mechanism"
-
-        for attr in test_attrs:
-            display_out = gb.display_mech_attr(attr[0])
-            self.assertEqual(display_out.name, attr[1])
-            self.assertEqual(display_out.short_desc, attr[2])
-            self.assertEqual(display_out.long_desc, attr[3])
-
-    @ktu.gssapi_extension_test('rfc5801', 'SASL Names')
-    def test_sasl_names(self):
-        mechs = gb.indicate_mechs()
-
-        for mech in mechs:
-            out = gb.inquire_saslname_for_mech(mech)
-
-            out_smn = out.sasl_mech_name
-            if out_smn:
-                self.assertIsInstance(out_smn, bytes)
-                self.assertGreater(len(out_smn), 0)
-
-            out_mn = out.mech_name
-            self.assertIsInstance(out_mn, bytes)
-
-            out_md = out.mech_description
-            self.assertIsInstance(out_md, bytes)
-
-            # Heimdal fails with Unknown mech-code on sanon
-            if not (self.realm.provider.lower() == 'heimdal' and
-                    mech.dotted_form == '1.3.6.1.4.1.5322.26.1.110'):
-                cmp_mech = gb.inquire_mech_for_saslname(out_smn)
-                self.assertIsNotNone(cmp_mech)
-
-                # For some reason macOS sometimes returns this for mechs
-                if not (sys.platform == 'darwin' and
-                        cmp_mech.dotted_form == '1.2.752.43.14.2'):
-                    self.assertEqual(cmp_mech, mech)
-
-    @ktu.gssapi_extension_test('rfc4178', 'Negotiation Mechanism')
-    def test_set_neg_mechs(self):
-        all_mechs = gb.indicate_mechs()
-        spnego_mech = gb.OID.from_int_seq("1.3.6.1.5.5.2")
-        krb5_mech = gb.OID.from_int_seq("1.2.840.113554.1.2.2")
-        ntlm_mech = gb.OID.from_int_seq("1.3.6.1.4.1.311.2.2.10")
-
-        server_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-
-        username = gb.import_name(name=b"user",
-                                  name_type=gb.NameType.user)
-        krb5_client_creds = gb.acquire_cred(
-                                None, usage='initiate',
-                                mechs=[krb5_mech, spnego_mech]).creds
-        try:
-            ntlm_client_creds = gb.acquire_cred_with_password(
-                                name=username,
-                                password=b'password',
-                                mechs=[ntlm_mech, spnego_mech]).creds
-        except gb.GSSError:
-            self.skipTest('You do not have the GSSAPI gss-ntlmssp mech '
-                          'installed')
-
-        server_creds = gb.acquire_cred(server_name, usage='accept',
-                                       mechs=all_mechs).creds
-
-        neg_resp = gb.set_neg_mechs(server_creds, [ntlm_mech])
-        self.assertIsNone(neg_resp)
-
-        client_ctx_resp = gb.init_sec_context(server_name,
-                                              creds=ntlm_client_creds,
-                                              mech=spnego_mech)
-        client_token = client_ctx_resp.token
-
-        server_ctx_resp = gb.accept_sec_context(client_token,
-                                                acceptor_creds=server_creds)
-        self.assertIsNotNone(server_ctx_resp)
-
-        client_ctx_resp = gb.init_sec_context(server_name,
-                                              creds=krb5_client_creds,
-                                              mech=spnego_mech)
-        client_token = client_ctx_resp.token
-
-        self.assertRaises(gb.GSSError, gb.accept_sec_context, client_token,
-                          acceptor_creds=server_creds)
-
-        neg_resp = gb.set_neg_mechs(server_creds, [krb5_mech])
-        self.assertIsNone(neg_resp)
-
-        client_ctx_resp = gb.init_sec_context(server_name,
-                                              creds=krb5_client_creds,
-                                              mech=spnego_mech)
-        client_token = client_ctx_resp.token
-
-        server_ctx_resp = gb.accept_sec_context(client_token,
-                                                acceptor_creds=server_creds)
-        self.assertIsNotNone(server_ctx_resp)
-
-        client_ctx_resp = gb.init_sec_context(server_name,
-                                              creds=ntlm_client_creds,
-                                              mech=spnego_mech)
-        client_token = client_ctx_resp.token
-
-        self.assertRaises(gb.GSSError, gb.accept_sec_context, client_token,
-                          acceptor_creds=server_creds)
-
-    @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
-    @ktu.gssapi_extension_test('s4u', 'S4U')
-    @ktu.krb_minversion_test('1.16',
-                             'querying impersonator name of krb5 GSS '
-                             'Credential using the '
-                             'GSS_KRB5_GET_CRED_IMPERSONATOR OID',
-                             provider='mit')
-    def test_inquire_cred_by_oid_impersonator(self):
-        svc_princ = SERVICE_PRINCIPAL.decode("UTF-8")
-        self.realm.kinit(svc_princ, flags=['-k', '-f'])
-
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-
-        client_token = gb.init_sec_context(target_name).token
-
-        # if our acceptor creds have a usage of both, we get
-        # s4u2proxy delegated credentials
-        server_creds = gb.acquire_cred(None, usage='both').creds
-        server_ctx_resp = gb.accept_sec_context(client_token,
-                                                acceptor_creds=server_creds)
-
-        self.assertIsNotNone(server_ctx_resp)
-        self.assertIsNotNone(server_ctx_resp.delegated_creds)
-        self.assertIsInstance(server_ctx_resp.delegated_creds, gb.Creds)
-
-        # GSS_KRB5_GET_CRED_IMPERSONATOR
-        oid = gb.OID.from_int_seq("1.2.840.113554.1.2.2.5.14")
-        info = gb.inquire_cred_by_oid(server_ctx_resp.delegated_creds, oid)
-
-        self.assertIsInstance(info, list)
-        self.assertGreater(len(info), 0)
-        self.assertIsInstance(info[0], bytes)
-        self.assertEqual(info[0], b"%s@%s" % (
-            SERVICE_PRINCIPAL, self.realm.realm.encode('utf-8')))
-
-    @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
-    def test_inquire_sec_context_by_oid(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp1 = gb.init_sec_context(target_name)
-
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(ctx_resp1[3],
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=ctx_resp1[0],
-                                           input_token=server_tok)
-        client_ctx = client_resp2[0]
-
-        # GSS_C_INQ_SSPI_SESSION_KEY
-        session_key_oid = gb.OID.from_int_seq("1.2.840.113554.1.2.2.5.5")
-
-        client_key = gb.inquire_sec_context_by_oid(client_ctx, session_key_oid)
-        server_key = gb.inquire_sec_context_by_oid(server_ctx, session_key_oid)
-
-        self.assertIsInstance(client_key, list)
-        self.assertGreater(len(client_key), 0)
-        self.assertIsInstance(server_key, list)
-        self.assertGreater(len(server_key), 0)
-        self.assertCountEqual(client_key, server_key)
-
-    @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
-    def test_inquire_sec_context_by_oid_should_raise_error(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp1 = gb.init_sec_context(target_name)
-
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(ctx_resp1[3],
-                                            acceptor_creds=server_creds)
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=ctx_resp1[0],
-                                           input_token=server_resp[3])
-        client_ctx = client_resp2[0]
-
-        invalid_oid = gb.OID.from_int_seq("1.2.3.4.5.6.7.8.9")
-        self.assertRaises(gb.GSSError, gb.inquire_sec_context_by_oid,
-                          client_ctx, invalid_oid)
-
-    @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
-    @ktu.gssapi_extension_test('password', 'Add Credential with Password')
-    def test_set_sec_context_option(self):
-        if sys.platform == 'darwin':
-            self.skipTest("macOS NTLM does not implement this OID")
-
-        ntlm_mech = gb.OID.from_int_seq("1.3.6.1.4.1.311.2.2.10")
-        username = gb.import_name(name=b"user",
-                                  name_type=gb.NameType.user)
-        try:
-            cred = gb.acquire_cred_with_password(name=username,
-                                                 password=b"password",
-                                                 mechs=[ntlm_mech])
-        except gb.GSSError:
-            self.skipTest('You do not have the GSSAPI gss-ntlmssp mech '
-                          'installed')
-
-        server = gb.import_name(name=b"server",
-                                name_type=gb.NameType.hostbased_service)
-        orig_context = gb.init_sec_context(server, creds=cred.creds,
-                                           mech=ntlm_mech)[0]
-
-        # GSS_NTLMSSP_RESET_CRYPTO_OID_STRING
-        reset_mech = gb.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")
-        out_context = gb.set_sec_context_option(reset_mech,
-                                                context=orig_context,
-                                                value=b"\x00" * 4)
-        self.assertIsInstance(out_context, gb.SecurityContext)
-
-    @ktu.gssapi_extension_test('ggf', 'Global Grid Forum')
-    @ktu.gssapi_extension_test('password', 'Add Credential with Password')
-    def test_set_sec_context_option_fail(self):
-        ntlm_mech = gb.OID.from_int_seq("1.3.6.1.4.1.311.2.2.10")
-        username = gb.import_name(name=b"user",
-                                  name_type=gb.NameType.user)
-        try:
-            cred = gb.acquire_cred_with_password(name=username,
-                                                 password=b"password",
-                                                 mechs=[ntlm_mech])
-        except gb.GSSError:
-            self.skipTest('You do not have the GSSAPI gss-ntlmssp mech '
-                          'installed')
-
-        server = gb.import_name(name=b"server",
-                                name_type=gb.NameType.hostbased_service)
-        context = gb.init_sec_context(server, creds=cred.creds,
-                                      mech=ntlm_mech)[0]
-
-        # GSS_NTLMSSP_RESET_CRYPTO_OID_STRING
-        reset_mech = gb.OID.from_int_seq("1.3.6.1.4.1.7165.655.1.3")
-
-        # will raise a GSSError if no data was passed in
-        self.assertRaises(gb.GSSError, gb.set_sec_context_option, reset_mech,
-                          context)
-
-    @ktu.gssapi_extension_test('set_cred_opt', 'Kitten Set Credential Option')
-    @ktu.krb_minversion_test('1.14',
-                             'GSS_KRB5_CRED_NO_CI_FLAGS_X was added in MIT '
-                             'krb5 1.14', provider='mit')
-    def test_set_cred_option(self):
-        name = gb.import_name(SERVICE_PRINCIPAL,
-                              gb.NameType.kerberos_principal)
-        # GSS_KRB5_CRED_NO_CI_FLAGS_X
-        no_ci_flags_x = gb.OID.from_int_seq("1.2.752.43.13.29")
-        orig_cred = gb.acquire_cred(name).creds
-
-        # nothing much we can test here apart from it doesn't fail and the
-        # id of the return cred is the same as the input one
-        output_cred = gb.set_cred_option(no_ci_flags_x, creds=orig_cred)
-        self.assertIsInstance(output_cred, gb.Creds)
-
-    @ktu.gssapi_extension_test('set_cred_opt', 'Kitten Set Credential Option')
-    def test_set_cred_option_should_raise_error(self):
-        name = gb.import_name(SERVICE_PRINCIPAL,
-                              gb.NameType.kerberos_principal)
-        orig_cred = gb.acquire_cred(name).creds
-
-        # this is a fake OID and shouldn't work at all
-        invalid_oid = gb.OID.from_int_seq("1.2.3.4.5.6.7.8.9")
-        self.assertRaises(gb.GSSError, gb.set_cred_option, invalid_oid,
-                          orig_cred, b"\x00")
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    @ktu.krb_provider_test(['mit'], 'Cannot revert ccache on Heimdal')
-    # https://github.com/heimdal/heimdal/issues/803
-    def test_krb5_ccache_name(self):
-        provider = self.realm.provider.lower()
-
-        new_ccache = os.path.join(self.realm.tmpdir, 'ccache-new')
-        new_env = self.realm.env.copy()
-        new_env['KRB5CCNAME'] = new_ccache
-        self.realm.kinit(self.realm.user_princ,
-                         password=self.realm.password('user'),
-                         env=new_env)
-
-        old_ccache = gb.krb5_ccache_name(new_ccache.encode('utf-8'))
-        try:
-            if provider == 'heimdal':
-                # Heimdal never returns the old name - see above link
-                self.assertTrue(old_ccache is None)
-            else:
-                self.assertEqual(old_ccache.decode('utf-8'), self.realm.ccache)
-
-            cred_resp = gb.acquire_cred(usage='initiate').creds
-
-            princ_name = gb.inquire_cred(cred_resp, name=True).name
-            name = gb.display_name(princ_name, name_type=False).name
-            self.assertEqual(name, self.realm.user_princ.encode('utf-8'))
-
-            if provider != 'heimdal':
-                changed_ccache = gb.krb5_ccache_name(old_ccache)
-                self.assertEqual(changed_ccache.decode('utf-8'), new_ccache)
-
-        finally:
-            # Ensure original behaviour is back for other tests
-            gb.krb5_ccache_name(None)
-
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        client_resp = gb.init_sec_context(target_name, creds=cred_resp)
-        client_ctx = client_resp[0]
-        client_token = client_resp[3]
-
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token,
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_token = server_resp[3]
-
-        gb.init_sec_context(target_name, context=client_ctx,
-                            input_token=server_token)
-        initiator = gb.inquire_context(server_ctx,
-                                       initiator_name=True).initiator_name
-        initiator_name = gb.display_name(initiator, name_type=False).name
-
-        self.assertEqual(initiator_name, self.realm.user_princ.encode('utf-8'))
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    def test_krb5_export_lucid_sec_context(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(target_name)
-
-        client_token1 = ctx_resp[3]
-        client_ctx = ctx_resp[0]
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token1,
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=client_ctx,
-                                           input_token=server_tok)
-        ctx = client_resp2[0]
-
-        self.assertRaises(gb.GSSError, gb.krb5_export_lucid_sec_context,
-                          ctx, 0)
-
-        initiator_info = gb.krb5_export_lucid_sec_context(ctx, 1)
-        self.assertTrue(isinstance(initiator_info, gb.Krb5LucidContextV1))
-        self.assertEqual(initiator_info.version, 1)
-        self.assertTrue(initiator_info.is_initiator)
-        self.assertTrue(isinstance(initiator_info.endtime, int))
-        self.assertTrue(isinstance(initiator_info.send_seq, int))
-        self.assertTrue(isinstance(initiator_info.recv_seq, int))
-        self.assertEqual(initiator_info.protocol, 1)
-        self.assertEqual(initiator_info.rfc1964_kd, None)
-        self.assertTrue(isinstance(initiator_info.cfx_kd, gb.CfxKeyData))
-        self.assertTrue(isinstance(initiator_info.cfx_kd.ctx_key_type, int))
-        self.assertTrue(isinstance(initiator_info.cfx_kd.ctx_key, bytes))
-        self.assertTrue(isinstance(initiator_info.cfx_kd.acceptor_subkey_type,
-                                   int))
-        self.assertTrue(isinstance(initiator_info.cfx_kd.acceptor_subkey,
-                                   bytes))
-
-        acceptor_info = gb.krb5_export_lucid_sec_context(server_ctx, 1)
-        self.assertTrue(isinstance(acceptor_info, gb.Krb5LucidContextV1))
-        self.assertEqual(acceptor_info.version, 1)
-        self.assertFalse(acceptor_info.is_initiator)
-        self.assertTrue(isinstance(acceptor_info.endtime, int))
-        self.assertTrue(isinstance(acceptor_info.send_seq, int))
-        self.assertTrue(isinstance(acceptor_info.recv_seq, int))
-        self.assertEqual(acceptor_info.protocol, 1)
-        self.assertEqual(acceptor_info.rfc1964_kd, None)
-        self.assertTrue(isinstance(acceptor_info.cfx_kd, gb.CfxKeyData))
-        self.assertTrue(isinstance(acceptor_info.cfx_kd.ctx_key_type, int))
-        self.assertTrue(isinstance(acceptor_info.cfx_kd.ctx_key, bytes))
-        self.assertTrue(isinstance(acceptor_info.cfx_kd.acceptor_subkey_type,
-                                   int))
-        self.assertTrue(isinstance(acceptor_info.cfx_kd.acceptor_subkey,
-                                   bytes))
-
-        self.assertEqual(initiator_info.endtime, acceptor_info.endtime)
-        self.assertEqual(initiator_info.send_seq, acceptor_info.recv_seq)
-        self.assertEqual(initiator_info.recv_seq, acceptor_info.send_seq)
-        self.assertEqual(initiator_info.cfx_kd.ctx_key_type,
-                         acceptor_info.cfx_kd.ctx_key_type)
-        self.assertEqual(initiator_info.cfx_kd.ctx_key,
-                         acceptor_info.cfx_kd.ctx_key)
-        self.assertEqual(initiator_info.cfx_kd.acceptor_subkey_type,
-                         acceptor_info.cfx_kd.acceptor_subkey_type)
-        self.assertEqual(initiator_info.cfx_kd.acceptor_subkey,
-                         acceptor_info.cfx_kd.acceptor_subkey)
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    def test_krb5_extract_authtime_from_sec_context(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(target_name)
-
-        client_token1 = ctx_resp[3]
-        client_ctx = ctx_resp[0]
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token1,
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=client_ctx,
-                                           input_token=server_tok)
-        ctx = client_resp2[0]
-
-        if self.realm.provider.lower() == 'heimdal':
-            # Heimdal doesn't store the ticket info on the initiator
-            client_authtime = server_authtime = \
-                gb.krb5_extract_authtime_from_sec_context(server_ctx)
-            self.assertRaises(gb.GSSError,
-                              gb.krb5_extract_authtime_from_sec_context,
-                              client_ctx)
-        else:
-            client_authtime = gb.krb5_extract_authtime_from_sec_context(ctx)
-            server_authtime = gb.krb5_extract_authtime_from_sec_context(
-                server_ctx)
-
-        self.assertTrue(isinstance(client_authtime, int))
-        self.assertTrue(isinstance(server_authtime, int))
-        self.assertEqual(client_authtime, server_authtime)
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    def test_krb5_extract_authz_data_from_sec_context(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        client_token = gb.init_sec_context(target_name)[3]
-
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_ctx = gb.accept_sec_context(client_token,
-                                           acceptor_creds=server_creds)[0]
-
-        # KRB5_AUTHDATA_IF_RELEVANT = 1
-        authz_data = gb.krb5_extract_authz_data_from_sec_context(server_ctx, 1)
-        self.assertTrue(isinstance(authz_data, bytes))
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    def test_krb5_import_cred(self):
-        # Ensuring we match the krb5 library to the GSSAPI library is a thorny
-        # problem.  Avoid it by requiring test suite users to explicitly
-        # enable this test.
-        if not self.KRB5_LIB_PATH:
-            self.skipTest("Env var GSSAPI_KRB5_MAIN_LIB not defined")
-
-        creds = gb.Creds()
-
-        # Should fail if only creds are specified
-        self.assertRaises(ValueError, gb.krb5_import_cred, creds)
-
-        new_ccache = os.path.join(self.realm.tmpdir, 'ccache-new')
-        new_env = self.realm.env.copy()
-        new_env['KRB5CCNAME'] = new_ccache
-        self.realm.kinit(self.realm.user_princ,
-                         password=self.realm.password('user'),
-                         env=new_env)
-
-        krb5 = ctypes.CDLL(self.KRB5_LIB_PATH)
-        krb5_ctx = ctypes.c_void_p()
-        krb5.krb5_init_context(ctypes.byref(krb5_ctx))
-        try:
-            ccache_ptr = ctypes.c_void_p()
-            err = krb5.krb5_cc_resolve(krb5_ctx, new_ccache.encode('utf-8'),
-                                       ctypes.byref(ccache_ptr))
-            self.assertEqual(err, 0)
-
-            try:
-                gb.krb5_import_cred(creds, cache=ccache_ptr.value)
-
-                # Creds will be invalid once the cc is closed so do this now
-                target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                             gb.NameType.hostbased_service)
-                client_resp = gb.init_sec_context(target_name, creds=creds)
-
-            finally:
-                krb5.krb5_cc_close(krb5_ctx, ccache_ptr)
-        finally:
-            krb5.krb5_free_context(krb5_ctx)
-
-        client_ctx = client_resp[0]
-        client_token = client_resp[3]
-
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token,
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_token = server_resp[3]
-
-        gb.init_sec_context(target_name, context=client_ctx,
-                            input_token=server_token)
-        initiator = gb.inquire_context(server_ctx,
-                                       initiator_name=True).initiator_name
-        initiator_name = gb.display_name(initiator, name_type=False).name
-
-        self.assertEqual(initiator_name, self.realm.user_princ.encode('utf-8'))
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    def test_krb5_get_tkt_flags(self):
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(target_name)
-
-        client_token1 = ctx_resp[3]
-        client_ctx = ctx_resp[0]
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name)[0]
-        server_resp = gb.accept_sec_context(client_token1,
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=client_ctx,
-                                           input_token=server_tok)
-        client_ctx = client_resp2[0]
-
-        if self.realm.provider.lower() == 'heimdal':
-            # Heimdal doesn't store the ticket info on the initiator
-            client_flags = server_flags = gb.krb5_get_tkt_flags(server_ctx)
-            self.assertRaises(gb.GSSError, gb.krb5_get_tkt_flags, client_ctx)
-        else:
-            client_flags = gb.krb5_get_tkt_flags(client_ctx)
-            server_flags = gb.krb5_get_tkt_flags(server_ctx)
-
-        self.assertTrue(isinstance(client_flags, int))
-        self.assertTrue(isinstance(server_flags, int))
-        self.assertEqual(client_flags, server_flags)
-
-    @ktu.gssapi_extension_test('krb5', 'Kerberos Extensions')
-    @ktu.krb_provider_test(['mit'], 'Cannot revert ccache on Heimdal')
-    # https://github.com/heimdal/heimdal/issues/803
-    def test_krb5_set_allowable_enctypes(self):
-        krb5_mech = gb.OID.from_int_seq("1.2.840.113554.1.2.2")
-        AES_128 = 0x11
-        AES_256 = 0x12
-
-        new_ccache = os.path.join(self.realm.tmpdir, 'ccache-new')
-        new_env = self.realm.env.copy()
-        new_env['KRB5CCNAME'] = new_ccache
-        self.realm.kinit(self.realm.user_princ,
-                         password=self.realm.password('user'),
-                         env=new_env)
-
-        gb.krb5_ccache_name(new_ccache.encode('utf-8'))
-        try:
-            creds = gb.acquire_cred(usage='initiate',
-                                    mechs=[krb5_mech]).creds
-        finally:
-            gb.krb5_ccache_name(None)
-
-        gb.krb5_set_allowable_enctypes(creds, [AES_128])
-
-        target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                     gb.NameType.hostbased_service)
-        server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                     gb.NameType.kerberos_principal)
-        server_creds = gb.acquire_cred(server_name, usage='accept',
-                                       mechs=[krb5_mech])[0]
-
-        if self.realm.provider.lower() != 'heimdal':
-            # Will fail because the client only offers AES128
-            # Only seems to work on MIT and not Heimdal
-            ctx_resp = gb.init_sec_context(target_name, creds=creds)
-            client_token1 = ctx_resp[3]
-            client_ctx = ctx_resp[0]
-            gb.krb5_set_allowable_enctypes(server_creds, [AES_256])
-            self.assertRaises(gb.GSSError, gb.accept_sec_context,
-                              client_token1, acceptor_creds=server_creds)
-
-            gb.krb5_set_allowable_enctypes(server_creds, [AES_128, AES_256])
-
-        ctx_resp = gb.init_sec_context(target_name, creds=creds)
-        client_token1 = ctx_resp[3]
-        client_ctx = ctx_resp[0]
-
-        server_resp = gb.accept_sec_context(client_token1,
-                                            acceptor_creds=server_creds)
-        server_ctx = server_resp[0]
-        server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(target_name,
-                                           context=client_ctx,
-                                           input_token=server_tok)
-        ctx = client_resp2[0]
-
-        initiator_info = gb.krb5_export_lucid_sec_context(ctx, 1)
-        acceptor_info = gb.krb5_export_lucid_sec_context(server_ctx, 1)
-        self.assertEqual(AES_128, initiator_info.cfx_kd.ctx_key_type)
-        self.assertEqual(initiator_info.cfx_kd.ctx_key_type,
-                         initiator_info.cfx_kd.acceptor_subkey_type)
-        self.assertEqual(acceptor_info.cfx_kd.ctx_key_type,
-                         acceptor_info.cfx_kd.acceptor_subkey_type)
-
-
-class TestIntEnumFlagSet(unittest.TestCase):
-    def test_create_from_int(self):
-        int_val = (gb.RequirementFlag.integrity |
-                   gb.RequirementFlag.confidentiality)
-        fset = gb.IntEnumFlagSet(gb.RequirementFlag, int_val)
-
-        self.assertEqual(int(fset), int_val)
-
-    def test_create_from_other_set(self):
-        int_val = (gb.RequirementFlag.integrity |
-                   gb.RequirementFlag.confidentiality)
-        fset1 = gb.IntEnumFlagSet(gb.RequirementFlag, int_val)
-        fset2 = gb.IntEnumFlagSet(gb.RequirementFlag, fset1)
-
-        self.assertEqual(fset1, fset2)
-
-    def test_create_from_list(self):
-        lst = [gb.RequirementFlag.integrity,
-               gb.RequirementFlag.confidentiality]
-        fset = gb.IntEnumFlagSet(gb.RequirementFlag, lst)
-
-        self.assertCountEqual(list(fset), lst)
-
-    def test_create_empty(self):
-        fset = gb.IntEnumFlagSet(gb.RequirementFlag)
-        self.assertEqual(len(fset), 0)
-
-    def _create_fset(self):
-        lst = [gb.RequirementFlag.integrity,
-               gb.RequirementFlag.confidentiality]
-        return gb.IntEnumFlagSet(gb.RequirementFlag, lst)
-
-    def test_contains(self):
-        fset = self._create_fset()
-        self.assertIn(gb.RequirementFlag.integrity, fset)
-        self.assertNotIn(gb.RequirementFlag.protection_ready, fset)
-
-    def test_len(self):
-        self.assertEqual(len(self._create_fset()), 2)
-
-    def test_add(self):
-        fset = self._create_fset()
-        self.assertEqual(len(fset), 2)
-
-        fset.add(gb.RequirementFlag.protection_ready)
-        self.assertEqual(len(fset), 3)
-        self.assertIn(gb.RequirementFlag.protection_ready, fset)
-
-    def test_discard(self):
-        fset = self._create_fset()
-        self.assertEqual(len(fset), 2)
-
-        fset.discard(gb.RequirementFlag.protection_ready)
-        self.assertEqual(len(fset), 2)
-
-        fset.discard(gb.RequirementFlag.integrity)
-        self.assertEqual(len(fset), 1)
-        self.assertNotIn(gb.RequirementFlag.integrity, fset)
-
-    def test_and_enum(self):
-        fset = self._create_fset()
-        self.assertTrue(fset & gb.RequirementFlag.integrity)
-        self.assertFalse(fset & gb.RequirementFlag.protection_ready)
-
-    def test_and_int(self):
-        fset = self._create_fset()
-        int_val = int(gb.RequirementFlag.integrity)
-
-        self.assertEqual(fset & int_val, int_val)
-
-    def test_and_set(self):
-        fset1 = self._create_fset()
-        fset2 = self._create_fset()
-        fset3 = self._create_fset()
-
-        fset1.add(gb.RequirementFlag.protection_ready)
-        fset2.add(gb.RequirementFlag.out_of_sequence_detection)
-
-        self.assertEqual(fset1 & fset2, fset3)
-
-    def test_or_enum(self):
-        fset1 = self._create_fset()
-        fset2 = fset1 | gb.RequirementFlag.protection_ready
-
-        self.assertLess(fset1, fset2)
-        self.assertIn(gb.RequirementFlag.protection_ready, fset2)
-
-    def test_or_int(self):
-        fset = self._create_fset()
-        int_val = int(gb.RequirementFlag.integrity)
-
-        self.assertEqual(fset | int_val, int(fset))
-
-    def test_or_set(self):
-        fset1 = self._create_fset()
-        fset2 = self._create_fset()
-        fset3 = self._create_fset()
-
-        fset1.add(gb.RequirementFlag.protection_ready)
-        fset2.add(gb.RequirementFlag.out_of_sequence_detection)
-        fset3.add(gb.RequirementFlag.protection_ready)
-        fset3.add(gb.RequirementFlag.out_of_sequence_detection)
-
-        self.assertEqual(fset1 | fset2, fset3)
-
-    def test_xor_enum(self):
-        fset1 = self._create_fset()
-
-        fset2 = fset1 ^ gb.RequirementFlag.protection_ready
-        fset3 = fset1 ^ gb.RequirementFlag.integrity
-
-        self.assertEqual(len(fset2), 3)
-        self.assertIn(gb.RequirementFlag.protection_ready, fset2)
-        self.assertEqual(len(fset3), 1)
-        self.assertNotIn(gb.RequirementFlag.integrity, fset3)
-
-    def test_xor_int(self):
-        fset = self._create_fset()
-
-        self.assertEqual(fset ^ int(gb.RequirementFlag.protection_ready),
-                         int(fset) ^ gb.RequirementFlag.protection_ready)
-
-        self.assertEqual(fset ^ int(gb.RequirementFlag.integrity),
-                         int(fset) ^ gb.RequirementFlag.integrity)
-
-    def test_xor_set(self):
-        fset1 = self._create_fset()
-        fset2 = self._create_fset()
-
-        fset1.add(gb.RequirementFlag.protection_ready)
-        fset2.add(gb.RequirementFlag.out_of_sequence_detection)
-
-        fset3 = fset1 ^ fset2
-        self.assertEqual(len(fset3), 2)
-        self.assertNotIn(gb.RequirementFlag.integrity, fset3)
-        self.assertNotIn(gb.RequirementFlag.confidentiality, fset3)
-        self.assertIn(gb.RequirementFlag.protection_ready, fset3)
-        self.assertIn(gb.RequirementFlag.out_of_sequence_detection, fset3)
-
-
-class TestInitContext(_GSSAPIKerberosTestCase):
-    def setUp(self):
-        self.target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                          gb.NameType.hostbased_service)
-
-    def tearDown(self):
-        gb.release_name(self.target_name)
-
-    def test_basic_init_default_ctx(self):
-        ctx_resp = gb.init_sec_context(self.target_name)
-        self.assertIsNotNone(ctx_resp)
-
-        (ctx, out_mech_type,
-         out_req_flags, out_token, out_ttl, cont_needed) = ctx_resp
-        self.assertIsInstance(ctx, gb.SecurityContext)
-        self.assertEqual(out_mech_type, gb.MechType.kerberos)
-        self.assertIsInstance(out_req_flags, Set)
-        if sys.platform != 'darwin':
-            self.assertGreaterEqual(len(out_req_flags), 2)
-        self.assertGreater(len(out_token), 0)
-        self.assertGreater(out_ttl, 0)
-        self.assertIsInstance(cont_needed, bool)
-
-        gb.delete_sec_context(ctx)
-
-
-class TestAcceptContext(_GSSAPIKerberosTestCase):
-
-    def setUp(self):
-        self.target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                          gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(self.target_name)
-
-        self.client_token = ctx_resp[3]
-        self.client_ctx = ctx_resp[0]
-        self.assertIsNotNone(self.client_ctx)
-
-        self.server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                          gb.NameType.kerberos_principal)
-        self.server_creds = gb.acquire_cred(self.server_name)[0]
-
-        self.server_ctx = None
-
-    def tearDown(self):
-        gb.release_name(self.target_name)
-        gb.release_name(self.server_name)
-        gb.release_cred(self.server_creds)
-        gb.delete_sec_context(self.client_ctx)
-
-        if self.server_ctx is not None:
-            gb.delete_sec_context(self.server_ctx)
-
-    def test_basic_accept_context_no_acceptor_creds(self):
-        server_resp = gb.accept_sec_context(self.client_token)
-        self.assertIsNotNone(server_resp)
-
-        (self.server_ctx, name, mech_type, out_token,
-         out_req_flags, out_ttl, delegated_cred, cont_needed) = server_resp
-        self.assertIsInstance(self.server_ctx, gb.SecurityContext)
-        self.assertIsInstance(name, gb.Name)
-        self.assertEqual(mech_type, gb.MechType.kerberos)
-        self.assertGreater(len(out_token), 0)
-        self.assertIsInstance(out_req_flags, Set)
-        self.assertGreaterEqual(len(out_req_flags), 2)
-        self.assertGreater(out_ttl, 0)
-        self.assertIsInstance(cont_needed, bool)
-
-        if delegated_cred is not None:
-            self.assertIsInstance(delegated_cred, gb.Creds)
-
-    def test_basic_accept_context(self):
-        server_resp = gb.accept_sec_context(self.client_token,
-                                            acceptor_creds=self.server_creds)
-        self.assertIsNotNone(server_resp)
-
-        (self.server_ctx, name, mech_type, out_token,
-         out_req_flags, out_ttl, delegated_cred, cont_needed) = server_resp
-        self.assertIsInstance(self.server_ctx, gb.SecurityContext)
-        self.assertIsInstance(name, gb.Name)
-        self.assertEqual(mech_type, gb.MechType.kerberos)
-        self.assertGreater(len(out_token), 0)
-        self.assertIsInstance(out_req_flags, Set)
-        self.assertGreaterEqual(len(out_req_flags), 2)
-        self.assertGreater(out_ttl, 0)
-        self.assertIsInstance(cont_needed, bool)
-
-        if delegated_cred is not None:
-            self.assertIsInstance(delegated_cred, gb.Creds)
-
-    def test_channel_bindings(self):
-        bdgs = gb.ChannelBindings(application_data=b'abcxyz',
-                                  initiator_address_type=gb.AddressType.ip,
-                                  initiator_address=b'127.0.0.1',
-                                  acceptor_address_type=gb.AddressType.ip,
-                                  acceptor_address=b'127.0.0.1')
-        self.target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                          gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(self.target_name,
-                                       channel_bindings=bdgs)
-
-        self.client_token = ctx_resp[3]
-        self.client_ctx = ctx_resp[0]
-        self.assertIsNotNone(self.client_ctx)
-
-        self.server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                          gb.NameType.kerberos_principal)
-        self.server_creds = gb.acquire_cred(self.server_name)[0]
-
-        server_resp = gb.accept_sec_context(self.client_token,
-                                            acceptor_creds=self.server_creds,
-                                            channel_bindings=bdgs)
-        self.assertIsNotNone(server_resp)
-        self.server_ctx = server_resp.context
-
-    def test_bad_channel_binding_raises_error(self):
-        if sys.platform == 'darwin':
-            self.skipTest('macOS does not raise error with validation')
-
-        bdgs = gb.ChannelBindings(application_data=b'abcxyz',
-                                  initiator_address_type=gb.AddressType.ip,
-                                  initiator_address=b'127.0.0.1',
-                                  acceptor_address_type=gb.AddressType.ip,
-                                  acceptor_address=b'127.0.0.1')
-        self.target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                          gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(self.target_name,
-                                       channel_bindings=bdgs)
-
-        self.client_token = ctx_resp[3]
-        self.client_ctx = ctx_resp[0]
-        self.assertIsNotNone(self.client_ctx)
-
-        self.server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                          gb.NameType.kerberos_principal)
-        self.server_creds = gb.acquire_cred(self.server_name)[0]
-
-        bdgs.acceptor_address = b'127.0.1.0'
-        self.assertRaises(gb.GSSError, gb.accept_sec_context,
-                          self.client_token, acceptor_creds=self.server_creds,
-                          channel_bindings=bdgs)
-
-
-class TestWrapUnwrap(_GSSAPIKerberosTestCase):
-    def setUp(self):
-        self.target_name = gb.import_name(TARGET_SERVICE_NAME,
-                                          gb.NameType.hostbased_service)
-        ctx_resp = gb.init_sec_context(self.target_name)
-
-        self.client_token1 = ctx_resp[3]
-        self.client_ctx = ctx_resp[0]
-        self.server_name = gb.import_name(SERVICE_PRINCIPAL,
-                                          gb.NameType.kerberos_principal)
-        self.server_creds = gb.acquire_cred(self.server_name)[0]
-        server_resp = gb.accept_sec_context(self.client_token1,
-                                            acceptor_creds=self.server_creds)
-        self.server_ctx = server_resp[0]
-        self.server_tok = server_resp[3]
-
-        client_resp2 = gb.init_sec_context(self.target_name,
-                                           context=self.client_ctx,
-                                           input_token=self.server_tok)
-        self.client_token2 = client_resp2[3]
-        self.client_ctx = client_resp2[0]
-
-    def tearDown(self):
-        gb.release_name(self.target_name)
-        gb.release_name(self.server_name)
-        gb.release_cred(self.server_creds)
-        gb.delete_sec_context(self.client_ctx)
-        gb.delete_sec_context(self.server_ctx)
-
-    def test_import_export_sec_context(self):
-        tok = gb.export_sec_context(self.client_ctx)
-        self.assertIsInstance(tok, bytes)
-        self.assertGreater(len(tok), 0)
-
-        imported_ctx = gb.import_sec_context(tok)
-        self.assertIsInstance(imported_ctx, gb.SecurityContext)
-
-        self.client_ctx = imported_ctx  # ensure that it gets deleted
-
-    def test_get_mic(self):
-        mic_token = gb.get_mic(self.client_ctx, b"some message")
-        self.assertIsInstance(mic_token, bytes)
-        self.assertGreater(len(mic_token), 0)
-
-    def test_basic_verify_mic(self):
-        mic_token = gb.get_mic(self.client_ctx, b"some message")
-
-        qop_used = gb.verify_mic(self.server_ctx, b"some message", mic_token)
-        self.assertIsInstance(qop_used, int)
-
-        # test a bad MIC
-        self.assertRaises(gb.GSSError, gb.verify_mic, self.server_ctx,
-                          b"some other message", b"some invalid mic")
-
-    def test_wrap_size_limit(self):
-        with_conf = gb.wrap_size_limit(self.client_ctx, 100)
-        without_conf = gb.wrap_size_limit(self.client_ctx, 100,
-                                          confidential=False)
-        self.assertIsInstance(with_conf, int)
-        self.assertIsInstance(without_conf, int)
-        self.assertLess(without_conf, 100)
-        self.assertLess(with_conf, 100)
-
-    def test_basic_wrap_unwrap(self):
-        wrapped_message, conf = gb.wrap(self.client_ctx, b"test message")
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertIsInstance(wrapped_message, bytes)
-        self.assertGreater(len(wrapped_message), len("test message"))
-
-        unwrapped_message, conf, qop = gb.unwrap(self.server_ctx,
-                                                 wrapped_message)
-        self.assertIsInstance(unwrapped_message, bytes)
-        self.assertEqual(unwrapped_message, b'test message')
-
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertIsInstance(qop, int)
-        self.assertGreaterEqual(qop, 0)
-
-    @ktu.gssapi_extension_test('dce', 'DCE (IOV/AEAD)')
-    def test_basic_iov_wrap_unwrap_prealloc(self):
-        init_data = b'some encrypted data'
-        init_other_data = b'some other encrypted data'
-        init_signed_info = b'some sig data'
-        init_message = gb.IOV((gb.IOVBufferType.sign_only, init_signed_info),
-                              init_data, init_other_data, auto_alloc=False)
-        self.assertFalse(init_message[0].allocate)
-        self.assertFalse(init_message[4].allocate)
-        self.assertFalse(init_message[5].allocate)
-
-        conf = gb.wrap_iov_length(self.client_ctx, init_message)
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertGreaterEqual(len(init_message[0]), 1)
-        self.assertGreaterEqual(len(init_message[5]), 1)
-
-        conf = gb.wrap_iov(self.client_ctx, init_message)
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-
-        # make sure we didn't strings used
-        self.assertEqual(init_data, b'some encrypted data')
-        self.assertEqual(init_other_data, b'some other encrypted data')
-        self.assertEqual(init_signed_info, b'some sig data')
-
-        self.assertNotEqual(init_message[2].value, b'some encrypted data')
-        self.assertNotEqual(init_message[3].value,
-                            b'some other encrypted data')
-
-        conf, qop = gb.unwrap_iov(self.server_ctx, init_message)
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertIsInstance(qop, int)
-
-        self.assertEqual(init_message[1].value, init_signed_info)
-        self.assertEqual(init_message[2].value, init_data)
-        self.assertEqual(init_message[3].value, init_other_data)
-
-    @ktu.gssapi_extension_test('dce', 'DCE (IOV)')
-    def test_basic_iov_wrap_unwrap_autoalloc(self):
-        init_data = b'some encrypted data'
-        init_other_data = b'some other encrypted data'
-        init_signed_info = b'some sig data'
-        init_message = gb.IOV((gb.IOVBufferType.sign_only, init_signed_info),
-                              init_data, init_other_data)
-
-        conf = gb.wrap_iov(self.client_ctx, init_message)
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-
-        # make sure we didn't strings used
-        self.assertEqual(init_data, b'some encrypted data')
-        self.assertEqual(init_other_data, b'some other encrypted data')
-        self.assertEqual(init_signed_info, b'some sig data')
-
-        self.assertNotEqual(init_message[2].value, b'some encrypted data')
-        self.assertNotEqual(init_message[3].value,
-                            b'some other encrypted data')
-
-        conf, qop = gb.unwrap_iov(self.server_ctx, init_message)
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertIsInstance(qop, int)
-
-        self.assertEqual(init_message[1].value, init_signed_info)
-        self.assertEqual(init_message[2].value, init_data)
-        self.assertEqual(init_message[3].value, init_other_data)
-
-    @ktu.gssapi_extension_test('dce_aead', 'DCE (AEAD)')
-    @ktu.krb_provider_test(['mit'], 'unwrapping AEAD stream')
-    def test_basic_aead_wrap_unwrap(self):
-        assoc_data = b'some sig data'
-        wrapped_message, conf = gb.wrap_aead(self.client_ctx, b"test message",
-                                             assoc_data)
-        self.assertIsInstance(wrapped_message, bytes)
-        self.assertGreater(len(wrapped_message), len('test message'))
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-
-        unwrapped_message, conf, qop = \
-            gb.unwrap_aead(self.server_ctx, wrapped_message, assoc_data)
-        self.assertIsInstance(unwrapped_message, bytes)
-        self.assertEqual(unwrapped_message, b'test message')
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertIsInstance(qop, int)
-        self.assertGreaterEqual(qop, 0)
-
-    @ktu.gssapi_extension_test('dce_aead', 'DCE (AEAD)')
-    @ktu.krb_provider_test(['mit'], 'unwrapping AEAD stream')
-    def test_basic_aead_wrap_unwrap_no_assoc(self):
-        wrapped_message, conf = gb.wrap_aead(self.client_ctx, b"test message")
-        self.assertIsInstance(wrapped_message, bytes)
-        self.assertGreater(len(wrapped_message), len("test message"))
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-
-        unwrapped_message, conf, qop = gb.unwrap_aead(self.server_ctx,
-                                                      wrapped_message)
-        self.assertIsInstance(unwrapped_message, bytes)
-        self.assertEqual(unwrapped_message, b"test message")
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-        self.assertIsInstance(qop, int)
-        self.assertGreaterEqual(qop, 0)
-
-    @ktu.gssapi_extension_test('dce_aead', 'DCE (AEAD)')
-    @ktu.krb_provider_test(['mit'], 'unwrapping AEAD stream')
-    def test_basic_aead_wrap_unwrap_bad_assoc_raises_error(self):
-        assoc_data = b'some sig data'
-        wrapped_message, conf = gb.wrap_aead(self.client_ctx, b"test message",
-                                             assoc_data)
-        self.assertIsInstance(wrapped_message, bytes)
-        self.assertGreater(len(wrapped_message), len("test message"))
-        self.assertIsInstance(conf, bool)
-        self.assertTrue(conf)
-
-        self.assertRaises(gb.BadMICError, gb.unwrap_aead, self.server_ctx,
-                          wrapped_message, b'some other sig data')
-
-    @ktu.gssapi_extension_test('iov_mic', 'IOV MIC')
-    def test_get_mic_iov(self):
-        init_message = gb.IOV(b'some data',
-                              (gb.IOVBufferType.sign_only, b'some sig data'),
-                              gb.IOVBufferType.mic_token, std_layout=False)
-
-        gb.get_mic_iov(self.client_ctx, init_message)
-        self.assertEqual(init_message[2].type, gb.IOVBufferType.mic_token)
-        self.assertGreater(len(init_message[2].value), 0)
-
-    @ktu.gssapi_extension_test('iov_mic', 'IOV MIC')
-    def test_basic_verify_mic_iov(self):
-        init_message = gb.IOV(b'some data',
-                              (gb.IOVBufferType.sign_only, b'some sig data'),
-                              gb.IOVBufferType.mic_token, std_layout=False)
-
-        gb.get_mic_iov(self.client_ctx, init_message)
-        self.assertEqual(init_message[2].type, gb.IOVBufferType.mic_token)
-        self.assertGreater(len(init_message[2].value), 0)
-
-        qop_used = gb.verify_mic_iov(self.server_ctx, init_message)
-        self.assertIsInstance(qop_used, int)
-
-    @ktu.gssapi_extension_test('iov_mic', 'IOV MIC')
-    def test_verify_mic_iov_bad_mic_raises_error(self):
-        init_message = gb.IOV(b'some data',
-                              (gb.IOVBufferType.sign_only, b'some sig data'),
-                              (gb.IOVBufferType.mic_token, 'abaava'),
-                              std_layout=False)
-
-        # test a bad MIC
-        self.assertRaises(gb.GSSError, gb.verify_mic_iov, self.server_ctx,
-                          init_message)
-
-    @ktu.gssapi_extension_test('iov_mic', 'IOV MIC')
-    def test_get_mic_iov_length(self):
-        init_message = gb.IOV(b'some data',
-                              (gb.IOVBufferType.sign_only, b'some sig data'),
-                              gb.IOVBufferType.mic_token, std_layout=False,
-                              auto_alloc=False)
-
-        gb.get_mic_iov_length(self.client_ctx, init_message)
-        self.assertEqual(init_message[2].type, gb.IOVBufferType.mic_token)
-        self.assertGreater(len(init_message[2].value), 0)
-
-
-TEST_OIDS = {'SPNEGO': {'bytes': b'\053\006\001\005\005\002',
-                        'string': '1.3.6.1.5.5.2'},
-             'KRB5': {'bytes': b'\052\206\110\206\367\022\001\002\002',
-                      'string': '1.2.840.113554.1.2.2'},
-             'KRB5_OLD': {'bytes': b'\053\005\001\005\002',
-                          'string': '1.3.5.1.5.2'},
-             'KRB5_WRONG': {'bytes': b'\052\206\110\202\367\022\001\002\002',
-                            'string': '1.2.840.48018.1.2.2'},
-             'IAKERB': {'bytes': b'\053\006\001\005\002\005',
-                        'string': '1.3.6.1.5.2.5'}}
-
-
-class TestOIDTransforms(unittest.TestCase):
-    def test_decode_from_bytes(self):
-        for oid in TEST_OIDS.values():
-            o = gb.OID(elements=oid['bytes'])
-            self.assertEqual(repr(o), f"")
-
-    def test_encode_from_string(self):
-        for oid in TEST_OIDS.values():
-            o = gb.OID.from_int_seq(oid['string'])
-            self.assertEqual(o.__bytes__(), oid['bytes'])
-
-    def test_encode_from_int_seq(self):
-        for oid in TEST_OIDS.values():
-            int_seq = oid['string'].split('.')
-            o = gb.OID.from_int_seq(int_seq)
-            self.assertEqual(o.__bytes__(), oid['bytes'])
-
-    def test_comparisons(self):
-        krb5 = gb.OID.from_int_seq(TEST_OIDS['KRB5']['string'])
-        krb5_other = gb.OID.from_int_seq(TEST_OIDS['KRB5']['string'])
-        spnego = gb.OID.from_int_seq(TEST_OIDS['SPNEGO']['string'])
-
-        # Purpose here is to test comparisons themselves - don't simplify
-        self.assertTrue(krb5 == krb5_other)
-        self.assertFalse(krb5 == spnego)
-        self.assertFalse(krb5 != krb5_other)
-        self.assertTrue(krb5 != spnego)
diff --git a/index.html b/index.html
new file mode 100644
index 00000000..a415491a
--- /dev/null
+++ b/index.html
@@ -0,0 +1,132 @@
+
+
+
+  
+
+  
+  Python-GSSAPI: Python bindings for GSSAPI — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Python-GSSAPI: Python bindings for GSSAPI

+
Python-GSSAPI provides Python bindings for the GSSAPI C bindings as defined
+by RFC 2744, as well as several extensions.

+
The package is organized into two parts: a high-level API and a low-level API.
+The high-level API resides in gssapi, and presents an object-oriented
+API around GSSAPI.

+
The other part of Python-GSSAPI is the low-level API, which resides in
+gssapi.raw.  The low-level API provides thin wrappers around the
+corresponding C functions.  The high-level API makes use of the low-level API
+to access underlying GSSAPI functionality.  Additionally certain extensions
+are currently only available from the low-level API.

+
To get started, check out the tutorials page or jump
+straight into the high-level API documentation.

+

+

+

+

+
Indices and tables

+
+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/.buildinfo b/latest/.buildinfo
new file mode 100644
index 00000000..ac2b8072
--- /dev/null
+++ b/latest/.buildinfo
@@ -0,0 +1,4 @@
+# Sphinx build info version 1
+# This file records the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: 6943b0c12c0abeed503b0c249ed371e8
+tags: 645f666f9bcd5a90fca523b33c5a78b7
diff --git a/latest/.doctrees/basic-tutorial.doctree b/latest/.doctrees/basic-tutorial.doctree
new file mode 100644
index 00000000..f8e3d8a6
Binary files /dev/null and b/latest/.doctrees/basic-tutorial.doctree differ
diff --git a/latest/.doctrees/credstore.doctree b/latest/.doctrees/credstore.doctree
new file mode 100644
index 00000000..f565db2f
Binary files /dev/null and b/latest/.doctrees/credstore.doctree differ
diff --git a/latest/.doctrees/environment.pickle b/latest/.doctrees/environment.pickle
new file mode 100644
index 00000000..af451fb1
Binary files /dev/null and b/latest/.doctrees/environment.pickle differ
diff --git a/latest/.doctrees/gssapi.doctree b/latest/.doctrees/gssapi.doctree
new file mode 100644
index 00000000..9ac93a66
Binary files /dev/null and b/latest/.doctrees/gssapi.doctree differ
diff --git a/latest/.doctrees/gssapi.raw.doctree b/latest/.doctrees/gssapi.raw.doctree
new file mode 100644
index 00000000..f8b479fc
Binary files /dev/null and b/latest/.doctrees/gssapi.raw.doctree differ
diff --git a/latest/.doctrees/index.doctree b/latest/.doctrees/index.doctree
new file mode 100644
index 00000000..392f47a8
Binary files /dev/null and b/latest/.doctrees/index.doctree differ
diff --git a/latest/.doctrees/otherdoc.doctree b/latest/.doctrees/otherdoc.doctree
new file mode 100644
index 00000000..227c1900
Binary files /dev/null and b/latest/.doctrees/otherdoc.doctree differ
diff --git a/latest/.doctrees/tutorials.doctree b/latest/.doctrees/tutorials.doctree
new file mode 100644
index 00000000..01e5b312
Binary files /dev/null and b/latest/.doctrees/tutorials.doctree differ
diff --git a/latest/_modules/gssapi/_utils.html b/latest/_modules/gssapi/_utils.html
new file mode 100644
index 00000000..376a2b9e
--- /dev/null
+++ b/latest/_modules/gssapi/_utils.html
@@ -0,0 +1,302 @@
+
+
+
+
+
+  
+  
+  gssapi._utils — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi._utils
+import sys
+import types
+import typing as t
+
+import decorator as deco
+
+from gssapi.raw.misc import GSSError
+
+if t.TYPE_CHECKING:
+    from gssapi.sec_contexts import SecurityContext
+
+
+def import_gssapi_extension(
+    name: str,
+) -> t.Optional[types.ModuleType]:
+    """Import a GSSAPI extension module
+
+    This method imports a GSSAPI extension module based
+    on the name of the extension (not including the
+    'ext_' prefix).  If the extension is not available,
+    the method retuns None.
+
+    Args:
+        name (str): the name of the extension
+
+    Returns:
+        module: Either the extension module or None
+    """
+
+    try:
+        path = 'gssapi.raw.ext_{0}'.format(name)
+        __import__(path)
+        return sys.modules[path]
+    except ImportError:
+        return None
+
+
+def inquire_property(
+    name: str,
+    doc: t.Optional[str] = None
+) -> property:
+    """Creates a property based on an inquire result
+
+    This method creates a property that calls the
+    :python:`_inquire` method, and return the value of the
+    requested information.
+
+    Args:
+        name (str): the name of the 'inquire' result information
+
+    Returns:
+        property: the created property
+    """
+
+    def inquire_property(self: "SecurityContext") -> t.Any:
+        if not self._started:
+            msg = (f"Cannot read {name} from a security context whose "
+                   "establishment has not yet been started.")
+            raise AttributeError(msg)
+
+        return getattr(self._inquire(**{name: True}), name)
+
+    return property(inquire_property, doc=doc)
+
+
+# use UTF-8 as the default encoding, like Python 3
+_ENCODING = 'UTF-8'
+
+
+def _get_encoding() -> str:
+    """Gets the current encoding used for strings.
+
+    This value is used to encode and decode string
+    values like names.
+
+    Returns:
+        str: the current encoding
+    """
+    return _ENCODING
+
+
+

+[docs]
+def set_encoding(
+    enc: str,
+) -> None:
+    """Sets the current encoding used for strings
+
+    This value is used to encode and decode string
+    values like names.
+
+    Args:
+        enc: the encoding to use
+    """
+
+    global _ENCODING
+    _ENCODING = enc

+
+
+
+def _encode_dict(
+    d: t.Dict[t.Union[bytes, str], t.Union[bytes, str]],
+) -> t.Dict[bytes, bytes]:
+    """Encodes any relevant strings in a dict"""
+    def enc(x: t.Union[bytes, str]) -> bytes:
+        if isinstance(x, str):
+            return x.encode(_ENCODING)
+        else:
+            return x
+
+    return {enc(k): enc(v) for k, v in d.items()}
+
+
+# in case of Python 3, just use exception chaining
+@deco.decorator
+def catch_and_return_token(
+    func: t.Callable,
+    self: "SecurityContext",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Optional[bytes]:
+    """Optionally defer exceptions and return a token instead
+
+    When `__DEFER_STEP_ERRORS__` is set on the implementing class
+    or instance, methods wrapped with this wrapper will
+    catch and save their :python:`GSSError` exceptions and
+    instead return the result token attached to the exception.
+
+    The exception can be later retrived through :python:`_last_err`
+    (and :python:`_last_tb` when Python 2 is in use).
+    """
+
+    try:
+        return func(self, *args, **kwargs)
+    except GSSError as e:
+        defer_step_errors = getattr(self, '__DEFER_STEP_ERRORS__', False)
+        if e.token is not None and defer_step_errors:
+            self._last_err = e
+            # skip the "return func" line above in the traceback
+            tb = e.__traceback__.tb_next  # type: ignore[union-attr]
+            self._last_err.__traceback__ = tb
+
+            return e.token
+        else:
+            raise
+
+
+@deco.decorator
+def check_last_err(
+    func: t.Callable,
+    self: "SecurityContext",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Any:
+    """Check and raise deferred errors before running the function
+
+    This method checks :python:`_last_err` before running the wrapped
+    function.  If present and not None, the exception will be raised
+    with its original traceback.
+    """
+
+    if self._last_err is not None:
+        try:
+            raise self._last_err
+        finally:
+            self._last_err = None
+    else:
+        return func(self, *args, **kwargs)
+
+
+class CheckLastError(type):
+    """Check for a deferred error on all methods
+
+    This metaclass applies the :python:`check_last_err` decorator
+    to all methods not prefixed by '_'.
+
+    Additionally, it enabled `__DEFER_STEP_ERRORS__` by default.
+    """
+
+    def __new__(
+        cls,
+        name: str,
+        parents: t.Tuple[t.Type],
+        attrs: t.Dict[str, t.Any],
+    ) -> "CheckLastError":
+        attrs['__DEFER_STEP_ERRORS__'] = True
+
+        for attr_name in attrs:
+            attr = attrs[attr_name]
+
+            # wrap only methods
+            if not isinstance(attr, types.FunctionType):
+                continue
+
+            if attr_name[0] != '_':
+                attrs[attr_name] = check_last_err(attr)
+
+        return super(CheckLastError, cls).__new__(cls, name, parents, attrs)
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/creds.html b/latest/_modules/gssapi/creds.html
new file mode 100644
index 00000000..7630bbb0
--- /dev/null
+++ b/latest/_modules/gssapi/creds.html
@@ -0,0 +1,604 @@
+
+
+
+
+
+  
+  
+  gssapi.creds — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.creds
+import typing as t
+
+from gssapi.raw import creds as rcreds
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import names as rnames
+from gssapi.raw import oids as roids
+from gssapi._utils import import_gssapi_extension, _encode_dict
+
+from gssapi import names
+
+rcred_imp_exp = import_gssapi_extension('cred_imp_exp')
+rcred_s4u = import_gssapi_extension('s4u')
+rcred_cred_store = import_gssapi_extension('cred_store')
+rcred_rfc5588 = import_gssapi_extension('rfc5588')
+
+
+

+[docs]
+class Credentials(rcreds.Creds):
+    """GSSAPI Credentials
+
+    This class represents a set of GSSAPI credentials which may
+    be used with and/or returned by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI :class:`~gssapi.raw.creds.Creds`
+    class, and thus may used with both low-level and high-level API methods.
+
+    If your implementation of GSSAPI supports the credentials import-export
+    extension, you may pickle and unpickle this object.
+
+    The constructor either acquires or imports a set of GSSAPI
+    credentials.
+
+    If the `base` argument is used, an existing
+    :class:`~gssapi.raw.creds.Creds` object from the low-level API is
+    converted into a high-level object.
+
+    If the `token` argument is used, the credentials
+    are imported using the token, if the credentials import-export
+    extension is supported (:requires-ext:`cred_imp_exp`).
+
+    Otherwise, the credentials are acquired as per the
+    :meth:`acquire` method.
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls,
+        base: t.Optional[rcreds.Creds] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'both',
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> "Credentials":
+        # TODO(directxman12): this is missing support for password
+        #                     (non-RFC method)
+        if base is not None:
+            base_creds = base
+        elif token is not None:
+            if rcred_imp_exp is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for importing and "
+                                          "exporting creditials")
+
+            base_creds = rcred_imp_exp.import_cred(token)
+        else:
+            res = cls.acquire(name, lifetime, mechs, usage,
+                              store=store)
+            base_creds = res.creds
+
+        return t.cast("Credentials",
+                      super(Credentials, cls).__new__(cls, base_creds))
+
+    @property
+    def name(self) -> rnames.Name:
+        """Get the name associated with these credentials"""
+        return t.cast(rnames.Name,
+                      self.inquire(name=True, lifetime=False, usage=False,
+                                   mechs=False).name)
+
+    @property
+    def lifetime(self) -> int:
+        """Get the remaining lifetime of these credentials, in seconds"""
+        return t.cast(int,
+                      self.inquire(name=False, lifetime=True,
+                                   usage=False, mechs=False).lifetime)
+
+    @property
+    def mechs(self) -> t.Set[roids.OID]:
+        """Get the mechanisms for these credentials"""
+        return t.cast(t.Set[roids.OID],
+                      self.inquire(name=False, lifetime=False,
+                                   usage=False, mechs=True).mechs)
+
+    @property
+    def usage(self) -> str:
+        """Get the usage (initiate, accept, or both) of these credentials"""
+        return t.cast(str,
+                      self.inquire(name=False, lifetime=False,
+                                   usage=True, mechs=False).usage)
+
+

+[docs]
+    @classmethod
+    def acquire(
+        cls,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'both',
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> tuples.AcquireCredResult:
+        """Acquire GSSAPI credentials
+
+        This method acquires credentials.  If the `store` argument is
+        used, the credentials will be acquired from the given
+        credential store (if supported).  Otherwise, the credentials are
+        acquired from the default store.
+
+        The credential store information is a dictionary containing
+        mechanisms-specific keys and values pointing to a credential store
+        or stores.
+
+        Using a non-default store requires support for the credentials store
+        extension.
+
+        Args:
+            name (~gssapi.names.Name): the name associated with the
+                credentials, or None for the default name
+            lifetime (int): the desired lifetime of the credentials in seconds,
+                or None for indefinite
+            mechs (list): the desired :class:`MechType` OIDs to be used
+                with the credentials, or None for the default set
+            usage (str): the usage for the credentials -- either 'both',
+                'initiate', or 'accept'
+            store (dict): the credential store information pointing to the
+                credential store from which to acquire the credentials,
+                or None for the default store (:requires-ext:`cred_store`)
+
+        Returns:
+            AcquireCredResult: the acquired credentials and information about
+            them
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+        """
+
+        if store is None:
+            res = rcreds.acquire_cred(name, lifetime,
+                                      mechs, usage)
+        else:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores")
+
+            b_store = _encode_dict(store)
+
+            res = rcred_cred_store.acquire_cred_from(b_store, name,
+                                                     lifetime, mechs,
+                                                     usage)
+
+        return tuples.AcquireCredResult(cls(base=res.creds), res.mechs,
+                                        res.lifetime)

+
+
+

+[docs]
+    def store(
+        self,
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+        usage: str = 'both',
+        mech: t.Optional[roids.OID] = None,
+        overwrite: bool = False,
+        set_default: bool = False,
+    ) -> tuples.StoreCredResult:
+        """Store these credentials into the given store
+
+        This method stores the current credentials into the specified
+        credentials store.  If the default store is used, support for
+        :rfc:`5588` is required.  Otherwise, support for the credentials
+        store extension is required.
+
+        :requires-ext:`rfc5588` or :requires-ext:`cred_store`
+
+        Args:
+            store (dict): the store into which to store the credentials,
+                or None for the default store.
+            usage (str): the usage to store the credentials with -- either
+                'both', 'initiate', or 'accept'
+            mech (~gssapi.OID): the :class:`MechType` to associate with the
+                stored credentials
+            overwrite (bool): whether or not to overwrite existing credentials
+                stored with the same name, etc
+            set_default (bool): whether or not to set these credentials as
+                the default credentials for the given store.
+
+        Returns:
+            StoreCredResult: the results of the credential storing operation
+
+        Raises:
+            ~gssapi.exceptions.GSSError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.OperationUnavailableError
+            ~gssapi.exceptions.DuplicateCredentialsElementError
+        """
+
+        if store is None:
+            if rcred_rfc5588 is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for RFC 5588")
+
+            return rcred_rfc5588.store_cred(self, usage, mech,
+                                            overwrite, set_default)
+        else:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores directly")
+
+            b_store = _encode_dict(store)
+
+            return rcred_cred_store.store_cred_into(b_store, self, usage, mech,
+                                                    overwrite, set_default)

+
+
+

+[docs]
+    def impersonate(
+        self,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'initiate',
+    ) -> "Credentials":
+        """Impersonate a name using the current credentials
+
+        This method acquires credentials by impersonating another
+        name using the current credentials.
+
+        :requires-ext:`s4u`
+
+        Args:
+            name (~gssapi.names.Name): the name to impersonate
+            lifetime (int): the desired lifetime of the new credentials in
+                seconds, or None for indefinite
+            mechs (list): the desired :class:`MechType` OIDs for the new
+                credentials
+            usage (str): the desired usage for the new credentials -- either
+                'both', 'initiate', or 'accept'.  Note that some mechanisms
+                may only support 'initiate'.
+
+        Returns:
+            Credentials: the new credentials impersonating the given name
+        """
+
+        if rcred_s4u is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "have support for S4U")
+
+        res = rcred_s4u.acquire_cred_impersonate_name(self, name,
+                                                      lifetime, mechs,
+                                                      usage)
+
+        return type(self)(base=res.creds)

+
+
+

+[docs]
+    def inquire(
+        self,
+        name: bool = True,
+        lifetime: bool = True,
+        usage: bool = True,
+        mechs: bool = True,
+    ) -> tuples.InquireCredResult:
+        """Inspect these credentials for information
+
+        This method inspects these credentials for information about them.
+
+        Args:
+            name (bool): get the name associated with the credentials
+            lifetime (bool): get the remaining lifetime for the credentials
+            usage (bool): get the usage for the credentials
+            mechs (bool): get the mechanisms associated with the credentials
+
+        Returns:
+            InquireCredResult: the information about the credentials,
+            with None used when the corresponding argument was False
+
+        Raises:
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.InvalidCredentialsError
+            ~gssapi.exceptions.ExpiredCredentialsError
+        """
+
+        res = rcreds.inquire_cred(self, name, lifetime, usage, mechs)
+
+        if res.name is not None:
+            res_name = names.Name(res.name)
+        else:
+            res_name = None
+
+        return tuples.InquireCredResult(res_name, res.lifetime,
+                                        res.usage, res.mechs)

+
+
+

+[docs]
+    def inquire_by_mech(
+        self,
+        mech: roids.OID,
+        name: bool = True,
+        init_lifetime: bool = True,
+        accept_lifetime: bool = True,
+        usage: bool = True,
+    ) -> tuples.InquireCredByMechResult:
+        """Inspect these credentials for per-mechanism information
+
+        This method inspects these credentials for per-mechanism information
+        about them.
+
+        Args:
+            mech (~gssapi.OID): the mechanism for which to retrieve the
+                information
+            name (bool): get the name associated with the credentials
+            init_lifetime (bool): get the remaining initiate lifetime for
+                the credentials in seconds
+            accept_lifetime (bool): get the remaining accept lifetime for
+                the credentials in seconds
+            usage (bool): get the usage for the credentials
+
+        Returns:
+            InquireCredByMechResult: the information about the credentials,
+            with None used when the corresponding argument was False
+        """
+
+        res = rcreds.inquire_cred_by_mech(self, mech, name, init_lifetime,
+                                          accept_lifetime, usage)
+
+        if res.name is not None:
+            res_name = names.Name(res.name)
+        else:
+            res_name = None
+
+        return tuples.InquireCredByMechResult(res_name,
+                                              res.init_lifetime,
+                                              res.accept_lifetime,
+                                              res.usage)

+
+
+

+[docs]
+    def add(
+        self,
+        name: rnames.Name,
+        mech: roids.OID,
+        usage: str = 'both',
+        init_lifetime: t.Optional[int] = None,
+        accept_lifetime: t.Optional[int] = None,
+        impersonator: t.Optional[rcreds.Creds] = None,
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> "Credentials":
+        """Acquire more credentials to add to the current set
+
+        This method works like :meth:`acquire`, except that it adds the
+        acquired credentials for a single mechanism to a copy of the current
+        set, instead of creating a new set for multiple mechanisms.
+        Unlike :meth:`acquire`, you cannot pass None desired name or
+        mechanism.
+
+        If the `impersonator` argument is used, the credentials will
+        impersonate the given name using the impersonator credentials
+        (:requires-ext:`s4u`).
+
+        If the `store` argument is used, the credentials will be acquired
+        from the given credential store (:requires-ext:`cred_store`).
+        Otherwise, the credentials are acquired from the default store.
+
+        The credential store information is a dictionary containing
+        mechanisms-specific keys and values pointing to a credential store
+        or stores.
+
+        Note that the `store` argument is not compatible with the
+        `impersonator` argument.
+
+        Args:
+            name (~gssapi.names.Name): the name associated with the
+                credentials
+            mech (~gssapi.OID): the desired :class:`MechType` to be used with
+                the credentials
+            usage (str): the usage for the credentials -- either 'both',
+                'initiate', or 'accept'
+            init_lifetime (int): the desired initiate lifetime of the
+                credentials in seconds, or None for indefinite
+            accept_lifetime (int): the desired accept lifetime of the
+                credentials in seconds, or None for indefinite
+            impersonator (Credentials): the credentials to use to impersonate
+                the given name, or None to not acquire normally
+                (:requires-ext:`s4u`)
+            store (dict): the credential store information pointing to the
+                credential store from which to acquire the credentials,
+                or None for the default store (:requires-ext:`cred_store`)
+
+        Returns:
+            Credentials: the credentials set containing the current credentials
+            and the newly acquired ones.
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.DuplicateCredentialsElementError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+        """
+
+        if store is not None and impersonator is not None:
+            raise ValueError('You cannot use both the `impersonator` and '
+                             '`store` arguments at the same time')
+
+        if store is not None:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores")
+            b_store = _encode_dict(store)
+
+            res = rcred_cred_store.add_cred_from(b_store, self, name, mech,
+                                                 usage, init_lifetime,
+                                                 accept_lifetime)
+        elif impersonator is not None:
+            if rcred_s4u is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for S4U")
+            res = rcred_s4u.add_cred_impersonate_name(self, impersonator,
+                                                      name, mech, usage,
+                                                      init_lifetime,
+                                                      accept_lifetime)
+        else:
+            res = rcreds.add_cred(self, name, mech, usage, init_lifetime,
+                                  accept_lifetime)
+
+        return Credentials(res.creds)

+
+
+

+[docs]
+    def export(self) -> bytes:
+        """Export these credentials into a token
+
+        This method exports the current credentials to a token that can
+        then be imported by passing the `token` argument to the constructor.
+
+        This is often used to pass credentials between processes.
+
+        :requires-ext:`cred_imp_exp`
+
+        Returns:
+            bytes: the exported credentials in token form
+        """
+
+        if rcred_imp_exp is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "have support for importing and "
+                                      "exporting creditials")
+
+        return rcred_imp_exp.export_cred(self)

+
+
+    # pickle protocol support
+    def __reduce__(
+        self,
+    ) -> t.Tuple[t.Type["Credentials"], t.Tuple[None, bytes]]:
+        # the unpickle arguments to new are (base=None, token=self.export())
+        return (type(self), (None, self.export()))

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/exceptions.html b/latest/_modules/gssapi/exceptions.html
new file mode 100644
index 00000000..fb3af94f
--- /dev/null
+++ b/latest/_modules/gssapi/exceptions.html
@@ -0,0 +1,160 @@
+
+
+
+
+
+  
+  
+  gssapi.exceptions — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.exceptions
+import typing as t
+
+from gssapi.raw.exceptions import *  # noqa
+from gssapi.raw.misc import GSSError  # noqa
+
+"""High-Level API Errors
+
+This module includes several high-level exceptions,
+in addition to GSSError and exceptions from
+:mod:`gssapi.raw.exceptions`.
+"""
+
+
+# non-GSS exceptions
+

+[docs]
+class GeneralError(Exception):
+    """A General High-Level API Error"""
+    MAJOR_MESSAGE = "General error"
+    FMT_STR = "{maj}: {min}."
+
+    def __init__(
+        self,
+        minor_message: str,
+        **kwargs: str,
+    ) -> None:
+        maj_str = self.MAJOR_MESSAGE.format(**kwargs)
+        err_str = self.FMT_STR.format(maj=maj_str, min=minor_message)
+        super(GeneralError, self).__init__(err_str)

+
+
+
+

+[docs]
+class UnknownUsageError(GeneralError):
+    """An Error indicating an unknown usage type"""
+    MAJOR_MESSAGE = "Unable to determine {obj} usage"

+
+
+
+

+[docs]
+class EncryptionNotUsed(GeneralError):
+    """An Error indicating that encryption was requested, but not used"""
+    MAJOR_MESSAGE = "Confidentiality was requested, but not used"
+
+    def __init__(
+        self,
+        minor_message: str,
+        unwrapped_message: t.Optional[bytes] = None,
+        **kwargs: str,
+    ) -> None:
+        super(EncryptionNotUsed, self).__init__(minor_message, **kwargs)
+
+        self.unwrapped_message = unwrapped_message

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/names.html b/latest/_modules/gssapi/names.html
new file mode 100644
index 00000000..086a0a5f
--- /dev/null
+++ b/latest/_modules/gssapi/names.html
@@ -0,0 +1,537 @@
+
+
+
+
+
+  
+  
+  gssapi.names — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.names
+
+import typing as t
+
+from gssapi.raw import names as rname
+from gssapi.raw import NameType
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import oids as roids
+from gssapi import _utils
+
+from collections.abc import MutableMapping, Iterable
+
+rname_rfc6680 = _utils.import_gssapi_extension('rfc6680')
+rname_rfc6680_comp_oid = _utils.import_gssapi_extension('rfc6680_comp_oid')
+
+
+

+[docs]
+class Name(rname.Name):
+    """A GSSAPI Name
+
+    This class represents a GSSAPI name which may be used with and/or returned
+    by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI :class:`~gssapi.raw.names.Name`
+    class, and thus may used with both low-level and high-level API methods.
+
+    This class may be pickled and unpickled, as well as copied.
+
+    The :class:`str` and :class:`bytes` methods may be used to retrieve the
+    text of the name.
+
+    Note:
+        Name strings will be automatically converted to and from unicode
+        strings as appropriate.  If a method is listed as returning a
+        :class:`str` object, it will return a unicode string.
+
+        The encoding used will be python-gssapi's current encoding, which
+        defaults to UTF-8.
+    """
+
+    __slots__ = ('_attr_obj')
+
+    def __new__(
+        cls,
+        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
+        name_type: t.Optional[roids.OID] = None,
+        token: t.Optional[bytes] = None,
+        composite: bool = False,
+    ) -> "Name":
+        if token is not None:
+            if composite:
+                if rname_rfc6680 is None:
+                    raise NotImplementedError(
+                        "Your GSSAPI implementation does not support RFC 6680 "
+                        "(the GSSAPI naming extensions)")
+
+                if rname_rfc6680_comp_oid is not None:
+                    base_name = rname.import_name(token,
+                                                  NameType.composite_export)
+                    displ_name = rname.display_name(base_name, name_type=True)
+                    if displ_name.name_type == NameType.composite_export:
+                        # NB(directxman12): there's a bug in MIT krb5 <= 1.13
+                        # where GSS_C_NT_COMPOSITE_EXPORT doesn't trigger
+                        # immediate import logic.  However, we can just use
+                        # the normal GSS_C_NT_EXPORT_NAME in this case.
+                        base_name = rname.import_name(token, NameType.export)
+                else:
+                    # NB(directxman12): some older versions of MIT krb5 don't
+                    # have support for the GSS_C_NT_COMPOSITE_EXPORT, but do
+                    # support composite tokens via GSS_C_NT_EXPORT_NAME.
+                    base_name = rname.import_name(token, NameType.export)
+            else:
+                base_name = rname.import_name(token, NameType.export)
+        elif isinstance(base, rname.Name):
+            base_name = base
+        else:
+            if isinstance(base, str):
+                base = base.encode(_utils._get_encoding())
+
+            base_name = rname.import_name(
+                base,  # type: ignore[arg-type]
+                name_type)
+
+        return t.cast("Name", super(Name, cls).__new__(cls, base_name))
+
+    def __init__(
+        self,
+        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
+        name_type: t.Optional[roids.OID] = None,
+        token: t.Optional[bytes] = None,
+        composite: bool = False,
+    ) -> None:
+        """
+        The constructor can be used to "import" a name from a human readable
+        representation, or from a token, and can also be used to convert a
+        low-level :class:`gssapi.raw.names.Name` object into a high-level
+        object.
+
+        If a :class:`~gssapi.raw.names.Name` object from the low-level API
+        is passed as the `base` argument, it will be converted into a
+        high-level object.
+
+        If the `token` argument is used, the name will be imported using
+        the token.  If the token was exported as a composite token,
+        pass `composite=True`.
+
+        Otherwise, a new name will be created, using the `base` argument as
+        the human-readable string and the `name_type` argument to denote the
+        name type.
+
+        Raises:
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.BadMechanismError
+        """
+
+        self._attr_obj: t.Optional[_NameAttributeMapping]
+
+        if rname_rfc6680 is not None:
+            self._attr_obj = _NameAttributeMapping(self)
+        else:
+            self._attr_obj = None
+
+    def __str__(self) -> str:
+        return bytes(self).decode(_utils._get_encoding())
+
+    def __unicode__(self) -> str:
+        # Python 2 -- someone asked for unicode
+        return self.__bytes__().decode(_utils._get_encoding())
+
+    def __bytes__(self) -> bytes:
+        # Python 3 -- someone asked for bytes
+        return rname.display_name(self, name_type=False).name
+
+

+[docs]
+    def display_as(
+        self,
+        name_type: roids.OID,
+    ) -> str:
+        """
+        Display this name as the given name type.
+
+        This method attempts to display the current :class:`Name`
+        using the syntax of the given :class:`~gssapi.raw.types.NameType`, if
+        possible.
+
+        Warning:
+
+            In MIT krb5 versions below 1.13.3, this method can segfault if
+            the name was not *originally* created with a `name_type` that was
+            not ``None`` (even in cases when a ``name_type``
+            is later "added", such as via :meth:`canonicalize`).
+            **Do not use this method unless you are sure the above
+            conditions can never happen in your code.**
+
+        Warning:
+
+            In addition to the above warning, current versions of MIT krb5 do
+            not actually fully implement this method, and it may return
+            incorrect results in the case of canonicalized names.
+
+        :requires-ext:`rfc6680`
+
+        Args:
+            name_type (~gssapi.OID): the :class:`~gssapi.raw.types.NameType` to
+                use to display the given name
+
+        Returns:
+            str: the displayed name
+
+        Raises:
+            ~gssapi.exceptions.OperationUnavailableError
+        """
+
+        if rname_rfc6680 is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+        return rname_rfc6680.display_name_ext(self, name_type).decode(
+            _utils._get_encoding())

+
+
+    @property
+    def name_type(self) -> t.Optional[roids.OID]:
+        """The :class:`~gssapi.raw.types.NameType` of this name"""
+        return rname.display_name(self, name_type=True).name_type
+
+    def __eq__(
+        self,
+        other: object,
+    ) -> bool:
+        if not isinstance(other, rname.Name):
+            # maybe something else can compare this
+            # to other classes, but we certainly can't
+            return NotImplemented
+        else:
+            return rname.compare_name(self, other)
+
+    def __ne__(
+        self,
+        other: object,
+    ) -> bool:
+        return not self.__eq__(other)
+
+    def __repr__(self) -> str:
+        disp_res = rname.display_name(self, name_type=True)
+        return "Name({name!r}, {name_type})".format(
+            name=disp_res.name, name_type=disp_res.name_type)
+
+

+[docs]
+    def export(
+        self,
+        composite: bool = False,
+    ) -> bytes:
+        """Export this name as a token.
+
+        This method exports the name into a byte string which can then be
+        imported by using the `token` argument of the constructor.
+
+        Args:
+            composite (bool): whether or not use to a composite token --
+                :requires-ext:`rfc6680`
+
+        Returns:
+            bytes: the exported name in token form
+
+        Raises:
+            ~gssapi.exceptions.MechanismNameRequiredError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+        """
+
+        if composite:
+            if rname_rfc6680 is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not support RFC 6680 (the GSSAPI "
+                                          "naming extensions)")
+
+            return rname_rfc6680.export_name_composite(self)
+        else:
+            return rname.export_name(self)

+
+
+

+[docs]
+    def canonicalize(
+        self,
+        mech: roids.OID
+    ) -> "Name":
+        """Canonicalize a name with respect to a mechanism.
+
+        This method returns a new :class:`Name` that is canonicalized according
+        to the given mechanism.
+
+        Args:
+            mech (~gssapi.OID): the :class:`MechType` to use
+
+        Returns:
+            Name: the canonicalized name
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+        """
+
+        return type(self)(rname.canonicalize_name(self, mech))

+
+
+    def __copy__(self) -> "Name":
+        return type(self)(rname.duplicate_name(self))
+
+    def __deepcopy__(
+        self,
+        memo: t.Dict,
+    ) -> "Name":
+        return type(self)(rname.duplicate_name(self))
+
+    def _inquire(
+        self,
+        **kwargs: t.Any,
+    ) -> tuples.InquireNameResult:
+        """Inspect this name for information.
+
+        This method inspects the name for information.
+
+        If no keyword arguments are passed, all available information
+        is returned.  Otherwise, only the keyword arguments that
+        are passed and set to `True` are returned.
+
+        Args:
+            mech_name (bool): get whether this is a mechanism name,
+                and, if so, the associated mechanism
+            attrs (bool): get the attributes names for this name
+
+        Returns:
+            InquireNameResult: the results of the inquiry, with unused
+                fields set to None
+
+        Raises:
+            ~gssapi.exceptions.GSSError
+        """
+
+        if rname_rfc6680 is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+
+        if not kwargs:
+            default_val = True
+        else:
+            default_val = False
+
+        attrs = kwargs.get('attrs', default_val)
+        mech_name = kwargs.get('mech_name', default_val)
+
+        return rname_rfc6680.inquire_name(self, mech_name=mech_name,
+                                          attrs=attrs)
+
+    @property
+    def is_mech_name(self) -> bool:
+        """Whether or not this name is a mechanism name
+        (:requires-ext:`rfc6680`)
+        """
+        return self._inquire(mech_name=True).is_mech_name
+
+    @property
+    def mech(self) -> roids.OID:
+        """The mechanism associated with this name (:requires-ext:`rfc6680`)
+        """
+        return self._inquire(mech_name=True).mech
+
+    @property
+    def attributes(self) -> t.Optional[MutableMapping]:
+        """The attributes of this name (:requires-ext:`rfc6680`)
+
+        The attributes are presenting in the form of a
+        :class:`~collections.abc.MutableMapping` (a dict-like object).
+
+        Retrieved values will always be in the form of :class:`frozenset`.
+
+        When assigning values, if iterables are used, they be considered to be
+        the set of values for the given attribute.  If a non-iterable is used,
+        it will be considered a single value, and automatically wrapped in an
+        iterable.
+
+        Note:
+            String types (includes :class:`bytes`) are not considered to
+            be iterables in this case.
+        """
+        if self._attr_obj is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+
+        return self._attr_obj

+
+
+
+class _NameAttributeMapping(MutableMapping):
+
+    """Provides dict-like access to RFC 6680 Name attributes."""
+    def __init__(
+        self,
+        name: Name,
+    ) -> None:
+        self._name = name
+
+    def __getitem__(
+        self,
+        key: t.Union[bytes, str],
+    ) -> tuples.GetNameAttributeResult:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        res = rname_rfc6680.get_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+        res = t.cast(tuples.GetNameAttributeResult, res)
+
+        return tuples.GetNameAttributeResult(list(res.values),
+                                             list(res.display_values),
+                                             res.authenticated,
+                                             res.complete)
+
+    def __setitem__(
+        self,
+        key: t.Union[bytes, str],
+        value: t.Union[
+            tuples.GetNameAttributeResult, t.Tuple[bytes, bool], bytes
+        ],
+    ) -> None:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+
+        attr_value: t.List[bytes]
+        if isinstance(value, tuples.GetNameAttributeResult):
+            complete = value.complete
+            attr_value = value.values
+        elif isinstance(value, tuple) and len(value) == 2:
+            complete = t.cast(bool, value[1])
+            attr_value = [t.cast(bytes, value[0])]
+        else:
+            complete = False
+
+        if (isinstance(value, (str, bytes)) or
+                not isinstance(value, Iterable)):
+            # NB(directxman12): this allows us to easily assign a single
+            # value, since that's a common case
+            attr_value = [value]
+
+        rname_rfc6680.set_name_attribute(  # type: ignore[union-attr]
+            self._name, key, attr_value, complete=complete)
+
+    def __delitem__(
+        self,
+        key: t.Union[bytes, str],
+    ) -> None:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._name._inquire(attrs=True).attrs)
+
+    def __len__(self) -> int:
+        return len(self._name._inquire(attrs=True).attrs)
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/chan_bindings.html b/latest/_modules/gssapi/raw/chan_bindings.html
new file mode 100644
index 00000000..bfc62e57
--- /dev/null
+++ b/latest/_modules/gssapi/raw/chan_bindings.html
@@ -0,0 +1,152 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.chan_bindings — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.chan_bindings
+import typing as t
+
+
+

+[docs]
+class ChannelBindings:
+    """GSSAPI Channel Bindings
+
+    This class represents a set of GSSAPI channel bindings.
+
+    Args:
+        initiator_address_type: the initiator address type
+        initiator_address: the initiator address
+        acceptor_address_type:  the acceptor address type
+        acceptor_address: the acceptor address
+        application_data: additional application-specific data
+    """
+
+

+[docs]
+    initiator_address_type: t.Optional[int]

+
+

+[docs]
+    initiator_address: t.Optional[bytes]

+
+

+[docs]
+    acceptor_address_type: t.Optional[int]

+
+

+[docs]
+    acceptor_address: t.Optional[bytes]

+
+

+[docs]
+    application_data: t.Optional[bytes]

+
+
+    def __init__(
+        self,
+        initiator_address_type: t.Optional[int] = None,
+        initiator_address: t.Optional[bytes] = None,
+        acceptor_address_type: t.Optional[int] = None,
+        acceptor_address: t.Optional[bytes] = None,
+        application_data: t.Optional[bytes] = None,
+    ) -> None: ...

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/creds.html b/latest/_modules/gssapi/raw/creds.html
new file mode 100644
index 00000000..356dcc8c
--- /dev/null
+++ b/latest/_modules/gssapi/raw/creds.html
@@ -0,0 +1,310 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.creds — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.creds
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+    from gssapi.raw.named_tuples import (
+        AcquireCredResult,
+        AddCredResult,
+        InquireCredResult,
+        InquireCredByMechResult,
+    )
+
+
+

+[docs]
+class Creds:
+    """
+    GSSAPI Credentials
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["Creds"] = None,
+    ) -> "Creds": ...

+
+
+
+

+[docs]
+def acquire_cred(
+    name: t.Optional["Name"],
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'both',
+) -> "AcquireCredResult":
+    """Get GSSAPI credentials for the given name and mechanisms.
+
+    This method gets GSSAPI credentials corresponding to the given name
+    and mechanims.  The desired TTL and usage for the the credential may also
+    be specified.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name for which to acquire the
+            credentials (or None for the "no name" functionality)
+        lifetime (int): the lifetime in seconds for the credentials (or None
+            for indefinite)
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work, or None for the default set
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
+

+[docs]
+def release_cred(
+    creds: Creds,
+) -> None:
+    """
+    release_cred(creds)
+    Release GSSAPI Credentials.
+
+    This method releases GSSAPI credentials.
+
+    Warning:
+        This method is deprecated.  Credentials are
+        automatically freed by Python.
+
+    Args:
+        creds (Creds): the credentials in question
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
+

+[docs]
+def add_cred(
+    input_cred: Creds,
+    name: "Name",
+    mech: "OID",
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+    mutate_input: bool = False,
+) -> "AddCredResult":
+    """Add a credential element to a credential.
+
+    This method can be used to either compose two credentials (i.e., original
+    and new credential), or to add a new element to an existing credential.
+
+    Args:
+        input_cred (Creds): the set of credentials to which to add the new
+            credentials
+        name (~gssapi.raw.names.Name): name of principal to acquire a
+            credential for
+        mech (~gssapi.raw.types.MechType): the desired security mechanism
+            (required).
+        usage (str): usage type for credentials.  Possible values:
+            'initiate' (default), 'accept', 'both' (failsafe).
+        init_lifetime (int): lifetime of credentials for use in initiating
+            security contexts in seconds (None for indefinite)
+        accept_lifetime (int): lifetime of credentials for use in accepting
+            security contexts in seconds (None for indefinite)
+        mutate_input (bool): whether to mutate the input credentials (True)
+            or produce a new set of credentials (False).  Defaults to False
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL, and the actual acceptor TTL (None for
+        either indefinite or not supported).  Note that the credentials may
+        be set to None if mutate_input is set to True.
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.DuplicateCredentialsElementError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
+

+[docs]
+def inquire_cred(
+    creds: Creds,
+    name: bool = True,
+    lifetime: bool = True,
+    usage: bool = True,
+    mechs: bool = True,
+) -> "InquireCredResult":
+    """Inspect credentials for information.
+
+    This method inspects a :class:`Creds` object for information.
+
+    Args:
+        creds (Creds): the credentials to inspect
+        name (bool): get the Name associated with the credentials
+        lifetime (bool): get the TTL for the credentials
+        usage (bool): get the usage type of the credentials
+        mechs (bool): the mechanims used with the credentials
+
+    Returns:
+        InquireCredResult: the information about the credentials,
+        with unused fields set to None
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+    """

+
+
+
+

+[docs]
+def inquire_cred_by_mech(
+    creds: Creds,
+    mech: "OID",
+    name: bool = True,
+    init_lifetime: bool = True,
+    accept_lifetime: bool = True,
+    usage: bool = True,
+) -> "InquireCredByMechResult":
+    """Inspect credentials for mechanism-specific information.
+
+    This method inspects a :class:`Creds` object for information
+    specific to a particular mechanism.  It functions similarly
+    to :func:`inquire_cred`.
+
+    Args:
+        creds (Creds): the credentials to inspect
+        mech (~gssapi.OID): the desired mechanism
+        name (bool): get the Name associated with the credentials
+        init_lifetime (bool): get the initiator TTL for the credentials (in
+            seconds)
+        accept_lifetime (bool): get the acceptor TTL for the credentials (in
+            seconds)
+        usage (bool): get the usage type of the credentials
+
+    Returns:
+        InquireCredByMechResult: the information about the credentials,
+        with unused fields set to None
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.InvalidCredentialsError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/exceptions.html b/latest/_modules/gssapi/raw/exceptions.html
new file mode 100644
index 00000000..0092ad35
--- /dev/null
+++ b/latest/_modules/gssapi/raw/exceptions.html
@@ -0,0 +1,270 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.exceptions — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.exceptions
+from gssapi.raw.misc import GSSError
+
+

+[docs]
+class ParameterReadError(GSSError): ...

+
+
+

+[docs]
+class ParameterWriteError(GSSError): ...

+
+
+

+[docs]
+class MalformedParameterError(GSSError): ...

+
+
+

+[docs]
+class BadMechanismError(GSSError): ...

+
+
+

+[docs]
+class BadNameError(GSSError): ...

+
+
+

+[docs]
+class BadNameTypeError(GSSError): ...

+
+
+

+[docs]
+class BadChannelBindingsError(GSSError): ...

+
+
+

+[docs]
+class BadStatusError(GSSError): ...

+
+
+

+[docs]
+class BadMICError(GSSError): ...

+
+
+

+[docs]
+class MissingCredentialsError(GSSError): ...

+
+
+

+[docs]
+class MissingContextError(GSSError): ...

+
+
+

+[docs]
+class InvalidTokenError(GSSError): ...

+
+
+

+[docs]
+class InvalidCredentialsError(GSSError): ...

+
+
+

+[docs]
+class ExpiredCredentialsError(GSSError): ...

+
+
+

+[docs]
+class ExpiredContextError(GSSError): ...

+
+
+

+[docs]
+class BadQoPError(GSSError): ...

+
+
+

+[docs]
+class UnauthorizedError(GSSError): ...

+
+
+

+[docs]
+class OperationUnavailableError(GSSError): ...

+
+
+

+[docs]
+class DuplicateCredentialsElementError(GSSError): ...

+
+
+

+[docs]
+class MechanismNameRequiredError(GSSError): ...

+
+
+

+[docs]
+class NameReadError(ParameterReadError, BadNameError): ...

+
+
+

+[docs]
+class NameTypeReadError(ParameterReadError, BadNameTypeError): ...

+
+
+

+[docs]
+class TokenReadError(ParameterReadError, InvalidTokenError): ...

+
+
+

+[docs]
+class ContextReadError(ParameterReadError, MissingContextError): ...

+
+
+

+[docs]
+class CredentialsReadError(ParameterReadError, MissingCredentialsError): ...

+
+
+

+[docs]
+class ContextWriteError(ParameterWriteError, MissingContextError): ...

+
+
+

+[docs]
+class CredentialsWriteError(ParameterWriteError, MissingCredentialsError): ...

+
+
+

+[docs]
+class SupplementaryError(GSSError): ...

+
+
+

+[docs]
+class DuplicateTokenError(SupplementaryError): ...

+
+
+

+[docs]
+class ExpiredTokenError(SupplementaryError): ...

+
+
+

+[docs]
+class TokenOutOfSequenceError(SupplementaryError): ...

+
+
+

+[docs]
+class TokenTooLateError(TokenOutOfSequenceError): ...

+
+
+

+[docs]
+class TokenTooEarlyError(TokenOutOfSequenceError): ...

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_cred_imp_exp.html b/latest/_modules/gssapi/raw/ext_cred_imp_exp.html
new file mode 100644
index 00000000..886497f1
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_cred_imp_exp.html
@@ -0,0 +1,154 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_cred_imp_exp — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_cred_imp_exp
+"""Credentials Import/Export Extension"""
+
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+
+
+

+[docs]
+def export_cred(
+    creds: "Creds",
+) -> bytes:
+    """Export GSSAPI credentials.
+
+    This method exports GSSSAPI credentials into a token
+    which may be transmitted between different processes.
+
+    Args:
+        creds (Creds): the credentials object to be exported
+
+    Returns:
+        bytes: the exported token representing the given credentials object
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def import_cred(
+    token: bytes,
+) -> "Creds":
+    """Import GSSAPI credentials from a token.
+
+    This method imports a credentials object from a token
+    previously exported by :func:`export_cred`.
+
+    Args:
+        token (bytes): the token to import
+
+    Returns:
+        Creds: the imported credentials object
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_cred_store.html b/latest/_modules/gssapi/raw/ext_cred_store.html
new file mode 100644
index 00000000..381c95ec
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_cred_store.html
@@ -0,0 +1,249 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_cred_store — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_cred_store
+"""Credential Store Extension"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AcquireCredResult, StoreCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def acquire_cred_from(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ] = None,
+    name: t.Optional["Name"] = None,
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'both',
+) -> "AcquireCredResult":
+    """Acquire credentials from the given store.
+
+    This method acquires credentials from the store specified by the
+    given credential store information.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the credential store information pointing to the
+            credential store from which to acquire the credentials.
+            See :doc:`credstore` for valid values
+        name (~gssapi.raw.names.Name): the name associated with the
+            credentials, or None for the default name
+        lifetime (int): the desired lifetime of the credentials in seconds, or
+            None for indefinite
+        mechs (list): the desired mechanisms to be used with these
+            credentials, or None for the default set
+        usage (str): the usage for these credentials -- either 'both',
+            'initiate', or 'accept'
+
+    Returns:
+        AcquireCredResult: the acquired credentials and information about
+        them
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def add_cred_from(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ],
+    input_creds: "Creds",
+    name: "Name",
+    mech: "OID",
+    usage: str = 'both',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AcquireCredResult":
+    """Acquire credentials to add to the current set from the given store.
+
+    This method works like :func:`acquire_cred_from`, except that it
+    adds the acquired credentials for a single mechanism to a copy of
+    the current set, instead of creating a new set for multiple mechanisms.
+    Unlike :func:`~gssapi.raw.creds.acquire_cred`, you cannot pass None for the
+    desired name or mechanism.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the store into which to store the credentials,
+            or None for the default store.
+            See :doc:`credstore` for valid values
+        name (~gssapi.raw.names.Name): the name associated with the credentials
+        mech (~gssapi.OID): the desired mechanism to be used with these
+            credentials
+        usage (str): the usage for these credentials -- either 'both',
+            'initiate', or 'accept'
+        init_lifetime (int): the desired initiate lifetime of the credentials
+            in seconds, or None for indefinite
+        accept_lifetime (int): the desired accept lifetime of the credentials
+            in seconds, or None for indefinite
+
+    Returns:
+        AcquireCredResult: the new credentials set and information about
+        it
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def store_cred_into(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ],
+    creds: "Creds",
+    usage: str = 'both',
+    mech: t.Optional["OID"] = None,
+    overwrite: bool = False,
+    set_default: bool = False,
+) -> "StoreCredResult":
+    """Store credentials into the given store.
+
+    This method stores the given credentials into the store specified
+    by the given store information.  They may then be retrieved later using
+    :func:`acquire_cred_from` or :func:`add_cred_from`.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the store into which to store the credentials,
+            or None for the default store.
+            See :doc:`credstore` for valid values
+        creds (Creds): the credentials to store
+        usage (str): the usage to store the credentials with -- either
+            'both', 'initiate', or 'accept'
+        mech (~gssapi.OID): the mechansim to associate with the stored
+            credentials
+        overwrite (bool): whether or not to overwrite existing credentials
+            stored with the same name, etc
+        set_default (bool): whether or not to set these credentials as
+            the default credentials for the given store.
+
+    Returns:
+        StoreCredResult: the results of the credential storing operation
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_dce.html b/latest/_modules/gssapi/raw/ext_dce.html
new file mode 100644
index 00000000..2b8aba9c
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_dce.html
@@ -0,0 +1,351 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_dce — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_dce
+import typing as t
+
+from enum import IntEnum
+
+from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import IOVUnwrapResult, WrapResult
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+class IOVBufferType(IntEnum):
+    """
+    IOV Buffer Types
+
+    This IntEnum represent GSSAPI IOV buffer
+    types to be used with the IOV methods.
+
+    The numbers behind the values correspond directly
+    to their C counterparts.
+    """
+
+

+[docs]
+    empty = 0 #: GSS_IOV_BUFFER_TYPE_EMPTY

+
+

+[docs]
+    data = 1 #: GSS_IOV_BUFFER_TYPE_DATA

+
+

+[docs]
+    header = 2 #: GSS_IOV_BUFFER_TYPE_HEADER

+
+

+[docs]
+    mech_params = 3 #: GSS_IOV_BUFFER_TYPE_MECH_PARAMS

+
+

+[docs]
+    trailer = 7 #: GSS_IOV_BUFFER_TYPE_TRAILER

+
+

+[docs]
+    padding = 9 #: GSS_IOV_BUFFER_TYPE_PADDING

+
+

+[docs]
+    stream = 10 #: GSS_IOV_BUFFER_TYPE_STREAM

+
+

+[docs]
+    sign_only = 11 #: GSS_IOV_BUFFER_TYPE_SIGN_ONLY

+
+

+[docs]
+    mic_token = 12 #: GSS_IOV_BUFFER_TYPE_MIC_TOKEN

+

+
+
+
+

+[docs]
+class IOVBuffer(t.NamedTuple):
+

+[docs]
+    type: IOVBufferType

+
+

+[docs]
+    allocate: t.Optional[bool]

+
+

+[docs]
+    value: t.Optional[bytes]

+

+
+
+
+

+[docs]
+class IOV:
+    """A GSSAPI IOV"""
+
+    def __init__(
+        self,
+        *args: t.Union[
+            IOVBuffer,
+            t.Tuple[
+                t.Union[IOVBufferType, int],
+                t.Optional[bool],
+                t.Optional[bytes]],
+            t.Tuple[
+                t.Union[IOVBufferType, int],
+                t.Optional[t.Union[bool, bytes]],
+            ],
+            bytes,
+            t.Union[IOVBufferType, int],
+        ],
+        std_layout: bool = True,
+        auto_alloc: bool = True,
+    ) -> None: ...
+
+    def __getitem__(
+        self,
+        ind: int,
+    ) -> IOVBuffer: ...
+
+    def __len__(self) -> int: ...
+
+    def __iter__(self) -> t.Iterator[IOVBuffer]: ...
+
+    def __contains__(
+        self,
+        item: IOVBuffer,
+    ) -> bool: ...
+
+    def __reversed__(self) -> t.Iterator[IOVBuffer]: ...
+
+

+[docs]
+    def index(
+        self,
+        value: t.Any,
+    ) -> int: ...

+
+
+

+[docs]
+    def count(
+        self,
+        value: t.Any,
+    ) -> int: ...

+

+
+
+
+

+[docs]
+def wrap_iov(
+    context: "SecurityContext",
+    message: IOV,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> bool:
+    """Wrap/Encrypt an IOV message.
+
+    This method wraps or encrypts an IOV message.  The allocate
+    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
+    indicates whether or not that particular buffer should be
+    automatically allocated (for use with padding, header, and
+    trailer buffers).
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+        confidential (bool): whether or not to encrypt the miovessage (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        bool: whether or not confidentiality was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def unwrap_iov(
+    context: "SecurityContext",
+    message: IOV,
+) -> "IOVUnwrapResult":
+    """Unwrap/Decrypt an IOV message.
+
+    This method uwraps or decrypts an IOV message.  The allocate
+    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
+    indicates whether or not that particular buffer should be
+    automatically allocated (for use with padding, header, and
+    trailer buffers).
+
+    As a special case, you may pass an entire IOV message
+    as a single 'stream'.  In this case, pass a buffer type
+    of :attr:`IOVBufferType.stream` followed by a buffer type of
+    :attr:`IOVBufferType.data`.  The former should contain the
+    entire IOV message, while the latter should be empty.
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+
+    Returns:
+        IOVUnwrapResult: whether or not confidentiality was used,
+        and the QoP used.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def wrap_iov_length(
+    context: "SecurityContext",
+    message: IOV,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Appropriately size padding, trailer, and header IOV buffers.
+
+    This method sets the length values on the IOV buffers.  You
+    should already have data provided for the data (and sign-only)
+    buffer(s) so that padding lengths can be appropriately computed.
+
+    In Python terms, this will result in an appropriately sized
+    `bytes` object consisting of all zeros.
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+
+    Returns:
+        WrapResult: a list of :class:IOVBuffer` objects, and whether or not
+        encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_dce_aead.html b/latest/_modules/gssapi/raw/ext_dce_aead.html
new file mode 100644
index 00000000..158b8684
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_dce_aead.html
@@ -0,0 +1,171 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_dce_aead — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_dce_aead
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+def wrap_aead(
+    context: "SecurityContext",
+    message: bytes,
+    associated: t.Optional[bytes] = None,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Wrap/Encrypt an AEAD message.
+
+    This method takes an input message and associated data,
+    and outputs and AEAD message.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to wrap or encrypt
+        associated (bytes): associated data to go with the message
+        confidential (bool): whether or not to encrypt the message (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        WrapResult: the wrapped/encrypted total message, and whether or not
+        encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def unwrap_aead(
+    context: "SecurityContext",
+    message: bytes,
+    associated: t.Optional[bytes] = None,
+) -> "UnwrapResult":
+    """Unwrap/Decrypt an AEAD message.
+
+    This method takes an encrpyted/wrapped AEAD message and some associated
+    data, and returns an unwrapped/decrypted message.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the AEAD message to unwrap or decrypt
+        associated (bytes): associated data that goes with the message
+
+    Returns:
+        UnwrapResult: the unwrapped/decrypted message, whether or on
+        encryption was used, and the QoP used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_ggf.html b/latest/_modules/gssapi/raw/ext_ggf.html
new file mode 100644
index 00000000..a0b77940
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_ggf.html
@@ -0,0 +1,210 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_ggf — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_ggf
+"""
+GGF Extensions
+
+GGF provides extended credential and security context inquiry that allows
+application to retrieve more information about the client's credentials and
+security context. One common use case is to use
+:meth:`inquire_sec_context_by_oid` to retrieve the "session" key that is
+required by the SMB protocol for signing and encrypting a message.
+
+Draft IETF document for these extensions can be found at
+https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00
+"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+def inquire_cred_by_oid(
+    cred_handle: "Creds",
+    desired_aspect: "OID",
+) -> t.List[bytes]:
+    """
+    This method inspects a :class:`~gssapi.raw.creds.Creds` object for
+    information specific to a particular desired aspect as an OID.
+
+    Args:
+        cred_handle (Creds): the Credentials to query
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Credentials to inquire about.
+
+    Returns:
+        list: A list of zero or more pieces of data (as bytes objects)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def inquire_sec_context_by_oid(
+    context: "SecurityContext",
+    desired_aspect: "OID",
+) -> t.List[bytes]:
+    """
+    This method inspects a :class:`~gssapi.raw.sec_contexts.SecurityContext`
+    object for information specific to a particular desired aspect as an OID.
+
+    This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
+    retrieve the required key that is used to derive the SMB/SAMBA signing and
+    encryption keys.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
+            Context to query
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Security Context to inquire about.
+
+    Returns:
+        list: A list of zero or more pieces of data (as bytes objects)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def set_sec_context_option(
+    desired_aspect: "OID",
+    context: "SecurityContext",
+    value: t.Optional[bytes] = None,
+) -> None:
+    """
+    This method is used to set a value for a specific OID of a
+    :class:`~gssapi.raw.sec_contexts.SecurityContext` object. The OID and value
+    to pass in depends on the mech the SecurityContext backs.
+
+    An example of how this can be used would be to reset the NTLM crypto engine
+    used in gss-ntlmssp. The OID that controls this value is
+    '1.3.6.1.4.1.7165.655.1.3' and it takes it a byte value that represents
+    an int32 where 1 resets the verifier handle and any other int resets the
+    sender handle.
+
+    Args:
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Security Context to set the value for.
+        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
+            Context to set, or None to create a new context.
+        value (bytes): the value to set on the desired aspect of the Security
+            Context or None to send GSS_C_EMPTY_BUFFER.
+
+    Returns:
+        ~gssapi.raw.sec_contexts.SecurityContext: The output security context.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_iov_mic.html b/latest/_modules/gssapi/raw/ext_iov_mic.html
new file mode 100644
index 00000000..ad7c376d
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_iov_mic.html
@@ -0,0 +1,203 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_iov_mic — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_iov_mic
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.ext_dce import IOV
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+def get_mic_iov(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> None:
+    """Generate MIC tokens for the given IOV message.
+
+    This method generates a MIC token for the given IOV message, and places it
+    in the :attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token` buffer in the
+    IOV. This method operates entirely in-place, and returns nothing.
+
+    Warning:
+        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def get_mic_iov_length(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> None:
+    """Allocate space for the MIC buffer in the given IOV message.
+
+    This method allocates space for the MIC token buffer
+    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) in the given IOV
+    message.
+
+    Warning:
+        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def verify_mic_iov(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> int:
+    """Verify that the MIC matches the data in the given IOV message.
+
+    This method verifies that the MIC token in the MIC buffer
+    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) match the data
+    buffer(s) in the given IOV method.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+
+    Returns:
+        int: the QoP used to generate the MIC token
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_krb5.html b/latest/_modules/gssapi/raw/ext_krb5.html
new file mode 100644
index 00000000..b65db27e
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_krb5.html
@@ -0,0 +1,435 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_krb5 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_krb5
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import CfxKeyData, Rfc1964KeyData
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+class Krb5LucidContext:
+    """
+    The base container returned by :meth:`krb5_export_lucid_sec_context` when
+    an unknown version was requested.
+    """

+
+
+
+

+[docs]
+class Krb5LucidContextV1(Krb5LucidContext):
+    """
+    Kerberos context data returned by :meth:`krb5_export_lucid_sec_context`
+    when version 1 was requested.
+    """
+
+    @property
+

+[docs]
+    def version(self) -> t.Optional[int]:
+        """The structure version number
+
+        Returns:
+            Optional[int]: the structure version number
+        """

+
+
+    @property
+

+[docs]
+    def is_initiator(self) -> t.Optional[bool]:
+        """Whether the context was the initiator
+
+        Returns:
+            Optional[bool]: ``True`` when the exported context was the
+            initiator
+        """

+
+
+    @property
+

+[docs]
+    def endtime(self) -> t.Optional[int]:
+        """Expiration time of the context
+
+        Returns:
+            Optional[int]: the expiration time of the context
+        """

+
+
+    @property
+

+[docs]
+    def send_seq(self) -> t.Optional[int]:
+        """Sender sequence number
+
+        Returns:
+            Optional[int]: the sender sequence number
+        """

+
+
+    @property
+

+[docs]
+    def recv_seq(self) -> t.Optional[int]:
+        """Receiver sequence number
+
+        Returns:
+            Optional[int]: the receiver sequence number
+        """

+
+
+    @property
+

+[docs]
+    def protocol(self) -> t.Optional[int]:
+        """The protocol number
+
+        If the protocol number is 0 then :attr:`rfc1964_kd` is set and
+        :attr:`cfx_kd` is `None`. If the protocol number is 1 then the opposite
+        is true.
+
+        Protocol 0 refers to RFC1964 and 1 refers to RFC4121.
+
+        Returns:
+            Optional[int]: the protocol number
+        """

+
+
+    @property
+

+[docs]
+    def rfc1964_kd(self) -> t.Optional["Rfc1964KeyData"]:
+        """Keydata for protocol 0 (RFC1964)
+
+        This will be set when :attr:`protocol` is ``0``.
+
+        Returns:
+            Optional[Rfc1964KeyData]: the RFC1964 key data
+        """

+
+
+    @property
+

+[docs]
+    def cfx_kd(self) -> t.Optional["CfxKeyData"]:
+        """Key data for protocol 1 (RFC4121)
+
+        This will be set when :attr:`protocol` is ``1``.
+
+        Returns:
+            Optional[CfxKeyData]: the RFC4121 key data
+        """

+

+
+
+
+

+[docs]
+def krb5_ccache_name(
+    name: t.Optional[bytes],
+) -> bytes:
+    """Set the default Kerberos Protocol credentials cache name.
+
+    This method sets the default credentials cache name for use by he Kerberos
+    mechanism. The default credentials cache is used by
+    :meth:`~gssapi.raw.creds.acquire_cred` to create a GSS-API credential. It
+    is also used by :meth:`~gssapi.raw.sec_contexts.init_sec_context` when
+    `GSS_C_NO_CREDENTIAL` is specified.
+
+    Note:
+        Heimdal does not return the old name when called. It also does not
+        reset the ccache lookup behaviour when setting to ``None``.
+
+    Note:
+        The return value may not be thread safe.
+
+    Args:
+        name (Optional[bytes]): the name to set as the new thread specific
+            ccache name. Set to ``None`` to revert back to getting the ccache
+            from the config/environment settings.
+
+    Returns:
+        bytes: the old name that was previously set
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_export_lucid_sec_context(
+    context: "SecurityContext",
+    version: int,
+) -> Krb5LucidContext:
+    """Returns a non-opaque version of the internal context info.
+
+    Gets information about the Kerberos security context passed in. Currently
+    only version 1 is known and supported by this library.
+
+    Note:
+        The context handle must not be used again by the caller after this
+        call.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        version (int): the output structure version to export.  Currently
+            only 1 is supported.
+
+    Returns:
+        Krb5LucidContext: the non-opaque version context info
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_extract_authtime_from_sec_context(
+    context: "SecurityContext",
+) -> int:
+    """Get the auth time for the security context.
+
+    Gets the auth time for the established security context.
+
+    Note:
+        Heimdal can only get the authtime on the acceptor security context.
+        MIT is able to get the authtime on both initiators and acceptors.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+
+    Returns:
+        int: the authtime
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_extract_authz_data_from_sec_context(
+    context: "SecurityContext",
+    ad_type: int,
+) -> bytes:
+    """Extracts Kerberos authorization data.
+
+    Extracts authorization data that may be stored within the context.
+
+    Note:
+        Only operates on acceptor contexts.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        ad_type (int): the type of data to extract
+
+    Returns:
+        bytes: the raw authz data from the sec context
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_import_cred(
+    cred_handle: "Creds",
+    cache: t.Optional[int] = None,
+    keytab_principal: t.Optional[int] = None,
+    keytab: t.Optional[int] = None,
+) -> None:
+    """Import Krb5 credentials into GSSAPI credential.
+
+    Imports the krb5 credentials (either or both of the keytab and cache) into
+    the GSSAPI credential so it can be used within GSSAPI. The ccache is
+    copied by reference and thus shared, so if the credential is destroyed,
+    all users of cred_handle will fail.
+
+    Args:
+        cred_handle (Creds): the credential handle to import into
+        cache (int): the krb5_ccache address pointer, as an int, to import
+            from
+        keytab_principal (int): the krb5_principal address pointer, as an int,
+            of the credential to import
+        keytab (int): the krb5_keytab address pointer, as an int, of the
+            keytab to import
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_get_tkt_flags(
+    context: "SecurityContext",
+) -> int:
+    """Return ticket flags for the kerberos ticket.
+
+    Return the ticket flags for the kerberos ticket received when
+    authenticating the initiator.
+
+    Note:
+        Heimdal can only get the tkt flags on the acceptor security context.
+        MIT is able to get the tkt flags on initiators and acceptors.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context
+
+    Returns:
+        int: the ticket flags for the received kerberos ticket
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_set_allowable_enctypes(
+    cred_handle: "Creds",
+    ktypes: t.Iterable[int],
+) -> None:
+    """Limits the keys that can be exported.
+
+    Called by a context initiator after acquiring the creds but before calling
+    :meth:`~gssapi.raw.sec_contexts.init_sec_context` to restrict the set of
+    enctypes which will be negotiated during context establisment to those in
+    the provided list.
+
+    Warning:
+        The cred_handle should not be ``GSS_C_NO_CREDENTIAL``.
+
+    Args:
+        cred_hande (Creds): the credential handle
+        ktypes (List[int]): list of enctypes allowed
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_password.html b/latest/_modules/gssapi/raw/ext_password.html
new file mode 100644
index 00000000..a9f7fd89
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_password.html
@@ -0,0 +1,148 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_password — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_password
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import AcquireCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def acquire_cred_with_password(
+    name: "Name",
+    password: bytes,
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'initiate',
+) -> "AcquireCredResult":
+    """Acquire credentials through provided password.
+
+    This function is originally from Solaris and is not documented by either
+    MIT or Heimdal.
+
+    In general, it functions similarly to
+    :func:`~gssapi.raw.creds.acquire_cred`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to acquire credentials for
+        password (bytes): the password used to acquire credentialss with
+        lifetime (int): the lifetime for the credentials in seconds (or None
+            for indefinite)
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work (or None for the default set)
+        usage (str): usage type for credentials.  Possible values:
+            'initiate' (default), 'accept', 'both' (failsafe).
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_password_add.html b/latest/_modules/gssapi/raw/ext_password_add.html
new file mode 100644
index 00000000..a09dc1c2
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_password_add.html
@@ -0,0 +1,155 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_password_add — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_password_add
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AddCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def add_cred_with_password(
+    input_cred: "Creds",
+    name: "Name",
+    mech: "OID",
+    password: bytes,
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AddCredResult":
+    """Add a credential-element to a credential using provided password.
+
+    This function is originally from Solaris and is not documented by either
+    MIT or Heimdal.
+
+    In general, it functions similarly to :func:`~gssapi.raw.creds.add_cred`.
+
+    Args:
+        input_cred (~gssapi.raw.creds.Creds): the credentials to add to
+        name (~gssapi.raw.names.Name): the name to acquire credentials for
+        mech (~gssapi.raw.types.MechType): the desired mechanism.  Note that
+            this is both singular and required
+        password (bytes): the password used to acquire credentialss with
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+        init_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to initiate security contexts (or None
+            for indefinite)
+        accept_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to accept security contexts (or None
+            for indefinite)
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL in seconds, and the actual acceptor TTL
+        in seconds (the TTLs may be None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_rfc4178.html b/latest/_modules/gssapi/raw/ext_rfc4178.html
new file mode 100644
index 00000000..94535879
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_rfc4178.html
@@ -0,0 +1,134 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc4178 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc4178
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def set_neg_mechs(
+    cred_handle: "Creds",
+    mech_set: t.Iterable["OID"],
+) -> None:
+    """
+    Specify the set of security mechanisms that may be negotiated with
+    the credential identified by cred_handle.
+    If more than one mechanism is specified in mech_set, the order in
+    which those mechanisms are specified implies a relative preference.
+
+    Args:
+        cred_handle (Creds): credentials to set negotiable mechanisms for
+        mech_set (~gssapi.raw.types.MechType): negotiable mechanisms to be set
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_rfc5587.html b/latest/_modules/gssapi/raw/ext_rfc5587.html
new file mode 100644
index 00000000..77445cb8
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_rfc5587.html
@@ -0,0 +1,176 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc5587 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc5587
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import InquireAttrsResult, DisplayAttrResult
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def indicate_mechs_by_attrs(
+    desired_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+    except_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+    critical_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+) -> t.Set["OID"]:
+    """Get a set of mechanisms that have the specified attributes.
+
+    Args:
+        desired_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
+            offer
+        except_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
+            NOT offer
+        critical_mech_attrs (~gssapi.OID): Attributes that the output mechs
+            MUST understand and offer
+
+    Returns:
+        ~gssapi.MechType: a set of mechs which satisfy the given criteria
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def inquire_attrs_for_mech(
+    mech: "OID",
+) -> "InquireAttrsResult":
+    """Gets the set of attrs supported and known by a mechanism.
+
+    Args:
+        mech (~gssapi.raw.types.MechType): Mechanism to inquire about
+
+    Returns:
+        InquireAttrsResult: the results of inquiry; a mech's attributes and
+        known attributes
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def display_mech_attr(
+    attr: "OID",
+) -> "DisplayAttrResult":
+    """Returns information about attributes in human readable form.
+
+    Args:
+        attr (~gssapi.OID): Mechanism attribute to retrieve names and
+            descriptions of
+
+    Returns:
+        DisplayAttrResult: the results of displaying the attribute; mech name,
+        short description, and long description.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_rfc5588.html b/latest/_modules/gssapi/raw/ext_rfc5588.html
new file mode 100644
index 00000000..c4fa8fd2
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_rfc5588.html
@@ -0,0 +1,149 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc5588 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc5588
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import StoreCredResult
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def store_cred(
+    creds: "Creds",
+    usage: str = 'both',
+    mech: t.Optional["OID"] = None,
+    overwrite: bool = False,
+    set_default: bool = False,
+) -> "StoreCredResult":
+    """Store credentials into the default store.
+
+    This method stores the given credentials into the default store.
+    They may then be retrieved later using
+    :func:`~gssapi.raw.creds.acquire_cred`.
+
+    Args:
+        creds (Creds): the credentials to store
+        usage (str): the usage to store the credentials with -- either
+            'both', 'initiate', or 'accept'
+        mech (~gssapi.OID): the mechansim to associate with the stored
+            credentials
+        overwrite (bool): whether or not to overwrite existing credentials
+            stored with the same name, etc
+        set_default (bool): whether or not to set these credentials as
+            the default credentials for the given store.
+
+    Returns:
+        StoreCredResult: the results of the credential storing operation
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.DuplicateCredentialsElementError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_rfc5801.html b/latest/_modules/gssapi/raw/ext_rfc5801.html
new file mode 100644
index 00000000..b4a8388d
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_rfc5801.html
@@ -0,0 +1,149 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc5801 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc5801
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import InquireSASLNameResult
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def inquire_saslname_for_mech(
+    mech: "OID",
+) -> "InquireSASLNameResult":
+    """Gets information about a specified mech, including the SASL name,
+    the mech name, and the mech description.
+
+    Args:
+        mech (~gssapi.OID): Mechanism to inquire about
+
+    Returns:
+        InquireSASLNameResult: the results of inquiry; a mech's SASL name,
+        name, and description.
+
+    Raises:
+        ~gssapi.exceptions.GSSError: an unknown failure occurred
+    """

+
+
+
+

+[docs]
+def inquire_mech_for_saslname(
+    sasl_name: bytes,
+) -> "OID":
+    """Gets the OID for the mech specified by SASL name.
+
+    Args:
+        sasl_name (bytes): SASL name of the mechanism
+
+    Returns:
+        ~gssapi.OID: the mechanism with corresponding SASL name.
+
+    Raises:
+        ~gssapi.exceptions.GSSError: An unknown failure occurred
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_rfc6680.html b/latest/_modules/gssapi/raw/ext_rfc6680.html
new file mode 100644
index 00000000..fa9ca6fc
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_rfc6680.html
@@ -0,0 +1,291 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc6680 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc6680
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import (
+        GetNameAttributeResult,
+        InquireNameResult,
+    )
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def display_name_ext(
+    name: "Name",
+    name_type: "OID",
+) -> bytes:
+    """Display the given Name using the given name type.
+
+    This method attempts to display the given Name using the syntax of
+    the given name type.  If this is not possible, an appropriate error
+    will be raised.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to display
+        name_type (~gssapi.OID): the name type (see NameType) to use to
+            display the given name
+
+    Returns:
+        bytes: the displayed name
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given name could not
+            be displayed using the given name type
+    """

+
+
+
+

+[docs]
+def inquire_name(
+    name: "Name",
+    mech_name: bool = True,
+    attrs: bool = True,
+) -> "InquireNameResult":
+    """Get information about a Name.
+
+    This method retrieves information about the given name, including
+    the set of attribute names for the given name, as well as whether or
+    not the name is a mechanism name.  Additionally, if the given name is
+    a mechanism name, the associated mechansim is returned as well.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name about which to inquire
+        mech_name (bool): whether or not to retrieve if this name
+            is a mech_name (and the associate mechanism)
+        attrs (bool): whether or not to retrieve the attribute name list
+
+    Returns:
+        InquireNameResult: the set of attribute names for the given name,
+        whether or not the name is a Mechanism Name, and potentially
+        the associated mechanism if it is a Mechanism Name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def set_name_attribute(
+    name: "Name",
+    attr: bytes,
+    value: t.Iterable[bytes],
+    complete: bool = False,
+) -> None:
+    """Set the value(s) of a name attribute.
+
+    This method sets the value(s) of the given attribute on the given name.
+
+    Note that this functionality more closely matches the pseudo-API
+    presented in RFC 6680, not the C API (which uses multiple calls to
+    add multiple values).  However, multiple calls to this method will
+    continue adding values, so :func:`delete_name_attribute` must be
+    used in between calls to "clear" the values.
+
+    Args:
+        name (~gssapi.raw.names.Name): the Name on which to set the attribute
+        attr (bytes): the name of the attribute
+        value (list): a list of bytes objects to use as the value(s)
+        complete (bool): whether or not to mark this attribute's value
+            set as being "complete"
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given attribute name
+            is unknown or could not be set
+    """

+
+
+
+

+[docs]
+def get_name_attribute(
+    name: "Name",
+    attr: bytes,
+    more: t.Optional[int] = None,
+) -> "GetNameAttributeResult":
+    """Get the value(s) of a name attribute.
+
+    This method retrieves the value(s) of the given attribute
+    for the given Name.
+
+    Note that this functionality matches pseudo-API presented
+    in RFC 6680, not the C API (which uses a state variable and
+    multiple calls to retrieve multiple values).
+
+    Args:
+        name (~gssapi.raw.names.Name): the Name from which to get the attribute
+        attr (bytes): the name of the attribute
+
+    Returns:
+        GetNameAttributeResult: the raw version of the value(s),
+        the human-readable version of the value(s), whether
+        or not the attribute was authenticated, and whether or
+        not the attribute's value set was marked as complete
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given attribute is
+            unknown or unset
+    """

+
+
+
+

+[docs]
+def delete_name_attribute(
+    name: "Name",
+    attr: bytes,
+) -> None:
+    """Remove an attribute from a name.
+
+    This method removes an attribute from a Name.  This method may be
+    used before :func:`set_name_attribute` clear the values of an attribute
+    before setting a new value (making the latter method work like a 'set'
+    operation instead of an 'add' operation).
+
+    Note that the removal of certain attributes may not be allowed.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to remove the attribute from
+        attr (bytes): the name of the attribute
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.UnauthorizedError
+    """

+
+
+
+

+[docs]
+def export_name_composite(
+    name: "Name",
+) -> bytes:
+    """Export a name, preserving attribute information.
+
+    This method functions similarly to :func:`~gssapi.raw.names.export_name`,
+    except that it preserves attribute information.  The resulting bytes may be
+    imported using :func:`~gssapi.raw.names.import_name` with the
+    :attr:`~gssapi.raw.types.NameType.composite_export` name type.
+
+    Note:
+        Some versions of MIT Kerberos require you to either canonicalize a name
+        once it has been imported with composite-export name type, or to import
+        using the normal export name type.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to export
+
+    Returns:
+        bytes: the exported composite name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_s4u.html b/latest/_modules/gssapi/raw/ext_s4u.html
new file mode 100644
index 00000000..5648a975
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_s4u.html
@@ -0,0 +1,196 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_s4u — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_s4u
+"""Service4User Extension"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def acquire_cred_impersonate_name(
+    impersonator_cred: "Creds",
+    name: "Name",
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'initiate',
+) -> "AcquireCredResult":
+    """Acquire credentials by impersonating another name.
+
+    This method is one of the ways to use S4U2Self.  It acquires credentials
+    by impersonating another name using a set of proxy credentials.  The
+    impersonator credentials must have a usage of 'both' or 'initiate'.
+
+    Args:
+        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
+            permissions to impersonate the target name
+        name (~gssapi.raw.names.Name): the name to impersonate
+        lifetime (int): the lifetime for the credentials (or None for
+            indefinite) in seconds
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work (or None for the default set)
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not support)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def add_cred_impersonate_name(
+    input_cred: "Creds",
+    impersonator_cred: "Creds",
+    name: "Name",
+    mech: "OID",
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AddCredResult":
+    """Add a credentials element to a credential by impersonating another name.
+
+    This method is one of the ways to use S4U2Self.  It adds credentials
+    to the input credentials by impersonating another name using a set of
+    proxy credentials.  The impersonator credentials must have a usage of
+    'both' or 'initiate'.
+
+    Args:
+        input_cred (~gssapi.raw.creds.Creds): the set of credentials to which
+            to add the new credentials
+        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
+            permissions to impersonate the target name
+        name (~gssapi.raw.names.Name): the name to impersonate
+        mech (~gssapi.raw.types.MechType): the desired mechanism. Note that
+            this is both
+            singular and required, unlike acquireCredImpersonateName
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+        init_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to initiate security contexts (or None
+            for indefinite)
+        accept_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to accept security contexts (or None
+            for indefinite)
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL in seconds, and the actual acceptor TTL
+        in seconds (the TTLs may be None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/ext_set_cred_opt.html b/latest/_modules/gssapi/raw/ext_set_cred_opt.html
new file mode 100644
index 00000000..6c0cccd6
--- /dev/null
+++ b/latest/_modules/gssapi/raw/ext_set_cred_opt.html
@@ -0,0 +1,157 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_set_cred_opt — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_set_cred_opt
+"""
+gss_set_cred_option
+
+Provides a way to set options on a credential based on the OID specified. A
+common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
+credential. This is used for interoperability with Microsoft's SSPI.
+
+Note this function is commonly lumped with the GGF extensions but they are not
+part of the GGF IETF draft so it's separated into it's own file.
+
+Closest draft IETF document for the gss_set_cred_option can be found at
+https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01
+"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def set_cred_option(
+    desired_aspect: "OID",
+    creds: t.Optional["Creds"] = None,
+    value: t.Optional[bytes] = None,
+) -> "Creds":
+    """
+    This method is used to set options of a :class:`~gssapi.raw.creds.Creds`
+    object based on an OID key. The options that can be set depends on the mech
+    the credentials were created with.
+
+    An example of how this can be used would be to set the
+    GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
+    this flag is '1.2.752.43.13.29' and it requires no value to be set. This
+    must be set before the SecurityContext was initialised with the
+    credentials.
+
+    Args:
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Credential to set.
+        cred_handle (~gssapi.raw.creds.Creds): the Credentials to set, or None
+            to create a new credential.
+        value (bytes): the value to set on the desired aspect of the Credential
+            or None to send GSS_C_EMPTY_BUFFER.
+
+    Returns:
+        Creds: The output credential.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/message.html b/latest/_modules/gssapi/raw/message.html
new file mode 100644
index 00000000..dff932cb
--- /dev/null
+++ b/latest/_modules/gssapi/raw/message.html
@@ -0,0 +1,275 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.message — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.message
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
+    from gssapi.sec_contexts import SecurityContext
+
+
+

+[docs]
+def get_mic(
+    context: "SecurityContext",
+    message: bytes,
+    qop: t.Optional[int] = None,
+) -> bytes:
+    """Generate a MIC for a message.
+
+    This method generates a Message Integrity Check token for the
+    given message.  This can be separately trasmitted to the other
+    entity, unlike wrap, which bundles the MIC and the message
+    together.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message for which to generate the MIC
+        qop (int): the requested Quality of Protection
+            (or None to use the default)
+
+    Returns:
+        bytes: the generated MIC token
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
+

+[docs]
+def verify_mic(
+    context: "SecurityContext",
+    message: bytes,
+    token: bytes,
+) -> int:
+    """Verify that a MIC matches a message.
+
+    This method verifies that the given MIC matches the given message.
+    If the MIC does not match the given message, an exception will
+    be raised.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message in question
+        token (bytes): the MIC token in question
+
+    Returns:
+        int: the QoP used.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.TokenTooLateError
+        ~gssapi.exceptions.TokenTooEarlyError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def wrap_size_limit(
+    context: "SecurityContext",
+    output_size: int,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> int:
+    """Calculate the max message size.
+
+    This method calculates the unwrapped/unencrypted message size for
+    the given maximum wrapped/encrypted message size.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        output_size (int): the maximum desired wrapped/encrypted message size
+        confidential (bool): whether or not confidentiality is being used
+        qop (int): the QoP that will be when you actually call wrap
+            (or None for the default QoP)
+
+    Returns:
+        int: the maximum unencrypted/unwrapped message size
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
+

+[docs]
+def wrap(
+    context: "SecurityContext",
+    message: bytes,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Wrap/Encrypt a message.
+
+    This method wraps or encrypts a message (depending on the value
+    of confidential) with the given Quality of Protection.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to wrap or encrypt
+        confidential (bool): whether or not to encrypt the message (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        WrapResult: the wrapped/encrypted message, and whether or not
+            encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
+

+[docs]
+def unwrap(
+    context: "SecurityContext",
+    message: bytes,
+) -> "UnwrapResult":
+    """Unwrap/Decrypt a message.
+
+    This method unwraps or decrypts a message, depending
+    on whether the sender used confidentiality.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to unwrap/decrypt
+
+    Returns:
+        UnwrapResult: the unwrapped/decrypted message, whether or on
+            encryption was used, and the QoP used
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.TokenTooLateError
+        ~gssapi.exceptions.TokenTooEarlyError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/misc.html b/latest/_modules/gssapi/raw/misc.html
new file mode 100644
index 00000000..82ed09ef
--- /dev/null
+++ b/latest/_modules/gssapi/raw/misc.html
@@ -0,0 +1,306 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.misc — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.misc
+import typing as t
+
+from gssapi.raw.names import Name
+from gssapi.raw.oids import OID
+from gssapi.raw.types import MechType
+
+
+

+[docs]
+def indicate_mechs() -> t.Set[OID]:
+    """Get the currently supported mechanisms.
+
+    This method retrieves the currently supported GSSAPI mechanisms.
+    Note that if unknown mechanims are found, those will be skipped.
+    """

+
+
+
+

+[docs]
+def inquire_names_for_mech(
+    mech: OID,
+) -> t.Set[OID]:
+    """
+    inquire_names_for_mech(mech)
+    Get the name types supported by a mechanism.
+
+    This method retrieves the different name types supported by
+    the given mechanism.
+
+    Args:
+        mech (~gssapi.OID): the mechanism in question
+
+    Returns:
+        list: the name type OIDs supported by the given mechanism
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def inquire_mechs_for_name(
+    name: Name,
+) -> t.Set[OID]:
+    """
+    inquire_mechs_for_name(name)
+    List the mechanisms which can process a name.
+
+    This method lists the mechanisms which may be able to
+    process the given name.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+
+    Returns:
+        The mechanism OIDs able to process the given name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+def _display_status(
+    error_code: int,
+    is_major_code: bool,
+    mech: t.Optional[MechType] = None,
+    message_context: int = 0,
+) -> t.Tuple[bytes, int, bool]:
+    """
+    Display a string message for a GSSAPI error code.
+
+    This method displays a message for a corresponding GSSAPI error code.
+    Since some error codes might have multiple messages, a context parameter
+    may be passed to indicate where in the series of messages we currently are
+    (this is the second item in the return value tuple).  Additionally, the
+    third item in the return value tuple indicates whether or not more
+    messages are available.
+
+    Args:
+        error_code (int): The error code in question
+        is_major_code (bool): is this a major code (True) or a
+            minor code (False)
+        mech (~gssapi.raw.types.MechType): The mechanism type that returned
+            this error code (defaults to None, for the default mechanism)
+        message_context (int): The context for this call -- this is used when
+            multiple messages are available (defaults to 0)
+
+    Returns:
+        (bytes, int, bool): the message, the new message context, and
+            whether or not to call again for further messages
+
+    Raises:
+       ValueError
+    """
+
+
+

+[docs]
+class GSSError(Exception):
+    """
+    A GSSAPI Error
+
+    This Exception represents an error returned from the GSSAPI
+    C bindings.  It contains the major and minor status codes
+    returned by the method which caused the error, and can
+    generate human-readable string messages from the error
+    codes
+    """
+
+

+[docs]
+    maj_code: int

+
+

+[docs]
+    min_code: int

+
+

+[docs]
+    token: t.Optional[bytes]

+
+

+[docs]
+    calling_code: int

+
+

+[docs]
+    routine_code: int

+
+

+[docs]
+    supplementary_code: int

+
+
+    @classmethod
+    def _parse_major_code(
+        cls,
+        maj_code: int
+    ) -> t.Tuple[int, int, int]: ...
+
+    def __init__(
+        self,
+        maj_code: int,
+        min_code: int,
+        token: t.Optional[bytes] = None,
+    ) -> None:
+        """
+        Create a new GSSError.
+
+        This method creates a new GSSError,
+        retrieves the related human-readable
+        string messages, and uses the results to construct an
+        exception message
+
+        Args:
+            maj_code: the major code associated with this error
+            min_code: the minor code associated with this error
+            token: an error token associated with the error
+        """
+
+

+[docs]
+    def get_all_statuses(
+        self,
+        code: int,
+        is_maj: bool,
+    ) -> t.List[str]:
+        """
+        Retrieve all messages for a status code.
+
+        This method retrieves all human-readable messages
+        available for the given status code.
+
+        Args:
+            code: the status code in question
+            is_maj: whether this is a major status code (True)
+                or minor status code (False)
+
+        Returns:
+            [str]: A list of string messages associated with the
+                given code
+        """

+
+
+

+[docs]
+    def gen_message(self) -> str:
+        """
+        Retrieves all messages for this error's status codes
+
+        This method retrieves all messages for this error's status codes,
+        and forms them into a string for use as an exception message
+
+        Returns:
+            str: a string for use as this error's message
+        """

+

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/named_tuples.html b/latest/_modules/gssapi/raw/named_tuples.html
new file mode 100644
index 00000000..e50651d8
--- /dev/null
+++ b/latest/_modules/gssapi/raw/named_tuples.html
@@ -0,0 +1,384 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.named_tuples — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.named_tuples
+from typing import List, NamedTuple, Optional, Set, TYPE_CHECKING
+
+from gssapi.raw.oids import OID
+from gssapi.raw.types import RequirementFlag
+
+if TYPE_CHECKING:
+    import gssapi
+
+
+

+[docs]
+class AcquireCredResult(NamedTuple):
+    """Credential result when acquiring a GSSAPI credential."""
+    #: GSSAPI credentials that were acquired
+    creds: "gssapi.raw.creds.Creds"
+    #: Set of mechs the cred is for
+    mechs: Set[OID]
+    #: Number of seconds for which the cred will remain valid
+    lifetime: int

+
+
+
+

+[docs]
+class InquireCredResult(NamedTuple):
+    """Information about the credential."""
+    #: The principal associated with the credential
+    name: Optional["gssapi.raw.names.Name"]
+    #: Number of seconds which the cred is valid for
+    lifetime: Optional[int]
+    #: How the credential can be used
+    usage: Optional[str]
+    #: Set of mechs the cred is for
+    mechs: Optional[Set[OID]]

+
+
+
+

+[docs]
+class InquireCredByMechResult(NamedTuple):
+    """Information about the credential for a specific mechanism."""
+    #: The principal associated with the credential
+    name: Optional["gssapi.raw.names.Name"]
+    #: Time valid for initiation, in seconds
+    init_lifetime: Optional[int]
+    #: Time valid for accepting, in seconds
+    accept_lifetime: Optional[int]
+    #: How the credential can be used
+    usage: Optional[str]

+
+
+
+

+[docs]
+class AddCredResult(NamedTuple):
+    """Result of adding to a GSSAPI credential."""
+    #: The credential that was generated
+    creds: Optional["gssapi.raw.creds.Creds"]
+    #: Set of mechs the cred is for
+    mechs: Set[OID]
+    #: Time valid for initiation, in seconds
+    init_lifetime: int
+    #: Time valid for accepting, in seconds
+    accept_lifetime: int

+
+
+
+

+[docs]
+class DisplayNameResult(NamedTuple):
+    """Textual representation of a GSSAPI name."""
+    #: The representation of the GSSAPI name
+    name: bytes
+    #: The type of GSSAPI name
+    name_type: Optional[OID]

+
+
+
+

+[docs]
+class WrapResult(NamedTuple):
+    """Wrapped message result."""
+    #: The wrapped message
+    message: bytes
+    #: Whether the message is encrypted and not just signed
+    encrypted: bool

+
+
+
+

+[docs]
+class UnwrapResult(NamedTuple):
+    """Unwrapped message result."""
+    #: The unwrapped message
+    message: bytes
+    #: Whether the message was encrypted and not just signed
+    encrypted: bool
+    #: The quality of protection applied to the message
+    qop: int

+
+
+
+

+[docs]
+class AcceptSecContextResult(NamedTuple):
+    """Result when accepting a security context by an initiator."""
+    #: The acceptor security context
+    context: "gssapi.raw.sec_contexts.SecurityContext"
+    #: The authenticated name of the initiator
+    initiator_name: "gssapi.raw.names.Name"
+    #: Mechanism with which the context was established
+    mech: OID
+    #: Token to be returned to the initiator
+    token: Optional[bytes]
+    #: Services requested by the initiator
+    flags: RequirementFlag
+    #: Seconds for which the context is valid for
+    lifetime: int
+    #: Delegated credentials
+    delegated_creds: Optional["gssapi.raw.creds.Creds"]
+    #: More input is required to complete the exchange
+    more_steps: bool

+
+
+
+

+[docs]
+class InitSecContextResult(NamedTuple):
+    """Result when initiating a security context"""
+    #: The initiator security context
+    context: "gssapi.raw.sec_contexts.SecurityContext"
+    #: Mechanism used in the security context
+    mech: OID
+    #: Services available for the context
+    flags: RequirementFlag
+    #: Token to be sent to the acceptor
+    token: Optional[bytes]
+    #: Seconds for which the context is valid for
+    lifetime: int
+    #: More input is required to complete the exchange
+    more_steps: bool

+
+
+
+

+[docs]
+class InquireContextResult(NamedTuple):
+    """Information about the security context."""
+    #: Name of the initiator
+    initiator_name: Optional["gssapi.raw.names.Name"]
+    #: Name of the acceptor
+    target_name: Optional["gssapi.raw.names.Name"]
+    #: Time valid for the security context, in seconds
+    lifetime: Optional[int]
+    #: Mech used to create the security context
+    mech: Optional[OID]
+    #: Services available for the context
+    flags: Optional[RequirementFlag]
+    #: Context was initiated locally
+    locally_init: Optional[bool]
+    #: Context has been established and ready to use
+    complete: Optional[bool]

+
+
+
+

+[docs]
+class StoreCredResult(NamedTuple):
+    """Result of the credential storing operation."""
+    #: Mechs that were stored in the credential store
+    mechs: List[OID]
+    #: How the credential can be used
+    usage: str

+
+
+
+

+[docs]
+class IOVUnwrapResult(NamedTuple):
+    """Unwrapped IOV message result."""
+    #: Whether the message was encrypted and not just signed
+    encrypted: bool
+    #: The quality of protection applied to the message
+    qop: int

+
+
+
+

+[docs]
+class InquireNameResult(NamedTuple):
+    """Information about a GSSAPI Name."""
+    #: Set of attribute names
+    attrs: List[bytes]
+    #: Name is a mechanism name
+    is_mech_name: bool
+    #: The mechanism if is_name_mech is True
+    mech: OID

+
+
+
+

+[docs]
+class GetNameAttributeResult(NamedTuple):
+    """GSSAPI Name attribute values."""
+    #: Raw values
+    values: List[bytes]
+    #: Human-readable values
+    display_values: List[bytes]
+    #: Attribute has been authenticated
+    authenticated: bool
+    #: Attribute value is marked as complete
+    complete: bool

+
+
+
+

+[docs]
+class InquireAttrsResult(NamedTuple):
+    """Set of attributes supported and known by a mechanism."""
+    #: The mechanisms attributes
+    mech_attrs: Set[OID]
+    #: Known attributes of the mechanism
+    known_mech_attrs: Set[OID]

+
+
+
+

+[docs]
+class DisplayAttrResult(NamedTuple):
+    """Information about an attribute."""
+    #: The mechanism name
+    name: bytes
+    #: Short description of the mechanism
+    short_desc: bytes
+    #: Long description of the mechanism
+    long_desc: bytes

+
+
+
+

+[docs]
+class InquireSASLNameResult(NamedTuple):
+    """SASL informmation about a GSSAPI Name."""
+    #: The SASL name
+    sasl_mech_name: bytes
+    #: The mechanism name
+    mech_name: bytes
+    #: The mechanism description
+    mech_description: bytes

+
+
+
+

+[docs]
+class Rfc1964KeyData(NamedTuple):
+    """Security context key data based on RFC1964."""
+    #: Signing algorithm identifier
+    sign_alg: int
+    #: Sealing algorithm identifier
+    seal_alg: int
+    #: Key encryption type identifier
+    key_type: int
+    #: Encryption key data
+    key: bytes

+
+
+
+

+[docs]
+class CfxKeyData(NamedTuple):
+    """Securty context key data."""
+    #: Context key encryption type identifier
+    ctx_key_type: int
+    #: Context key data - session or sub-session key
+    ctx_key: bytes
+    #: Acceptor key enc type identifier
+    acceptor_subkey_type: Optional[int]
+    #: Acceptor key data
+    acceptor_subkey: Optional[bytes]

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/names.html b/latest/_modules/gssapi/raw/names.html
new file mode 100644
index 00000000..93f64351
--- /dev/null
+++ b/latest/_modules/gssapi/raw/names.html
@@ -0,0 +1,298 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.names — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.names
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import DisplayNameResult
+    from gssapi.raw.oids import OID
+
+

+[docs]
+class Name:
+    """
+    A GSSAPI Name
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["Name"] = None,
+    ) -> "Name": ...

+
+
+
+

+[docs]
+def import_name(
+    name: bytes,
+    name_type: t.Optional["OID"] = None,
+) -> Name:
+    """Convert a string and a name type into a GSSAPI name.
+
+    This method takes a string name and a name type and converts
+    them into a GSSAPI :class:`Name`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the string version of the name
+        name_type (~gssapi.raw.types.MechType): the type of this name
+
+    Returns:
+        Name: the GSSAPI version of the name
+
+    Raises:
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
+

+[docs]
+def display_name(
+    name: Name,
+    name_type: bool = True,
+) -> "DisplayNameResult":
+    """Convert a GSSAPI name into its components.
+
+    This method converts a GSSAPI :class:`Name` back into its
+    text form.  If ``name_type`` is True, it also attempts to
+    retrieve the :class:`~gssapi.raw.types.NameType` of the name (otherwise the
+    returned name type will be ``None``).
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+        name_type (~gssapi.raw.types.MechType): whether or not to retrieve the
+            name type
+
+    Returns:
+        DisplayNameResult: the text part of the name and its type
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def compare_name(
+    name1: Name,
+    name2: Name,
+) -> bool:
+    """Check two GSSAPI names to see if they are the same.
+
+    This method compares two GSSAPI names, checking to
+    see if they are equivalent.
+
+    Args:
+        name1 (~gssapi.raw.names.Name): the first name to compare
+        name2 (~gssapi.raw.names.Name): the second name to compare
+
+    Returns:
+        bool: whether or not the names are equal
+
+    Raises:
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def export_name(
+    name: Name,
+) -> bytes:
+    """Export a GSSAPI name.
+
+    This method "produces a canonical contigous string representation
+    of a mechanism name, suitable for direct comparison for use in
+    authorization functions".
+
+    The input name must be a valid GSSAPI mechanism name, as generated by
+    :func:`canonicalize_name` or
+    :func:`~gssapi.raw.sec_contexts.accept_sec_context`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to export
+
+    Returns:
+        bytes: the exported name
+
+    Raises:
+        ~gssapi.exceptions.MechanismNameRequiredError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def canonicalize_name(
+    name: Name,
+    mech: "OID",
+) -> Name:
+    """Canonicalize an arbitrary GSSAPI Name into a Mechanism Name
+
+    This method turns any GSSAPI name into a "mechanism name" --
+    a full form name specific to a mechanism.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to canonicalize
+        mech (~gssapi.raw.types.MechType): the mechanism type to use to
+            canonicalize the name
+
+    Returns:
+        Name: a canonicalized version of the input name
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def duplicate_name(
+    name: Name,
+) -> Name:
+    """Duplicate a GSSAPI name.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to duplicate
+
+    Returns:
+        Name: a duplicate of the input name
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def release_name(
+    name: Name,
+) -> None:
+    """Release a GSSAPI name.
+
+    This method frees a GSSAPI :class:`Name`.
+    You probably won't have to do this.
+
+    Warning:
+        This method is deprecated.  Names are
+        automatically freed by Python.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/oids.html b/latest/_modules/gssapi/raw/oids.html
new file mode 100644
index 00000000..17037286
--- /dev/null
+++ b/latest/_modules/gssapi/raw/oids.html
@@ -0,0 +1,163 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.oids — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.oids
+import typing as t
+
+

+[docs]
+class OID:
+    """
+    A GSSAPI OID
+
+    A new OID may be created by passing the `elements` argument
+    to the constructor.  The `elements` argument should be a
+    :class:`bytes` consisting of the BER-encoded values in the OID.
+
+    To retrieve the underlying bytes, use the :class:`bytes`
+    function in Python 3.
+
+    This object is hashable, and may be compared using equality
+    operators.
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["OID"] = None,
+        elements: t.Optional[bytes] = None,
+    ) -> "OID": ...
+
+    @classmethod
+

+[docs]
+    def from_int_seq(
+        cls,
+        integer_sequence: t.Union[str, t.Iterable[int]],
+    ) -> "OID":
+        """Create a OID from a sequence of integers.
+
+        This method creates an OID from a sequence of integers.
+        The sequence can either be in dotted form as a string,
+        or in list form.
+
+        This method is not for BER-encoded byte strings, which
+        can be passed directly to the OID constructor.
+
+        Args:
+            integer_sequence: either a list of integers or
+                a string in dotted form
+
+        Returns:
+            OID: the OID represented by the given integer sequence
+
+        Raises:
+            ValueError: the sequence is less than two elements long
+        """

+
+
+    @property
+

+[docs]
+    def dotted_form(self) -> str: ...

+

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/sec_contexts.html b/latest/_modules/gssapi/raw/sec_contexts.html
new file mode 100644
index 00000000..00d116a1
--- /dev/null
+++ b/latest/_modules/gssapi/raw/sec_contexts.html
@@ -0,0 +1,425 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.sec_contexts — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.sec_contexts
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.chan_bindings import ChannelBindings
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import (
+        AcceptSecContextResult,
+        InitSecContextResult,
+        InquireContextResult,
+    )
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+    from gssapi.raw.types import RequirementFlag
+
+

+[docs]
+class SecurityContext:
+    """
+    A GSSAPI Security Context
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["SecurityContext"] = None,
+    ) -> "SecurityContext": ...
+
+    @property
+    def _started(self) -> bool: ...

+
+
+
+

+[docs]
+def init_sec_context(
+    name: "Name",
+    creds: t.Optional["Creds"] = None,
+    context: t.Optional[SecurityContext] = None,
+    mech: t.Optional["OID"] = None,
+    flags: t.Optional[t.Union[
+        int, "RequirementFlag",
+        t.Iterable[int], t.Iterable["RequirementFlag"]
+    ]] = None,
+    lifetime: t.Optional[int] = None,
+    channel_bindings: t.Optional["ChannelBindings"] = None,
+    input_token: t.Optional[bytes] = None,
+) -> "InitSecContextResult":
+    """Initiate a GSSAPI security context.
+
+    This method initiates a GSSAPI security context, targeting the given
+    target name.  To create a basic context, just provide the target name.
+    Further calls used to update the context should pass in the output context
+    of the last call, as well as the input token received from the acceptor.
+
+    Warning:
+        This changes the input context!
+
+    Args:
+        target_name (~gssapi.raw.names.Name): the target for the security
+            context
+        creds (Creds): the credentials to use to initiate the context,
+            or None to use the default credentials
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context to update, or None to create a new context
+        mech (~gssapi.raw.types.MechType): the mechanism type for this security
+            context, or None for the default mechanism type
+        flags (list): the flags to request for the security context, or
+            None to use the default set: mutual_authentication and
+            out_of_sequence_detection.  This may also be an
+            :class:`IntEnumFlagSet`
+        lifetime (int): the request lifetime of the security context in seconds
+            (a value of 0 or None means indefinite)
+        channel_bindings (ChannelBindings): The channel bindings (or None for
+            no channel bindings)
+        input_token (bytes): the token to use to update the security context,
+            or None if you are creating a new context
+
+    Returns:
+        InitSecContextResult: the output security context, the actual mech
+        type, the actual flags used, the output token to send to the acceptor,
+        the actual lifetime of the context in seconds (or None if not supported
+        or indefinite), and whether or not more calls are needed to finish the
+        initiation.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.BadChannelBindingsError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
+

+[docs]
+def accept_sec_context(
+    input_token: bytes,
+    acceptor_creds: t.Optional["Creds"] = None,
+    context: t.Optional[SecurityContext] = None,
+    channel_bindings: t.Optional["ChannelBindings"] = None,
+) -> "AcceptSecContextResult":
+    """Accept a GSSAPI security context.
+
+    This method accepts a GSSAPI security context using a token sent by the
+    initiator, using the given credentials.  It can either be used to accept a
+    security context and create a new security context object, or to update an
+    existing security context object.
+
+    Warning:
+        This changes the input context!
+
+    Args:
+        input_token (bytes): the token sent by the context initiator
+        acceptor_creds (Creds): the credentials to be used to accept the
+            context (or None to use the default credentials)
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context to update (or None to create a new security context object)
+        channel_bindings (ChannelBindings): The channel bindings (or None for
+            no channel bindings)
+
+    Returns:
+        AcceptSecContextResult: the resulting security context, the initiator
+        name, the mechanism being used, the output token, the flags in use,
+        the lifetime of the context in seconds (or None for indefinite or not
+        supported), the delegated credentials (valid only if the
+        delegate_to_peer flag is set), and whether or not further token
+        exchanges are needed to finalize the security context.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.BadChannelBindingsError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
+

+[docs]
+def inquire_context(
+    context: SecurityContext,
+    initiator_name: bool = True,
+    target_name: bool = True,
+    lifetime: bool = True,
+    mech: bool = True,
+    flags: bool = True,
+    locally_init: bool = True,
+    complete: bool = True,
+) -> "InquireContextResult":
+    """Get information about a security context.
+
+    This method obtains information about a security context, including
+    the initiator and target names, as well as the TTL, mech,
+    flags, and its current state (open vs closed).
+
+    Note:
+        the target name may be ``None`` if it would have been ``GSS_C_NO_NAME``
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the context in
+            question
+
+    Returns:
+        InquireContextResult: the initiator name, the target name, the TTL
+        (can be None for indefinite or not supported), the mech type, the
+        flags, whether or not the context was locally initiated,
+        and whether or not the context is currently fully established
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def context_time(
+    context: SecurityContext,
+) -> int:
+    """Get the amount of time for which the given context will remain valid.
+
+    This method determines the amount of time for which the given
+    security context will remain valid.  An expired context will
+    give a result of 0.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context in question
+
+    Returns:
+        int: the number of seconds for which the context will be valid
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def process_context_token(
+    context: SecurityContext,
+    token: bytes,
+) -> None:
+    """Process a token asynchronously.
+
+    This method provides a way to process a token, even if the
+    given security context is not expecting one.  For example,
+    if the initiator has the initSecContext return that the context
+    is complete, but the acceptor is unable to accept the context,
+    and wishes to send a token to the initiator, letting the
+    initiator know of the error.
+
+    Warning:
+        This method has been essentially deprecated by :rfc:`2744`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context against which to process the token
+        token (bytes): the token to process
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def import_sec_context(
+    token: bytes,
+) -> SecurityContext:
+    """Import a context from another process.
+
+    This method imports a security context established in another process
+    by reading the specified token which was output by
+    :func:`export_sec_context`.
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.UnauthorizedError
+    """

+
+
+
+

+[docs]
+def export_sec_context(
+    context: SecurityContext,
+) -> bytes:
+    """Export a context for use in another process.
+
+    This method exports a security context, deactivating in the current process
+    and creating a token which can then be imported into another process
+    with :func:`import_sec_context`.
+
+    Warning: this modifies the input context
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the context to send
+            to another process
+
+    Returns:
+        bytes: the output token to be imported
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.OperationUnavailableError
+    """

+
+
+
+

+[docs]
+def delete_sec_context(
+    context: SecurityContext,
+    local_only: bool = True,
+) -> bytes:
+    """Delete a GSSAPI security context.
+
+    This method deletes a GSSAPI security context,
+    returning an output token to send to the other
+    holder of the security context to notify them
+    of the deletion.
+
+    Note:
+        This method generally should not be used.  :class:`SecurityContext`
+        objects will automatically be freed by Python.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context in question
+        local_only (bool): should we request local deletion (True), or also
+            remote deletion (False), in which case a token is also returned
+
+    Returns:
+        bytes: the output token (if remote deletion is requested).  Generally
+            this is None, but bytes for compatibility.
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/raw/types.html b/latest/_modules/gssapi/raw/types.html
new file mode 100644
index 00000000..dfdb325f
--- /dev/null
+++ b/latest/_modules/gssapi/raw/types.html
@@ -0,0 +1,440 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.types — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.types
+import numbers
+import typing as t
+
+from collections.abc import MutableSet
+from enum import IntEnum
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+class NameType:
+    """
+    GSSAPI Name Types
+
+    This enum-like object represents GSSAPI name
+    types (to be used with :func:`~gssapi.raw.names.import_name`, etc)
+    """
+    #: GSS_C_NT_ANONYMOUS 1.3.6.1.5.6.3
+

+[docs]
+    anonymous: "OID" = ...

+
+    #: GSS_C_NT_EXPORT_NAME 1.3.6.1.5.6.4
+

+[docs]
+    export: "OID" = ...

+
+    #: GSS_C_NT_HOSTBASED_SERVICE 1.2.840.113554.1.2.1.4
+

+[docs]
+    hostbased_service: "OID" = ...

+
+    #: GSS_C_NT_MACHINE_UID_NAME 1.2.840.113554.1.2.1.2
+

+[docs]
+    machine_uid: "OID" = ...

+
+    #: GSS_C_NT_STRING_UID_NAME 1.2.840.113554.1.2.1.3
+

+[docs]
+    string_uid: "OID" = ...

+
+    #: GSS_C_NT_USER_NAME 1.2.840.113554.1.2.1.1
+

+[docs]
+    user: "OID" = ...

+
+
+    # Provided through optional extensions
+    #: GSS_C_NT_COMPOSITE_EXPORT 1.3.6.1.5.6.6
+

+[docs]
+    composite_export: "OID" = ...

+
+    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
+

+[docs]
+    kerberos_principal: "OID" = ...

+
+    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
+

+[docs]
+    krb5_nt_principal_name: "OID" = ...

+

+
+
+
+

+[docs]
+class RequirementFlag(IntEnum):
+    """
+    GSSAPI Requirement Flags
+
+    This :class:`~enum.IntEnum` represents flags used with the
+    :class:`~gssapi.raw.sec_contexts.SecurityContext`-related methods (e.g.
+    :func:`~gssapi.raw.sec_contexts.init_sec_context`)
+
+    The numbers behind the values correspond directly
+    to their C counterparts.
+    """
+    # Note the values are only set here for documentation and type hints
+

+[docs]
+    delegate_to_peer = 1 #: GSS_C_DELEG_FLAG

+
+

+[docs]
+    mutual_authentication = 2 #: GSS_C_MUTUAL_FLAG

+
+

+[docs]
+    replay_detection = 4 #: GSS_C_REPLAY_FLAG

+
+

+[docs]
+    out_of_sequence_detection = 8 #: GSS_C_SEQUENCE_FLAG

+
+

+[docs]
+    confidentiality = 16 #: GSS_C_CONF_FLAG

+
+

+[docs]
+    integrity = 32 #: GSS_C_INTEG_FLAG

+
+

+[docs]
+    anonymity = 64 #: GSS_C_ANON_FLAG

+
+

+[docs]
+    protection_ready = 128 #: GSS_C_PROT_READY_FLAG

+
+

+[docs]
+    transferable = 256 #: GSS_C_TRANS_FLAG

+
+

+[docs]
+    channel_bound = 2048 #: GSS_C_CHANNEL_BOUND_FLAG

+
+

+[docs]
+    dce_style = 4096 #: GSS_C_DCE_STYLE

+
+

+[docs]
+    identify = 8192 #: GSS_C_IDENTIFY_FLAG

+
+

+[docs]
+    extended_error = 16384 #: GSS_C_EXTENDED_ERROR_FLAG

+
+

+[docs]
+    ok_as_delegate = 32768 #: GSS_C_DELEG_POLICY_FLAG

+

+
+
+
+

+[docs]
+class AddressType(IntEnum):
+    """
+    GSSAPI Channel Bindings Address Types
+
+    This :class:`~enum.IntEnum` represents the various address
+    types used with the :class:`~gssapi.raw.chan_bindings.ChannelBindings`
+    structure.
+
+    The numbers behind the values correspond directly
+    to their C counterparts.  There is no value for
+    ``GSS_C_AF_UNSPEC``, since this is represented
+    by ``None``.
+    """
+    # Note the values are only set here for documentation and type hints
+

+[docs]
+    local = 1 #: GSS_C_AF_LOCAL

+
+

+[docs]
+    ip = 2 #: GSS_C_AF_INET

+
+

+[docs]
+    arpanet = 3 #: GSS_C_AF_IMPLINK

+
+

+[docs]
+    pup = 4 #: GSS_C_AF_PUP

+
+

+[docs]
+    chaos = 5 #: GSS_C_AF_CHAOS

+
+

+[docs]
+    xerox_ns = 6 #: GSS_C_AF_NS

+
+

+[docs]
+    nbs = 7 #: GSS_C_AF_NBS

+
+

+[docs]
+    ecma = 8 #: GSS_C_AF_ECMA

+
+

+[docs]
+    datakit = 9 #: GSS_C_AF_DATAKIT

+
+

+[docs]
+    ccitt = 10 #: GSS_C_AF_CCITT

+
+

+[docs]
+    ibm_sna = 11 #: GSS_C_AF_SNA

+
+

+[docs]
+    decnet = 12 #: GSS_C_AF_DECnet

+
+

+[docs]
+    dli = 13 #: GSS_C_AF_DLI

+
+

+[docs]
+    lat = 14 #: GSS_C_AF_LAT

+
+

+[docs]
+    hyperchannel = 15 #: GSS_C_AF_HYLINK

+
+

+[docs]
+    appletalk = 16 #: GSS_C_AF_APPLETALK

+
+

+[docs]
+    bisync = 17 #: GSS_C_AF_BSC

+
+

+[docs]
+    dss = 18 #: GSS_C_AF_DSS

+
+

+[docs]
+    osi_tp4 = 19 #: GSS_C_AF_OSI

+
+

+[docs]
+    x25 = 21 #: GSS_C_AF_X25

+
+

+[docs]
+    null = 255 #: GSS_C_AF_NULLADDR

+

+
+
+
+

+[docs]
+class MechType:
+    """
+    GSSAPI Mechanism Types
+
+    This enum-like object contains any mechanism :class:`~gssapi.raw.oids.OID`
+    values registered by imported mechanisms.
+    """
+

+[docs]
+    kerberos: "OID" #: gss_mech_krb5 1.2.840.113554.1.2.2

+

+
+
+
+

+[docs]
+class GenericFlagSet(MutableSet):
+    """A set backed by a 32-bit integer
+
+    This is a set backed by a 32 bit integer.
+    the members are integers where only one
+    bit is set.
+
+    The class supports normal set operations,
+    as well as traditional "flag set" operations,
+    such as bitwise AND, OR, and XOR.
+    """
+
+

+[docs]
+    MAX_VAL: int

+
+
+    def __init__(
+        self,
+        flags: t.Optional[
+            t.Union[GenericFlagSet, numbers.Integral, int]
+        ] = None,
+    ) -> None: ...
+
+    def __contains__(
+        self,
+        flag: object,
+    ) -> bool: ...
+
+    def __iter__(self) -> t.Iterator[int]: ...
+
+    def __len__(self) -> int: ...
+
+

+[docs]
+    def add(
+        self,
+        flag: int,
+    ) -> None: ...

+
+
+

+[docs]
+    def discard(
+        self,
+        flag: int,
+    ) -> None: ...

+

+
+
+
+

+[docs]
+class IntEnumFlagSet(GenericFlagSet):
+    """A set backed by a 32-bit integer with enum members
+
+    This class is a :class:`GenericFlagSet` where the returned
+    members are values in an :class:`~enum.IntEnum`.
+
+    It functions exactly like a `GenericFlagSet`, except that
+    it also supports bitwise operations with the enum values.
+    """
+
+    def __init__(
+        self,
+        enum: t.Type[IntEnum],
+        flags: t.Optional[
+            t.Union[GenericFlagSet, numbers.Integral, int]
+        ] = None,
+    ) -> None: ...
+
+    def __iter__(self) -> t.Iterator[IntEnum]: ...

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/gssapi/sec_contexts.html b/latest/_modules/gssapi/sec_contexts.html
new file mode 100644
index 00000000..7787db1e
--- /dev/null
+++ b/latest/_modules/gssapi/sec_contexts.html
@@ -0,0 +1,759 @@
+
+
+
+
+
+  
+  
+  gssapi.sec_contexts — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.sec_contexts
+import typing as t
+
+from gssapi.raw import chan_bindings as rchan_bindings
+from gssapi.raw import sec_contexts as rsec_contexts
+from gssapi.raw import message as rmessage
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import names as rnames
+from gssapi.raw import oids as roids
+from gssapi.raw.types import RequirementFlag, IntEnumFlagSet
+
+import gssapi.exceptions as excs
+from gssapi import _utils
+from gssapi.names import Name
+from gssapi.creds import Credentials
+
+
+

+[docs]
+class SecurityContext(rsec_contexts.SecurityContext,
+                      metaclass=_utils.CheckLastError):
+    """A GSSAPI Security Context
+
+    This class represents a GSSAPI security context that may be used
+    with and/or returned by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI
+    :class:`~gssapi.raw.sec_contexts.SecurityContext` class,
+    and thus may used with both low-level and high-level API methods.
+
+    This class may be pickled and unpickled (the attached delegated
+    credentials object will not be preserved, however).
+    """
+
+    def __new__(
+        cls,
+        base: t.Optional[rsec_contexts.SecurityContext] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        creds: t.Optional[Credentials] = None,
+        lifetime: t.Optional[int] = None,
+        flags: t.Optional[int] = None,
+        mech: t.Optional[roids.OID] = None,
+        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
+        usage: t.Optional[str] = None,
+    ) -> "SecurityContext":
+
+        if token is not None:
+            base = rsec_contexts.import_sec_context(token)
+
+        return t.cast("SecurityContext",
+                      super(SecurityContext, cls).__new__(cls, base))
+
+    def __init__(
+        self,
+        base: t.Optional[rsec_contexts.SecurityContext] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        creds: t.Optional[Credentials] = None,
+        lifetime: t.Optional[int] = None,
+        flags: t.Optional[int] = None,
+        mech: t.Optional[roids.OID] = None,
+        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
+        usage: t.Optional[str] = None,
+    ) -> None:
+        """
+        The constructor creates a new security context, but does not begin
+        the initiate or accept process.
+
+        If the `base` argument is used, an existing
+        :class:`~gssapi.raw.sec_contexts.SecurityContext` object from
+        the low-level API is converted into a high-level object.
+
+        If the `token` argument is passed, the security context is imported
+        using the token.
+
+        Otherwise, a new security context is created.
+
+        If the `usage` argument is not passed, the constructor will attempt
+        to detect what the appropriate usage is based on either the existing
+        security context (if `base` or `token` are used) or the argument set.
+
+        For a security context of the `initiate` usage, the `name` argument
+        must be used, and the `creds`, `mech`, `flags`,
+        `lifetime`, and `channel_bindings` arguments may be
+        used as well.
+
+        For a security context of the `accept` usage, the `creds` and
+        `channel_bindings` arguments may optionally be used.
+        """
+
+        # NB(directxman12): _last_err must be set first
+        self._last_err = None
+
+        # determine the usage ('initiate' vs 'accept')
+        if base is None and token is None:
+            # this will be a new context
+            if usage is not None:
+                if usage not in ('initiate', 'accept'):
+                    msg = "Usage must be either 'initiate' or 'accept'"
+                    raise excs.UnknownUsageError(msg, obj="security context")
+
+                self.usage = usage
+            elif creds is not None and creds.usage != 'both':
+                self.usage = creds.usage
+            elif name is not None:
+                # if we pass a name, assume the usage is 'initiate'
+                self.usage = 'initiate'
+            else:
+                # if we don't pass a name, assume the usage is 'accept'
+                self.usage = 'accept'
+
+            # check for appropriate arguments
+            if self.usage == 'initiate':
+                # takes: creds?, target_name, mech?, flags?,
+                #        channel_bindings?
+                if name is None:
+                    raise TypeError("You must pass the 'name' argument when "
+                                    "creating an initiating security context")
+                self._target_name = name
+                self._mech = mech
+                self._desired_flags = IntEnumFlagSet(RequirementFlag, flags)
+                self._desired_lifetime = lifetime
+            else:
+                # takes creds?
+                if (name is not None or flags is not None or
+                        mech is not None or lifetime is not None):
+                    raise TypeError("You must pass at most the 'creds' "
+                                    "argument when creating an accepting "
+                                    "security context")
+
+            self._channel_bindings = channel_bindings
+            self._creds = creds
+
+            self._delegated_creds = None
+
+        else:
+            # we already have a context in progress, just inspect it
+            # NB(directxman12): MIT krb5 refuses to inquire about a context
+            # if it's partially established, so we have to check here
+
+            try:
+                if self.locally_initiated:
+                    self.usage = 'initiate'
+                else:
+                    self.usage = 'accept'
+            except excs.MissingContextError:
+                msg = ("Cannot extract usage from a partially completed "
+                       "context")
+                raise excs.UnknownUsageError(msg, obj="security context")
+
+        # This is to work around an MIT krb5 bug (see the `complete` property)
+        self._complete: t.Optional[bool] = None
+
+    # NB(directxman12): DO NOT ADD AN __del__ TO THIS CLASS -- it screws up
+    #                   the garbage collector if _last_tb is still defined
+
+    # TODO(directxman12): implement flag properties
+
+

+[docs]
+    def get_signature(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Calculate the signature for a message.
+
+        This method calculates the signature (called a MIC) for
+        the given message, which may be then used with
+        :meth:`verify_signature` to confirm the validity of the
+        signature.  This is useful if you wish to transmit the
+        message signature and message in your own format.
+
+        Args:
+            message (bytes): the input message
+
+        Returns:
+            bytes: the message signature
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        # TODO(directxman12): check flags?
+        return rmessage.get_mic(self, message)

+
+
+

+[docs]
+    def verify_signature(
+        self,
+        message: bytes,
+        mic: bytes,
+    ) -> int:
+        """Verify the signature for a message.
+
+        This method verifies that a signature (generated by
+        :meth:`get_signature` is valid for the given message.
+
+        If the signature is valid, the method will return.
+        Otherwise, it will raise an error.
+
+        Args:
+            message (bytes): the message
+            mic (bytes): the signature to verify
+
+        Returns:
+            int: the QoP used.
+
+        Raises:
+            ~gssapi.exceptions.BadMICError: the signature was not valid
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        return rmessage.verify_mic(self, message, mic)

+
+
+

+[docs]
+    def wrap(
+        self,
+        message: bytes,
+        encrypt: bool,
+    ) -> tuples.WrapResult:
+        """Wrap a message, optionally with encryption
+
+        This wraps a message, signing it and optionally
+        encrypting it.
+
+        Args:
+            message (bytes): the message to wrap
+            encrypt (bool): whether or not to encrypt the message
+
+        Returns:
+            WrapResult: the wrapped message and details about it
+            (e.g. whether encryption was used succesfully)
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        return rmessage.wrap(self, message, encrypt)

+
+
+

+[docs]
+    def unwrap(
+        self,
+        message: bytes,
+    ) -> tuples.UnwrapResult:
+        """Unwrap a wrapped message.
+
+        This method unwraps/unencrypts a wrapped message,
+        verifying the signature along the way.
+
+        Args:
+            message (bytes): the message to unwrap/decrypt
+
+        Returns:
+            UnwrapResult: the unwrapped message and details about it
+            (e.g. wheter encryption was used)
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        return rmessage.unwrap(self, message)

+
+
+

+[docs]
+    def encrypt(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Encrypt a message.
+
+        This method wraps and encrypts a message, similarly to
+        :meth:`wrap`.  The difference is that encryption is always
+        used, and the method will raise an exception if this is
+        not possible.  Additionally, this method simply returns
+        the encrypted message directly.
+
+        Args:
+            message (bytes): the message to encrypt
+
+        Returns:
+            bytes: the encrypted message
+
+        Raises:
+            ~gssapi.exceptions.EncryptionNotUsed: the encryption could not be
+                used
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        res = self.wrap(message, encrypt=True)
+
+        if not res.encrypted:
+            raise excs.EncryptionNotUsed("Wrapped message was not encrypted")
+
+        return res.message

+
+
+

+[docs]
+    def decrypt(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Decrypt a message.
+
+        This method decrypts and unwraps a message, verifying the signature
+        along the way, similarly to :meth:`unwrap`.  The difference is that
+        this method will raise an exception if encryption was established
+        by the context and not used, and simply returns the decrypted
+        message directly.
+
+        Args:
+            message (bytes): the encrypted message
+
+        Returns:
+            bytes: the decrypted message
+
+        Raises:
+            ~gssapi.exceptions.EncryptionNotUsed: encryption was expected, but
+                not used
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        res = self.unwrap(message)
+
+        if (not res.encrypted and
+                self.actual_flags & RequirementFlag.confidentiality):
+            raise excs.EncryptionNotUsed("The context was established with "
+                                         "encryption, but unwrapped message "
+                                         "was not encrypted",
+                                         unwrapped_message=res.message)
+
+        return res.message

+
+
+

+[docs]
+    def get_wrap_size_limit(
+        self,
+        desired_output_size: int,
+        encrypted: bool = True,
+    ) -> int:
+        """Calculate the maximum message size for a given wrapped message size.
+
+        This method calculates the maximum input message size for a given
+        maximum wrapped/encrypted message size.
+
+        Args:
+            desired_output_size (int): the maximum output message size
+            encrypted (bool): whether or not encryption should be taken
+                into account
+
+        Returns:
+            int: the maximum input message size
+
+        Raises:
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        return rmessage.wrap_size_limit(self, desired_output_size,
+                                        encrypted)

+
+
+

+[docs]
+    def process_token(
+        self,
+        token: bytes,
+    ) -> None:
+        """Process an output token asynchronously.
+
+        This method processes an output token even when the security context
+        was not expecting it.
+
+        Warning:
+            This method is deprecated.
+
+        Args:
+            token (bytes): the token to process
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        rsec_contexts.process_context_token(self, token)

+
+
+

+[docs]
+    def export(self) -> bytes:
+        """Export a security context.
+
+        This method exports a security context, allowing it to be passed
+        between processes.
+
+        Returns:
+            bytes: the exported security context
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.OperationUnavailableError
+        """
+
+        return rsec_contexts.export_sec_context(self)

+
+
+    _INQUIRE_ARGS = ('initiator_name', 'target_name', 'lifetime',
+                     'mech', 'flags', 'locally_init', 'complete')
+
+    @_utils.check_last_err
+    def _inquire(
+        self,
+        **kwargs: bool,
+    ) -> tuples.InquireContextResult:
+        """Inspect the security context for information
+
+        This method inspects the security context for information.
+
+        If no keyword arguments are passed, all available information
+        is returned.  Otherwise, only the keyword arguments that
+        are passed and set to `True` are returned.
+
+        Args:
+            initiator_name (bool): get the initiator name for this context
+            target_name (bool): get the target name for this context
+            lifetime (bool): get the remaining lifetime, in seconds, for this
+                context
+            mech (bool): get the :class:`MechType` used by this context
+            flags (bool): get the flags set on this context
+            locally_init (bool): get whether this context was locally initiated
+            complete (bool): get whether negotiation on this context has
+                been completed
+
+        Returns:
+            InquireContextResult: the results of the inquiry, with unused
+            fields set to None
+
+        Raises:
+            ~gssapi.exceptions.MissingContextError
+        """
+        if not kwargs:
+            default_val = True
+        else:
+            default_val = False
+
+        for arg in self._INQUIRE_ARGS:
+            kwargs[arg] = kwargs.get(arg, default_val)
+
+        res = rsec_contexts.inquire_context(self, **kwargs)
+
+        if (kwargs.get('initiator_name', False) and
+                res.initiator_name is not None):
+            init_name = Name(res.initiator_name)
+        else:
+            init_name = None
+
+        if (kwargs.get('target_name', False) and
+                res.target_name is not None):
+            target_name = Name(res.target_name)
+        else:
+            target_name = None
+
+        return tuples.InquireContextResult(init_name, target_name,
+                                           res.lifetime, res.mech,
+                                           res.flags, res.locally_init,
+                                           res.complete)
+
+    @property
+    def lifetime(self) -> int:
+        """The amount of time for which this context remains valid"""
+        return rsec_contexts.context_time(self)
+
+    @property
+    def delegated_creds(self) -> t.Optional[Credentials]:
+        """The credentials delegated from the initiator to the acceptor
+
+        .. warning::
+
+            This value will not be preserved across picklings.  These should
+            be separately exported and transferred.
+
+        """
+        return self._delegated_creds
+
+    initiator_name = _utils.inquire_property(
+        'initiator_name', 'The :class:`Name` of the initiator of this context')
+    target_name = _utils.inquire_property(
+        'target_name', 'The :class:`Name` of the target of this context')
+    mech = _utils.inquire_property(
+        'mech', 'The mechanism (:class:`MechType`) in use by this context')
+    actual_flags = _utils.inquire_property(
+        'flags', 'The flags set on this context')
+    locally_initiated = _utils.inquire_property(
+        'locally_init', 'Whether this context was locally intiated')
+
+    @property  # type: ignore # https://github.com/python/mypy/issues/1362
+    @_utils.check_last_err
+    def complete(self) -> bool:
+        """Whether negotiation for this context has been completed"""
+        # NB(directxman12): MIT krb5 has a bug where it refuses to
+        #                   inquire about partially completed contexts,
+        #                   so we can't just use `self._inquire` generally
+        if self._started:
+            complete = self._complete
+            if complete is None:
+                try:
+                    complete = self._inquire(complete=True).complete
+                except excs.MissingContextError:
+                    return False
+                else:
+                    self._complete = complete
+
+            return complete
+        else:
+            return False
+
+

+[docs]
+    @_utils.catch_and_return_token
+    def step(
+        self,
+        token: t.Optional[bytes] = None,
+    ) -> t.Optional[bytes]:
+        """Perform a negotation step.
+
+        This method performs a negotiation step based on the usage type
+        of this context.  If `__DEFER_STEP_ERRORS__` is set to True on
+        the class, this method will return a token, even when exceptions
+        would be thrown.  The generated exception will be thrown on the next
+        method call or property lookup on the context.
+        **This is the default behavior.**
+
+        This method should be used in a while loop, as such:
+
+        .. code-block:: python
+
+           input_token = None
+           try:
+               while not ctx.complete:
+                   output_token = ctx.step(input_token)
+                   if not output_token:
+                       break
+                   input_token = send_and_receive(output_token)
+           except GSSError as e:
+                handle_the_issue()
+
+        .. tip::
+
+            Disabling `__DEFER_STEP_ERRORS__` is rarely necessary.
+            When this method is used in a loop (as above),
+            `__DEFER_STEP_ERRORS__` will ensure that you always
+            send an error token when it's available,
+            keeping the other end of the security context updated
+            with the status of the negotiation.
+
+        Args:
+            token (bytes): the input token from the other participant's step
+
+        Returns:
+            bytes: the output token to send to the other participant
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.InvalidCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.BadChannelBindingsError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.ExpiredTokenError: (initiate only)
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadNameTypeError: (initiate only)
+            ~gssapi.exceptions.BadNameError: (initiate only)
+            ~gssapi.exceptions.BadMechanismError
+        """
+
+        if self.usage == 'accept':
+            return self._acceptor_step(token=token or b"")
+        else:
+            return self._initiator_step(token=token)

+
+
+    def _acceptor_step(
+        self,
+        token: bytes,
+    ) -> t.Optional[bytes]:
+        res = rsec_contexts.accept_sec_context(token, self._creds,
+                                               self, self._channel_bindings)
+
+        if res.delegated_creds is not None:
+            self._delegated_creds = Credentials(res.delegated_creds)
+        else:
+            self._delegated_creds = None
+
+        self._complete = not res.more_steps
+
+        return res.token
+
+    def _initiator_step(
+        self,
+        token: t.Optional[bytes] = None,
+    ) -> t.Optional[bytes]:
+        res = rsec_contexts.init_sec_context(self._target_name, self._creds,
+                                             self, self._mech,
+                                             self._desired_flags,
+                                             self._desired_lifetime,
+                                             self._channel_bindings,
+                                             token)
+
+        self._complete = not res.more_steps
+
+        return res.token
+
+    # pickle protocol support
+    def __reduce__(
+        self,
+    ) -> t.Tuple[t.Type["SecurityContext"], t.Tuple[None, bytes]]:
+        # the unpickle arguments to new are (base=None, token=self.export())
+        return (type(self), (None, self.export()))

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_modules/index.html b/latest/_modules/index.html
new file mode 100644
index 00000000..d01d9edd
--- /dev/null
+++ b/latest/_modules/index.html
@@ -0,0 +1,134 @@
+
+
+
+
+
+  
+  
+  Overview: module code — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Overview: module code
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           
+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/_sources/basic-tutorial.md.txt b/latest/_sources/basic-tutorial.md.txt
new file mode 100644
index 00000000..25b9232b
--- /dev/null
+++ b/latest/_sources/basic-tutorial.md.txt
@@ -0,0 +1,218 @@
+A Basic Introduction to GSSAPI
+==============================
+
+GSSAPI (which stands for "Generic Security Service API") is an
+standard layer for interfacing with security services.  While it
+supports multiple different mechanisms, it is most commonly used
+with Kerberos 5 ("krb5" for short).
+
+This tutorial will provide a basic introduction to interacting with
+GSSAPI through Python.
+
+*Note*: This file is designed to be runnable using
+[YALPT](https://github.com/directxman12/yalpt).  You can also just
+read it normally.
+
+To start out, we'll import python-gssapi, and save the current FQDN
+for later:
+
+    >>> import gssapi, socket
+    >>> FQDN = socket.getfqdn()
+    >>>
+
+Note that this assumes you have a KRB5 realm set up, and some relevant
+functions available in the `REALM` object (see gssapi-console.py in
+[gssapi_console](https://pypi.python.org/pypi/gssapi_console)), or
+try `$ run-lit -e gssapi basic-tutorial.md` when you have both
+gssapi_console and yalpt installed).  Any actions performed using the
+`REALM` object are not part of the GSSAPI library; the `REALM` object
+simply contains wrappers to krb5 commands generally run separately from
+the application using GSSAPI.
+
+Names and Credentials
+---------------------
+
+Two important concepts in GSSAPI are *names* and *credentials*.
+
+*Names*, as the name suggests, identify different entities, be they
+users or services.  GSSAPI has the concept of different *name types*.
+These represent different types of names and corresponding syntax
+for representing names as strings.
+
+Suppose we wanted to refer to an HTTP server on the current host.
+We could refer to it as a *host-based service*, or in the default
+mechanism form (in this case, for krb5):
+
+    >>> server_hostbased_name = gssapi.Name(f"HTTP@{FQDN}", name_type=gssapi.NameType.hostbased_service)
+    >>> server_hostbased_name
+    Name(b'HTTP@seton.mivehind.net', )
+    >>> server_name = gssapi.Name(f"HTTP/{FQDN}@")
+    >>> server_name
+    Name(b'HTTP/seton.mivehind.net@', None)
+    >>>
+
+These are both effectively the same, but if we *canonicalize* both
+names with respect to krb5, we'll see that GSSAPI knows they're the
+same:
+
+    >>> server_name == server_hostbased_name
+    False
+    >>> server_canon_name = server_name.canonicalize(gssapi.MechType.kerberos)
+    >>> server_hostbased_canon_name = server_hostbased_name.canonicalize(gssapi.MechType.kerberos)
+    >>> server_canon_name == server_hostbased_canon_name
+    True
+    >>>
+
+To compare two names of different name types, you should canonicalize
+them first.
+
+*Credentials* represent identification for a user or service.  In
+order to establish secure communication with other entities, a user
+or service first needs credentials.  For the krb5 mechanism,
+credentials generally represent a handle to the TGT.
+
+Credentials may be acquired for a particular name, or the default set
+of credentials may be acquired.
+
+For instance, suppose that we are writing a server, and wish to
+communicate accept connections as the 'HTTP' service.  We would need
+to acquire credentials as such:
+
+    >>> REALM.addprinc('HTTP/%s@%s' % (FQDN, REALM.realm))
+    >>> REALM.extract_keytab('HTTP/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
+    >>> server_creds = gssapi.Credentials(usage='accept', name=server_name)
+    >>>
+
+Note that for the krb5 mechanism, in order to acquire credentials with
+the GSSAPI, the system must already have a way to access those credentials.
+For users, this generally means that they have already performed a `kinit`
+(i.e. have cached a TGT), while for services (like above), having a keytab
+is sufficient.  This process is generally performed outside the application
+using the GSSAPI.
+
+Credentials have a *usage*: 'accept' for accepting security contexts,
+'initiate' for initiating security contexts, or 'both' for
+credentials used for both initiating and accepting security contexts.
+
+Credentials also have an associated *name*, *lifetime* (which may
+be `None` for indefinite), and set of *mechanisms* with which the
+credentials are usable:
+
+    >>> server_creds.usage
+    'accept'
+    >>> server_creds.name == server_name
+    True
+    >>> server_creds.lifetime is None
+    True
+    >>> gssapi.MechType.kerberos in server_creds.mechs
+    True
+    >>> gssapi.MechType.kerberos in server_creds.mechs
+    True
+    >>>
+
+Each of these settings is setable from the constructor as `usage`,
+`name`, `lifetime`, and `mechs`.
+
+Security Contexts
+-----------------
+
+*Security contexts* represent active sessions between two different
+entities.  Security contexts are used to verify identities, as well
+as ensure *integrity* (message signing), *confidentiality* (message
+encryption), or both for messages exchanged between the two parties.
+
+When establishing a security context, the default credentials are
+used unless otherwise specified.  This allows applications to use
+the user's already acquired credentials:
+
+    >>> client_ctx = gssapi.SecurityContext(name=server_name, usage='initiate')
+    >>> initial_client_token = client_ctx.step()
+    >>> client_ctx.complete
+    False
+    >>>
+
+Just like credentials, security contexts are either initiating
+contexts, or accepting contexts (they cannot be both).  Initiating
+contexts must specify at least a target name.  In this case,
+we indicate that we wish to establish a context with the HTTP server
+from above.  The http server can then accept that context:
+
+    >>> server_ctx = gssapi.SecurityContext(creds=server_creds, usage='accept')
+    >>> initial_server_token = server_ctx.step(initial_client_token)
+    >>>
+
+As you can see, creating an accepting security context is similar.
+Here, we specify a set of accepting credentials to use, although
+this is optional (the defaults will be used if no credentials are
+specified).
+
+Let's finish up the exchange:
+
+    >>> server_tok = initial_server_token
+    >>>
+    >>> while not (client_ctx.complete and server_ctx.complete):
+    ...     client_tok = client_ctx.step(server_tok)
+    ...     if not client_tok:
+    ...         break
+    ...     server_tok = server_ctx.step(client_tok)
+    ...
+    >>> client_ctx.complete and server_ctx.complete
+    True
+    >>>
+
+We can now wrap and unwrap messages, using the `wrap` and `unwrap` methods
+on `SecurityContext`:
+
+    >>> message = b'some message here'
+    >>> wrapped_message, msg_encrypted = client_ctx.wrap(message, True)
+    >>> message not in wrapped_message
+    True
+    >>> msg_encrypted
+    True
+    >>> server_ctx.unwrap(wrapped_message)
+    UnwrapResult(message=b'some message here', encrypted=True, qop=0)
+    >>>
+
+We can use the second parameter to control whether or not we encrypt the
+messages, or just sign them:
+
+    >>> signed_message, msg_encrypted = client_ctx.wrap(message, False)
+    >>> msg_encrypted
+    False
+    >>> message in signed_message
+    True
+    >>> server_ctx.unwrap(signed_message)
+    UnwrapResult(message=b'some message here', encrypted=False, qop=0)
+    >>>
+
+Manually passing in a second parameter and checking whether or not encryption
+was used can get tedious, so python-gssapi provides two convenience methods
+to help with this: `encrypt` and `decrypt`.  If the context is set up to use
+encryption, they will call `wrap` with encryption.  If not, they will
+call `wrap` without encryption.
+
+    >>> encrypted_message = client_ctx.encrypt(message)
+    >>> encrypted_message != message
+    True
+    >>> server_ctx.decrypt(encrypted_message)
+    b'some message here'
+    >>>
+
+Notice that if we try to use `decrypt` a signed message, and exception will be raised,
+since the context was set up to use encryption (the default):
+
+    >>> signed_message, _ = client_ctx.wrap(message, False)
+    >>> server_ctx.decrypt(signed_message)
+    Traceback (most recent call last):
+      File "", line 1, in 
+      File "", line 2, in decrypt
+      File "/usr/lib/python3.4/site-packages/gssapi/_utils.py", line 167, in check_last_err
+        return func(self, *args, **kwargs)
+      File "/usr/lib/python3.4/site-packages/gssapi/sec_contexts.py", line 295, in decrypt
+        unwrapped_message=res.message)
+    gssapi.exceptions.EncryptionNotUsed: Confidentiality was requested, but not used: The context was established with encryption, but unwrapped message was not encrypted.
+    >>>
+
+There you have it: the basics of GSSAPI.  You can use the `help` function
+at the interpreter, or check the [docs](http://pythonhosted.org/gssapi/)
+for more information.
diff --git a/latest/_sources/credstore.rst.txt b/latest/_sources/credstore.rst.txt
new file mode 100644
index 00000000..b777ca7c
--- /dev/null
+++ b/latest/_sources/credstore.rst.txt
@@ -0,0 +1,90 @@
+Common Values for Credentials Store Extensions
+==============================================
+
+The credentials store extension is an extension introduced by the MIT krb5
+library implementation of GSSAPI.  It allows for finer control of credentials
+from within a GSSAPI application.  Each mechanism can define keywords to
+manipulate various aspects of their credentials for storage or retrieval
+operations.
+
+.. note:
+
+   Only mechanisms that implement keywords can use them: some mechanisms may
+   share the same or similar keywords, but their meaning is always local to a
+   specific mechanism.
+
+.. note:
+
+   `None` is not a permitted value and will raise exceptions.  Phrased
+   differently, values must be strings, not empty.
+
+The krb5 mechanism in MIT libraries
+-----------------------------------
+
+The krb5 mechanism as implemented by MIT libraries supports the credentials
+store extension with a number of keywords.
+
+client_keytab
+"""""""""""""
+
+The `client_keytab` keyword can be used in a credential store when it is used
+with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions to indicate a custom
+location for a keytab containing client keys.  It is not used in the context
+of calls used to store credentials.
+
+The value is a string in the form **type:residual** where **type** can be any
+keytab storage type understood by the implementation and **residual** is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to `FILE`.
+
+keytab
+""""""
+
+The `keytab` keyword can be used in a credential store when it is used with
+the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions to indicate a custom
+location for a keytab containing service keys.  It is not used in the context
+of calls used to store credentials.
+
+The value is a string in the form **type:residual** where **type** can be any
+keytab storage type understood by the implementation and **residual** is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to `FILE`.
+
+ccache
+""""""
+
+The `ccache` keyword can be used to reference a specific credential storage.
+It can be used both to indicate the source of existing credentials for the
+:func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, as well as the
+destination storage for the :func:`gssapi.raw.ext_cred_store.store_cred_into`
+function.
+
+The value is a string in the form **type:residual** where **type** can be any
+credential cache storage type understood by the implementation and
+**residual** is the ccache identifier.  If the string is a path, then the type
+is defaulted to `FILE`.  Other commonly used types are `DIR`, `KEYRING`,
+`KCM`, and `MEMORY`.  Each type has a different format for the **residual**;
+refer to the MIT krb5 documentation for more details.
+
+rcache
+""""""
+
+The `rcache` keyword can be used to reference a custom replay cache storage.
+It is used only with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions for credentials used
+to accept context establishments, not to initiate contexts.
+
+The value is a string in the form **type:residual** where **type** can be any
+replay cache storage type understood by the implementation and **residual** is
+the cache identifier (usually something like a path).  If the string is a
+path, then the type is defaulted to `FILE`.
+
+The krb5 mechanism in Heimdal
+-----------------------------
+
+Heimdal has recently implemented the credential store extensions with the same
+interface as MIT krb5.  However, it is not yet present in any released
+version.
diff --git a/latest/_sources/gssapi.raw.rst.txt b/latest/_sources/gssapi.raw.rst.txt
new file mode 100644
index 00000000..912c5364
--- /dev/null
+++ b/latest/_sources/gssapi.raw.rst.txt
@@ -0,0 +1,203 @@
+Low-Level API
+=============
+
+.. py:module:: gssapi.raw
+
+The low-level API contains a variety of Python functions that map directly
+to the corresponding C functions.  Additionally, it contains several basic
+wrapper classes that wrap underlying C structs and automatically deallocate
+them when the Python object itself is deallocated.
+
+.. warning::
+
+    All methods in both the high-level and low-level APIs may throw the generic
+    GSSError exception.
+
+Core RFC 2744
+-------------
+
+Names
+~~~~~
+
+.. note::
+    Some functions in the following section will refer to
+    "mechanism names".  These are not names of mechanisms.
+    Instead, they are a special form of name specific to
+    a given mechanism.
+
+.. autoapimodule:: gssapi.raw.names
+    :members:
+    :undoc-members:
+
+Credentials
+~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.creds
+    :members:
+    :undoc-members:
+
+Security Contexts
+~~~~~~~~~~~~~~~~~
+
+.. autoapimodule::  gssapi.raw.sec_contexts
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.message
+    :members:
+    :undoc-members:
+
+Misc
+~~~~
+
+.. autoapimodule:: gssapi.raw.oids
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.misc
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.types
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.chan_bindings
+    :members:
+    :undoc-members:
+
+Additional RFCs and Extensions
+------------------------------
+
+The following is a list of GSSAPI extensions supported by the low-level API.
+
+.. note::
+    While all of these extensions have bindings, they may not be supported
+    by your particularly GSSAPI implementation.  In this case, they will not
+    be compiled, and will simply not be available in the :mod:`gssapi.raw`
+    namespace.
+
+:rfc:`4178` (GSS-API Negotiation Mechanism)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc4178
+    :members:
+    :undoc-members:
+
+:rfc:`5587` (GSS-API Extension for Mech Attributes)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc5587
+    :members:
+    :undoc-members:
+
+:rfc:`5588` (GSS-API Extension for Storing Delegated Credentials)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc5588
+    :members:
+    :undoc-members:
+
+:rfc:`5801` (GSS-API SASL Extensions)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc5801
+    :members:
+    :undoc-members:
+
+Credential Store Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_cred_store
+    :members:
+    :undoc-members:
+
+:rfc:`6680` (GSS-API Naming Extensions)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc6680
+    :members:
+    :undoc-members:
+
+Credentials Import-Export Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_cred_imp_exp
+    :members:
+    :undoc-members:
+
+DCE (IOV/AEAD) Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_dce
+    :members:
+    :undoc-members:
+
+..
+    gssapi.raw.ext_dce_aead is imported with ext_dce so no need to double up.
+
+
+IOV MIC Extensions
+~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_iov_mic
+    :members:
+    :undoc-members:
+
+Global Grid Forum (GGF) Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_ggf
+    :members:
+    :undoc-members:
+
+Services4User Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_s4u
+    :members:
+    :undoc-members:
+
+Acquiring Credentials With a Password Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_password
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.ext_password_add
+    :members:
+    :undoc-members:
+
+Kerberos Specific Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_krb5
+    :members:
+    :undoc-members:
+
+Other Extensions
+~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_set_cred_opt
+    :members:
+    :undoc-members:
+
+Results
+-------
+
+..
+    Use autoapimodule once
+    https://github.com/readthedocs/sphinx-autoapi/issues/323 is resolved.
+
+.. automodule:: gssapi.raw.named_tuples
+    :members:
+    :undoc-members:
+
+Exceptions
+----------
+
+.. autoapimodule:: gssapi.raw.exceptions
+    :members:
+    :undoc-members:
+    :show-inheritance:
diff --git a/latest/_sources/gssapi.rst.txt b/latest/_sources/gssapi.rst.txt
new file mode 100644
index 00000000..7c99fd49
--- /dev/null
+++ b/latest/_sources/gssapi.rst.txt
@@ -0,0 +1,127 @@
+High-Level API
+==============
+
+.. py:module:: gssapi
+
+The high-level API contains three main classes for interacting with GSSAPI,
+representing the primary abstractions that GSSAPI provides:
+:class:`~gssapi.names.Name`, :class:`~gssapi.creds.Credentials`, and
+:class:`~gssapi.sec_contexts.SecurityContext`.
+
+.. note::
+
+    Classes in the high-level API inherit from the corresponding classes in the
+    low-level API, and thus may be passed in to low-level API functions.
+
+.. warning::
+
+    All methods in both the high-level and low-level APIs may throw the generic
+    :class:`GSSError` exception.
+
+Main Classes
+------------
+
+Names
+"""""
+
+.. automodule:: gssapi.names
+    :members:
+    :undoc-members:
+
+Credentials
+"""""""""""
+
+.. automodule:: gssapi.creds
+    :members:
+    :undoc-members:
+
+Security Contexts
+"""""""""""""""""
+
+.. automodule:: gssapi.sec_contexts
+    :members:
+    :undoc-members:
+
+Enums and Helper Classes
+------------------------
+
+The following enumerations from the low-level API are also
+used with the high-level API.  For convenience, they are
+imported in the high-level API :mod:`gssapi` module:
+
+.. autoclass:: gssapi.NameType
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: gssapi.MechType
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. TODO(directxman12): Sphinx doesn't document enums properly yet,
+   so we need to figure out how to document them.
+
+.. autoclass:: gssapi.RequirementFlag
+    :show-inheritance:
+
+The ``ok_as_delegate`` flag corresponds to the C level flag
+``GSS_C_DELEG_POLICY_FLAG``. This flag is similar to ``delegate_to_peer``
+except it only delegates if the KDC delegation policies for the service
+principal allow it to use delegation. This is typically used on Microsoft
+domain environments to control whether constrained or unconstrained delegation
+is allowed for a service principal. By setting this flag, the delegation
+process follows the same behaviour as delegation on SSPI/Windows.
+
+Here are the four cases when either of these flags are set or not.
+
+Neither flag set
+   No delegation occurs.
+
+delegate_to_peer
+   Always try to delegate regardless of the KDC delegation policies.
+   ``delegate_to_peer`` is set in the return flags if successful.
+
+ok_as_delegate
+   Try to delegate but only if the KDC trusts the service principal for
+   delegation. ``delegate_to_peer`` and ``ok_as_delegate`` are set in the
+   return flags if successful.
+
+delegate_to_peer | ok_as_delegate
+   Acts like ``delegate_to_peer`` being set but will also set
+   ``ok_as_delegate`` in the return flags if the service principal was trusted
+   for delegation by the KDC.
+
+
+.. autoclass:: gssapi.AddressType
+    :show-inheritance:
+
+Similarly, there are a couple classes from the low-level API
+that are imported into the high-level API module.  These classes
+are less likely to be used directly by a user, but are returned
+by several methods:
+
+.. autoclass:: gssapi.OID
+    :members:
+
+.. autoclass:: gssapi.IntEnumFlagSet
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+Exceptions
+----------
+
+The high-level API can raise all of the exceptions that the low-level API
+can raise in addition to several other high-level-specific exceptions:
+
+.. automodule:: gssapi.exceptions
+    :members:
+    :undoc-members:
+    :show-inheritance:
+    :imported-members:
+
+Utilities
+---------
+
+.. autofunction:: gssapi.set_encoding
diff --git a/latest/_sources/index.rst.txt b/latest/_sources/index.rst.txt
new file mode 100644
index 00000000..1cf289bb
--- /dev/null
+++ b/latest/_sources/index.rst.txt
@@ -0,0 +1,41 @@
+.. Python-GSSAPI documentation master file, created by
+   sphinx-quickstart on Tue Jul  2 19:01:09 2013.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Python-GSSAPI: Python bindings for GSSAPI
+=========================================
+
+Python-GSSAPI provides Python bindings for the GSSAPI C bindings as defined
+by :rfc:`2744`, as well as several extensions.
+
+The package is organized into two parts: a high-level API and a low-level API.
+The high-level API resides in :mod:`gssapi`, and presents an object-oriented
+API around GSSAPI.
+
+The other part of Python-GSSAPI is the low-level API, which resides in
+:mod:`gssapi.raw`.  The low-level API provides thin wrappers around the
+corresponding C functions.  The high-level API makes use of the low-level API
+to access underlying GSSAPI functionality.  Additionally certain extensions
+are currently only available from the low-level API.
+
+To get started, check out the :doc:`tutorials page ` or jump
+straight into the :doc:`high-level API documentation `.
+
+.. toctree::
+   :hidden:
+   :maxdepth: 3
+
+   gssapi.rst
+   gssapi.raw.rst
+   otherdoc.rst
+   tutorials.rst
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
+
diff --git a/latest/_sources/otherdoc.rst.txt b/latest/_sources/otherdoc.rst.txt
new file mode 100644
index 00000000..7e8e6f30
--- /dev/null
+++ b/latest/_sources/otherdoc.rst.txt
@@ -0,0 +1,11 @@
+Other Documentation
+===================
+
+This section contain documentation that is not expressed directly in functions
+documentation, like implementation specific quirks or issues, implementation
+tips, environment influence on operations and similar.
+
+.. toctree::
+   :maxdepth: 1
+
+   credstore.rst
diff --git a/latest/_sources/tutorials.rst.txt b/latest/_sources/tutorials.rst.txt
new file mode 100644
index 00000000..86f364dc
--- /dev/null
+++ b/latest/_sources/tutorials.rst.txt
@@ -0,0 +1,10 @@
+Tutorials
+=========
+
+To get started with using Python-GSSAPI, check out some of the following tutorials:
+
+.. toctree::
+   :maxdepth: 1
+
+   basic-tutorial.md
+
diff --git a/latest/_static/_sphinx_javascript_frameworks_compat.js b/latest/_static/_sphinx_javascript_frameworks_compat.js
new file mode 100644
index 00000000..81415803
--- /dev/null
+++ b/latest/_static/_sphinx_javascript_frameworks_compat.js
@@ -0,0 +1,123 @@
+/* Compatability shim for jQuery and underscores.js.
+ *
+ * Copyright Sphinx contributors
+ * Released under the two clause BSD licence
+ */
+
+/**
+ * small helper function to urldecode strings
+ *
+ * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL
+ */
+jQuery.urldecode = function(x) {
+    if (!x) {
+        return x
+    }
+    return decodeURIComponent(x.replace(/\+/g, ' '));
+};
+
+/**
+ * small helper function to urlencode strings
+ */
+jQuery.urlencode = encodeURIComponent;
+
+/**
+ * This function returns the parsed url parameters of the
+ * current request. Multiple values per key are supported,
+ * it will always return arrays of strings for the value parts.
+ */
+jQuery.getQueryParameters = function(s) {
+    if (typeof s === 'undefined')
+        s = document.location.search;
+    var parts = s.substr(s.indexOf('?') + 1).split('&');
+    var result = {};
+    for (var i = 0; i < parts.length; i++) {
+        var tmp = parts[i].split('=', 2);
+        var key = jQuery.urldecode(tmp[0]);
+        var value = jQuery.urldecode(tmp[1]);
+        if (key in result)
+            result[key].push(value);
+        else
+            result[key] = [value];
+    }
+    return result;
+};
+
+/**
+ * highlight a given string on a jquery object by wrapping it in
+ * span elements with the given class name.
+ */
+jQuery.fn.highlightText = function(text, className) {
+    function highlight(node, addItems) {
+        if (node.nodeType === 3) {
+            var val = node.nodeValue;
+            var pos = val.toLowerCase().indexOf(text);
+            if (pos >= 0 &&
+                !jQuery(node.parentNode).hasClass(className) &&
+                !jQuery(node.parentNode).hasClass("nohighlight")) {
+                var span;
+                var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
+                if (isInSVG) {
+                    span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+                } else {
+                    span = document.createElement("span");
+                    span.className = className;
+                }
+                span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+                node.parentNode.insertBefore(span, node.parentNode.insertBefore(
+                    document.createTextNode(val.substr(pos + text.length)),
+                    node.nextSibling));
+                node.nodeValue = val.substr(0, pos);
+                if (isInSVG) {
+                    var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+                    var bbox = node.parentElement.getBBox();
+                    rect.x.baseVal.value = bbox.x;
+                    rect.y.baseVal.value = bbox.y;
+                    rect.width.baseVal.value = bbox.width;
+                    rect.height.baseVal.value = bbox.height;
+                    rect.setAttribute('class', className);
+                    addItems.push({
+                        "parent": node.parentNode,
+                        "target": rect});
+                }
+            }
+        }
+        else if (!jQuery(node).is("button, select, textarea")) {
+            jQuery.each(node.childNodes, function() {
+                highlight(this, addItems);
+            });
+        }
+    }
+    var addItems = [];
+    var result = this.each(function() {
+        highlight(this, addItems);
+    });
+    for (var i = 0; i < addItems.length; ++i) {
+        jQuery(addItems[i].parent).before(addItems[i].target);
+    }
+    return result;
+};
+
+/*
+ * backward compatibility for jQuery.browser
+ * This will be supported until firefox bug is fixed.
+ */
+if (!jQuery.browser) {
+    jQuery.uaMatch = function(ua) {
+        ua = ua.toLowerCase();
+
+        var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
+            /(webkit)[ \/]([\w.]+)/.exec(ua) ||
+            /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
+            /(msie) ([\w.]+)/.exec(ua) ||
+            ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
+            [];
+
+        return {
+            browser: match[ 1 ] || "",
+            version: match[ 2 ] || "0"
+        };
+    };
+    jQuery.browser = {};
+    jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
+}
diff --git a/latest/_static/basic.css b/latest/_static/basic.css
new file mode 100644
index 00000000..4738b2ed
--- /dev/null
+++ b/latest/_static/basic.css
@@ -0,0 +1,906 @@
+/*
+ * Sphinx stylesheet -- basic theme.
+ */
+
+/* -- main layout ----------------------------------------------------------- */
+
+div.clearer {
+    clear: both;
+}
+
+div.section::after {
+    display: block;
+    content: '';
+    clear: left;
+}
+
+/* -- relbar ---------------------------------------------------------------- */
+
+div.related {
+    width: 100%;
+    font-size: 90%;
+}
+
+div.related h3 {
+    display: none;
+}
+
+div.related ul {
+    margin: 0;
+    padding: 0 0 0 10px;
+    list-style: none;
+}
+
+div.related li {
+    display: inline;
+}
+
+div.related li.right {
+    float: right;
+    margin-right: 5px;
+}
+
+/* -- sidebar --------------------------------------------------------------- */
+
+div.sphinxsidebarwrapper {
+    padding: 10px 5px 0 10px;
+}
+
+div.sphinxsidebar {
+    float: left;
+    width: 230px;
+    margin-left: -100%;
+    font-size: 90%;
+    word-wrap: break-word;
+    overflow-wrap : break-word;
+}
+
+div.sphinxsidebar ul {
+    list-style: none;
+}
+
+div.sphinxsidebar ul ul,
+div.sphinxsidebar ul.want-points {
+    margin-left: 20px;
+    list-style: square;
+}
+
+div.sphinxsidebar ul ul {
+    margin-top: 0;
+    margin-bottom: 0;
+}
+
+div.sphinxsidebar form {
+    margin-top: 10px;
+}
+
+div.sphinxsidebar input {
+    border: 1px solid #98dbcc;
+    font-family: sans-serif;
+    font-size: 1em;
+}
+
+div.sphinxsidebar #searchbox form.search {
+    overflow: hidden;
+}
+
+div.sphinxsidebar #searchbox input[type="text"] {
+    float: left;
+    width: 80%;
+    padding: 0.25em;
+    box-sizing: border-box;
+}
+
+div.sphinxsidebar #searchbox input[type="submit"] {
+    float: left;
+    width: 20%;
+    border-left: none;
+    padding: 0.25em;
+    box-sizing: border-box;
+}
+
+
+img {
+    border: 0;
+    max-width: 100%;
+}
+
+/* -- search page ----------------------------------------------------------- */
+
+ul.search {
+    margin-top: 10px;
+}
+
+ul.search li {
+    padding: 5px 0;
+}
+
+ul.search li a {
+    font-weight: bold;
+}
+
+ul.search li p.context {
+    color: #888;
+    margin: 2px 0 0 30px;
+    text-align: left;
+}
+
+ul.keywordmatches li.goodmatch a {
+    font-weight: bold;
+}
+
+/* -- index page ------------------------------------------------------------ */
+
+table.contentstable {
+    width: 90%;
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table.contentstable p.biglink {
+    line-height: 150%;
+}
+
+a.biglink {
+    font-size: 1.3em;
+}
+
+span.linkdescr {
+    font-style: italic;
+    padding-top: 5px;
+    font-size: 90%;
+}
+
+/* -- general index --------------------------------------------------------- */
+
+table.indextable {
+    width: 100%;
+}
+
+table.indextable td {
+    text-align: left;
+    vertical-align: top;
+}
+
+table.indextable ul {
+    margin-top: 0;
+    margin-bottom: 0;
+    list-style-type: none;
+}
+
+table.indextable > tbody > tr > td > ul {
+    padding-left: 0em;
+}
+
+table.indextable tr.pcap {
+    height: 10px;
+}
+
+table.indextable tr.cap {
+    margin-top: 10px;
+    background-color: #f2f2f2;
+}
+
+img.toggler {
+    margin-right: 3px;
+    margin-top: 3px;
+    cursor: pointer;
+}
+
+div.modindex-jumpbox {
+    border-top: 1px solid #ddd;
+    border-bottom: 1px solid #ddd;
+    margin: 1em 0 1em 0;
+    padding: 0.4em;
+}
+
+div.genindex-jumpbox {
+    border-top: 1px solid #ddd;
+    border-bottom: 1px solid #ddd;
+    margin: 1em 0 1em 0;
+    padding: 0.4em;
+}
+
+/* -- domain module index --------------------------------------------------- */
+
+table.modindextable td {
+    padding: 2px;
+    border-collapse: collapse;
+}
+
+/* -- general body styles --------------------------------------------------- */
+
+div.body {
+    min-width: 360px;
+    max-width: 800px;
+}
+
+div.body p, div.body dd, div.body li, div.body blockquote {
+    -moz-hyphens: auto;
+    -ms-hyphens: auto;
+    -webkit-hyphens: auto;
+    hyphens: auto;
+}
+
+a.headerlink {
+    visibility: hidden;
+}
+
+a:visited {
+    color: #551A8B;
+}
+
+h1:hover > a.headerlink,
+h2:hover > a.headerlink,
+h3:hover > a.headerlink,
+h4:hover > a.headerlink,
+h5:hover > a.headerlink,
+h6:hover > a.headerlink,
+dt:hover > a.headerlink,
+caption:hover > a.headerlink,
+p.caption:hover > a.headerlink,
+div.code-block-caption:hover > a.headerlink {
+    visibility: visible;
+}
+
+div.body p.caption {
+    text-align: inherit;
+}
+
+div.body td {
+    text-align: left;
+}
+
+.first {
+    margin-top: 0 !important;
+}
+
+p.rubric {
+    margin-top: 30px;
+    font-weight: bold;
+}
+
+img.align-left, figure.align-left, .figure.align-left, object.align-left {
+    clear: left;
+    float: left;
+    margin-right: 1em;
+}
+
+img.align-right, figure.align-right, .figure.align-right, object.align-right {
+    clear: right;
+    float: right;
+    margin-left: 1em;
+}
+
+img.align-center, figure.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+img.align-default, figure.align-default, .figure.align-default {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+    text-align: left;
+}
+
+.align-center {
+    text-align: center;
+}
+
+.align-default {
+    text-align: center;
+}
+
+.align-right {
+    text-align: right;
+}
+
+/* -- sidebars -------------------------------------------------------------- */
+
+div.sidebar,
+aside.sidebar {
+    margin: 0 0 0.5em 1em;
+    border: 1px solid #ddb;
+    padding: 7px;
+    background-color: #ffe;
+    width: 40%;
+    float: right;
+    clear: right;
+    overflow-x: auto;
+}
+
+p.sidebar-title {
+    font-weight: bold;
+}
+
+nav.contents,
+aside.topic,
+div.admonition, div.topic, blockquote {
+    clear: left;
+}
+
+/* -- topics ---------------------------------------------------------------- */
+
+nav.contents,
+aside.topic,
+div.topic {
+    border: 1px solid #ccc;
+    padding: 7px;
+    margin: 10px 0 10px 0;
+}
+
+p.topic-title {
+    font-size: 1.1em;
+    font-weight: bold;
+    margin-top: 10px;
+}
+
+/* -- admonitions ----------------------------------------------------------- */
+
+div.admonition {
+    margin-top: 10px;
+    margin-bottom: 10px;
+    padding: 7px;
+}
+
+div.admonition dt {
+    font-weight: bold;
+}
+
+p.admonition-title {
+    margin: 0px 10px 5px 0px;
+    font-weight: bold;
+}
+
+div.body p.centered {
+    text-align: center;
+    margin-top: 25px;
+}
+
+/* -- content of sidebars/topics/admonitions -------------------------------- */
+
+div.sidebar > :last-child,
+aside.sidebar > :last-child,
+nav.contents > :last-child,
+aside.topic > :last-child,
+div.topic > :last-child,
+div.admonition > :last-child {
+    margin-bottom: 0;
+}
+
+div.sidebar::after,
+aside.sidebar::after,
+nav.contents::after,
+aside.topic::after,
+div.topic::after,
+div.admonition::after,
+blockquote::after {
+    display: block;
+    content: '';
+    clear: both;
+}
+
+/* -- tables ---------------------------------------------------------------- */
+
+table.docutils {
+    margin-top: 10px;
+    margin-bottom: 10px;
+    border: 0;
+    border-collapse: collapse;
+}
+
+table.align-center {
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table.align-default {
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table caption span.caption-number {
+    font-style: italic;
+}
+
+table caption span.caption-text {
+}
+
+table.docutils td, table.docutils th {
+    padding: 1px 8px 1px 5px;
+    border-top: 0;
+    border-left: 0;
+    border-right: 0;
+    border-bottom: 1px solid #aaa;
+}
+
+th {
+    text-align: left;
+    padding-right: 5px;
+}
+
+table.citation {
+    border-left: solid 1px gray;
+    margin-left: 1px;
+}
+
+table.citation td {
+    border-bottom: none;
+}
+
+th > :first-child,
+td > :first-child {
+    margin-top: 0px;
+}
+
+th > :last-child,
+td > :last-child {
+    margin-bottom: 0px;
+}
+
+/* -- figures --------------------------------------------------------------- */
+
+div.figure, figure {
+    margin: 0.5em;
+    padding: 0.5em;
+}
+
+div.figure p.caption, figcaption {
+    padding: 0.3em;
+}
+
+div.figure p.caption span.caption-number,
+figcaption span.caption-number {
+    font-style: italic;
+}
+
+div.figure p.caption span.caption-text,
+figcaption span.caption-text {
+}
+
+/* -- field list styles ----------------------------------------------------- */
+
+table.field-list td, table.field-list th {
+    border: 0 !important;
+}
+
+.field-list ul {
+    margin: 0;
+    padding-left: 1em;
+}
+
+.field-list p {
+    margin: 0;
+}
+
+.field-name {
+    -moz-hyphens: manual;
+    -ms-hyphens: manual;
+    -webkit-hyphens: manual;
+    hyphens: manual;
+}
+
+/* -- hlist styles ---------------------------------------------------------- */
+
+table.hlist {
+    margin: 1em 0;
+}
+
+table.hlist td {
+    vertical-align: top;
+}
+
+/* -- object description styles --------------------------------------------- */
+
+.sig {
+	font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
+}
+
+.sig-name, code.descname {
+    background-color: transparent;
+    font-weight: bold;
+}
+
+.sig-name {
+	font-size: 1.1em;
+}
+
+code.descname {
+    font-size: 1.2em;
+}
+
+.sig-prename, code.descclassname {
+    background-color: transparent;
+}
+
+.optional {
+    font-size: 1.3em;
+}
+
+.sig-paren {
+    font-size: larger;
+}
+
+.sig-param.n {
+	font-style: italic;
+}
+
+/* C++ specific styling */
+
+.sig-inline.c-texpr,
+.sig-inline.cpp-texpr {
+	font-family: unset;
+}
+
+.sig.c   .k, .sig.c   .kt,
+.sig.cpp .k, .sig.cpp .kt {
+	color: #0033B3;
+}
+
+.sig.c   .m,
+.sig.cpp .m {
+	color: #1750EB;
+}
+
+.sig.c   .s, .sig.c   .sc,
+.sig.cpp .s, .sig.cpp .sc {
+	color: #067D17;
+}
+
+
+/* -- other body styles ----------------------------------------------------- */
+
+ol.arabic {
+    list-style: decimal;
+}
+
+ol.loweralpha {
+    list-style: lower-alpha;
+}
+
+ol.upperalpha {
+    list-style: upper-alpha;
+}
+
+ol.lowerroman {
+    list-style: lower-roman;
+}
+
+ol.upperroman {
+    list-style: upper-roman;
+}
+
+:not(li) > ol > li:first-child > :first-child,
+:not(li) > ul > li:first-child > :first-child {
+    margin-top: 0px;
+}
+
+:not(li) > ol > li:last-child > :last-child,
+:not(li) > ul > li:last-child > :last-child {
+    margin-bottom: 0px;
+}
+
+ol.simple ol p,
+ol.simple ul p,
+ul.simple ol p,
+ul.simple ul p {
+    margin-top: 0;
+}
+
+ol.simple > li:not(:first-child) > p,
+ul.simple > li:not(:first-child) > p {
+    margin-top: 0;
+}
+
+ol.simple p,
+ul.simple p {
+    margin-bottom: 0;
+}
+
+aside.footnote > span,
+div.citation > span {
+    float: left;
+}
+aside.footnote > span:last-of-type,
+div.citation > span:last-of-type {
+  padding-right: 0.5em;
+}
+aside.footnote > p {
+  margin-left: 2em;
+}
+div.citation > p {
+  margin-left: 4em;
+}
+aside.footnote > p:last-of-type,
+div.citation > p:last-of-type {
+    margin-bottom: 0em;
+}
+aside.footnote > p:last-of-type:after,
+div.citation > p:last-of-type:after {
+    content: "";
+    clear: both;
+}
+
+dl.field-list {
+    display: grid;
+    grid-template-columns: fit-content(30%) auto;
+}
+
+dl.field-list > dt {
+    font-weight: bold;
+    word-break: break-word;
+    padding-left: 0.5em;
+    padding-right: 5px;
+}
+
+dl.field-list > dd {
+    padding-left: 0.5em;
+    margin-top: 0em;
+    margin-left: 0em;
+    margin-bottom: 0em;
+}
+
+dl {
+    margin-bottom: 15px;
+}
+
+dd > :first-child {
+    margin-top: 0px;
+}
+
+dd ul, dd table {
+    margin-bottom: 10px;
+}
+
+dd {
+    margin-top: 3px;
+    margin-bottom: 10px;
+    margin-left: 30px;
+}
+
+.sig dd {
+    margin-top: 0px;
+    margin-bottom: 0px;
+}
+
+.sig dl {
+    margin-top: 0px;
+    margin-bottom: 0px;
+}
+
+dl > dd:last-child,
+dl > dd:last-child > :last-child {
+    margin-bottom: 0;
+}
+
+dt:target, span.highlighted {
+    background-color: #fbe54e;
+}
+
+rect.highlighted {
+    fill: #fbe54e;
+}
+
+dl.glossary dt {
+    font-weight: bold;
+    font-size: 1.1em;
+}
+
+.versionmodified {
+    font-style: italic;
+}
+
+.system-message {
+    background-color: #fda;
+    padding: 5px;
+    border: 3px solid red;
+}
+
+.footnote:target  {
+    background-color: #ffa;
+}
+
+.line-block {
+    display: block;
+    margin-top: 1em;
+    margin-bottom: 1em;
+}
+
+.line-block .line-block {
+    margin-top: 0;
+    margin-bottom: 0;
+    margin-left: 1.5em;
+}
+
+.guilabel, .menuselection {
+    font-family: sans-serif;
+}
+
+.accelerator {
+    text-decoration: underline;
+}
+
+.classifier {
+    font-style: oblique;
+}
+
+.classifier:before {
+    font-style: normal;
+    margin: 0 0.5em;
+    content: ":";
+    display: inline-block;
+}
+
+abbr, acronym {
+    border-bottom: dotted 1px;
+    cursor: help;
+}
+
+/* -- code displays --------------------------------------------------------- */
+
+pre {
+    overflow: auto;
+    overflow-y: hidden;  /* fixes display issues on Chrome browsers */
+}
+
+pre, div[class*="highlight-"] {
+    clear: both;
+}
+
+span.pre {
+    -moz-hyphens: none;
+    -ms-hyphens: none;
+    -webkit-hyphens: none;
+    hyphens: none;
+    white-space: nowrap;
+}
+
+div[class*="highlight-"] {
+    margin: 1em 0;
+}
+
+td.linenos pre {
+    border: 0;
+    background-color: transparent;
+    color: #aaa;
+}
+
+table.highlighttable {
+    display: block;
+}
+
+table.highlighttable tbody {
+    display: block;
+}
+
+table.highlighttable tr {
+    display: flex;
+}
+
+table.highlighttable td {
+    margin: 0;
+    padding: 0;
+}
+
+table.highlighttable td.linenos {
+    padding-right: 0.5em;
+}
+
+table.highlighttable td.code {
+    flex: 1;
+    overflow: hidden;
+}
+
+.highlight .hll {
+    display: block;
+}
+
+div.highlight pre,
+table.highlighttable pre {
+    margin: 0;
+}
+
+div.code-block-caption + div {
+    margin-top: 0;
+}
+
+div.code-block-caption {
+    margin-top: 1em;
+    padding: 2px 5px;
+    font-size: small;
+}
+
+div.code-block-caption code {
+    background-color: transparent;
+}
+
+table.highlighttable td.linenos,
+span.linenos,
+div.highlight span.gp {  /* gp: Generic.Prompt */
+  user-select: none;
+  -webkit-user-select: text; /* Safari fallback only */
+  -webkit-user-select: none; /* Chrome/Safari */
+  -moz-user-select: none; /* Firefox */
+  -ms-user-select: none; /* IE10+ */
+}
+
+div.code-block-caption span.caption-number {
+    padding: 0.1em 0.3em;
+    font-style: italic;
+}
+
+div.code-block-caption span.caption-text {
+}
+
+div.literal-block-wrapper {
+    margin: 1em 0;
+}
+
+code.xref, a code {
+    background-color: transparent;
+    font-weight: bold;
+}
+
+h1 code, h2 code, h3 code, h4 code, h5 code, h6 code {
+    background-color: transparent;
+}
+
+.viewcode-link {
+    float: right;
+}
+
+.viewcode-back {
+    float: right;
+    font-family: sans-serif;
+}
+
+div.viewcode-block:target {
+    margin: -1px -10px;
+    padding: 0 10px;
+}
+
+/* -- math display ---------------------------------------------------------- */
+
+img.math {
+    vertical-align: middle;
+}
+
+div.body div.math p {
+    text-align: center;
+}
+
+span.eqno {
+    float: right;
+}
+
+span.eqno a.headerlink {
+    position: absolute;
+    z-index: 1;
+}
+
+div.math:hover a.headerlink {
+    visibility: visible;
+}
+
+/* -- printout stylesheet --------------------------------------------------- */
+
+@media print {
+    div.document,
+    div.documentwrapper,
+    div.bodywrapper {
+        margin: 0 !important;
+        width: 100%;
+    }
+
+    div.sphinxsidebar,
+    div.related,
+    div.footer,
+    #top-link {
+        display: none;
+    }
+}
\ No newline at end of file
diff --git a/latest/_static/css/badge_only.css b/latest/_static/css/badge_only.css
new file mode 100644
index 00000000..88ba55b9
--- /dev/null
+++ b/latest/_static/css/badge_only.css
@@ -0,0 +1 @@
+.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions .rst-other-versions .rtd-current-item{font-weight:700}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}#flyout-search-form{padding:6px}
\ No newline at end of file
diff --git a/latest/_static/css/fonts/Roboto-Slab-Bold.woff b/latest/_static/css/fonts/Roboto-Slab-Bold.woff
new file mode 100644
index 00000000..6cb60000
Binary files /dev/null and b/latest/_static/css/fonts/Roboto-Slab-Bold.woff differ
diff --git a/latest/_static/css/fonts/Roboto-Slab-Bold.woff2 b/latest/_static/css/fonts/Roboto-Slab-Bold.woff2
new file mode 100644
index 00000000..7059e231
Binary files /dev/null and b/latest/_static/css/fonts/Roboto-Slab-Bold.woff2 differ
diff --git a/latest/_static/css/fonts/Roboto-Slab-Regular.woff b/latest/_static/css/fonts/Roboto-Slab-Regular.woff
new file mode 100644
index 00000000..f815f63f
Binary files /dev/null and b/latest/_static/css/fonts/Roboto-Slab-Regular.woff differ
diff --git a/latest/_static/css/fonts/Roboto-Slab-Regular.woff2 b/latest/_static/css/fonts/Roboto-Slab-Regular.woff2
new file mode 100644
index 00000000..f2c76e5b
Binary files /dev/null and b/latest/_static/css/fonts/Roboto-Slab-Regular.woff2 differ
diff --git a/latest/_static/css/fonts/fontawesome-webfont.eot b/latest/_static/css/fonts/fontawesome-webfont.eot
new file mode 100644
index 00000000..e9f60ca9
Binary files /dev/null and b/latest/_static/css/fonts/fontawesome-webfont.eot differ
diff --git a/latest/_static/css/fonts/fontawesome-webfont.svg b/latest/_static/css/fonts/fontawesome-webfont.svg
new file mode 100644
index 00000000..855c845e
--- /dev/null
+++ b/latest/_static/css/fonts/fontawesome-webfont.svg
@@ -0,0 +1,2671 @@
+
+
+
+
+Created by FontForge 20120731 at Mon Oct 24 17:37:40 2016
+ By ,,,
+Copyright Dave Gandy 2016. All rights reserved.
+
+
+
+  
+
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+  
+
diff --git a/latest/_static/css/fonts/fontawesome-webfont.ttf b/latest/_static/css/fonts/fontawesome-webfont.ttf
new file mode 100644
index 00000000..35acda2f
Binary files /dev/null and b/latest/_static/css/fonts/fontawesome-webfont.ttf differ
diff --git a/latest/_static/css/fonts/fontawesome-webfont.woff b/latest/_static/css/fonts/fontawesome-webfont.woff
new file mode 100644
index 00000000..400014a4
Binary files /dev/null and b/latest/_static/css/fonts/fontawesome-webfont.woff differ
diff --git a/latest/_static/css/fonts/fontawesome-webfont.woff2 b/latest/_static/css/fonts/fontawesome-webfont.woff2
new file mode 100644
index 00000000..4d13fc60
Binary files /dev/null and b/latest/_static/css/fonts/fontawesome-webfont.woff2 differ
diff --git a/latest/_static/css/fonts/lato-bold-italic.woff b/latest/_static/css/fonts/lato-bold-italic.woff
new file mode 100644
index 00000000..88ad05b9
Binary files /dev/null and b/latest/_static/css/fonts/lato-bold-italic.woff differ
diff --git a/latest/_static/css/fonts/lato-bold-italic.woff2 b/latest/_static/css/fonts/lato-bold-italic.woff2
new file mode 100644
index 00000000..c4e3d804
Binary files /dev/null and b/latest/_static/css/fonts/lato-bold-italic.woff2 differ
diff --git a/latest/_static/css/fonts/lato-bold.woff b/latest/_static/css/fonts/lato-bold.woff
new file mode 100644
index 00000000..c6dff51f
Binary files /dev/null and b/latest/_static/css/fonts/lato-bold.woff differ
diff --git a/latest/_static/css/fonts/lato-bold.woff2 b/latest/_static/css/fonts/lato-bold.woff2
new file mode 100644
index 00000000..bb195043
Binary files /dev/null and b/latest/_static/css/fonts/lato-bold.woff2 differ
diff --git a/latest/_static/css/fonts/lato-normal-italic.woff b/latest/_static/css/fonts/lato-normal-italic.woff
new file mode 100644
index 00000000..76114bc0
Binary files /dev/null and b/latest/_static/css/fonts/lato-normal-italic.woff differ
diff --git a/latest/_static/css/fonts/lato-normal-italic.woff2 b/latest/_static/css/fonts/lato-normal-italic.woff2
new file mode 100644
index 00000000..3404f37e
Binary files /dev/null and b/latest/_static/css/fonts/lato-normal-italic.woff2 differ
diff --git a/latest/_static/css/fonts/lato-normal.woff b/latest/_static/css/fonts/lato-normal.woff
new file mode 100644
index 00000000..ae1307ff
Binary files /dev/null and b/latest/_static/css/fonts/lato-normal.woff differ
diff --git a/latest/_static/css/fonts/lato-normal.woff2 b/latest/_static/css/fonts/lato-normal.woff2
new file mode 100644
index 00000000..3bf98433
Binary files /dev/null and b/latest/_static/css/fonts/lato-normal.woff2 differ
diff --git a/latest/_static/css/theme.css b/latest/_static/css/theme.css
new file mode 100644
index 00000000..0f14f106
--- /dev/null
+++ b/latest/_static/css/theme.css
@@ -0,0 +1,4 @@
+html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden],audio:not([controls]){display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;text-decoration:none}ins,mark{color:#000}mark{background:#ff0;font-style:italic;font-weight:700}.rst-content code,.rst-content tt,code,kbd,pre,samp{font-family:monospace,serif;_font-family:courier new,monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:after,q:before{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}dl,ol,ul{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure,form{margin:0}label{cursor:pointer}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}textarea{resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none!important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{body,html,section{background:none!important}*{box-shadow:none!important;text-shadow:none!important;filter:none!important;-ms-filter:none!important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="#"]:after,a[href^="javascript:"]:after{content:""}blockquote,pre{page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}.rst-content .toctree-wrapper>p.caption,h2,h3,p{orphans:3;widows:3}.rst-content .toctree-wrapper>p.caption,h2,h3{page-break-after:avoid}}.btn,.fa:before,.icon:before,.rst-content .admonition,.rst-content .admonition-title:before,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .code-block-caption .headerlink:before,.rst-content .danger,.rst-content .eqno .headerlink:before,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-alert,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before,input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week],select,textarea{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}/*!
+ *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
+ *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
+ */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:""}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:""}.fa-search-plus:before{content:""}.fa-search-minus:before{content:""}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:""}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:""}.fa-map-marker:before{content:""}.fa-adjust:before{content:""}.fa-tint:before{content:""}.fa-edit:before,.fa-pencil-square-o:before{content:""}.fa-share-square-o:before{content:""}.fa-check-square-o:before{content:""}.fa-arrows:before{content:""}.fa-step-backward:before{content:""}.fa-fast-backward:before{content:""}.fa-backward:before{content:""}.fa-play:before{content:""}.fa-pause:before{content:""}.fa-stop:before{content:""}.fa-forward:before{content:""}.fa-fast-forward:before{content:""}.fa-step-forward:before{content:""}.fa-eject:before{content:""}.fa-chevron-left:before{content:""}.fa-chevron-right:before{content:""}.fa-plus-circle:before{content:""}.fa-minus-circle:before{content:""}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:""}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:""}.fa-question-circle:before{content:""}.fa-info-circle:before{content:""}.fa-crosshairs:before{content:""}.fa-times-circle-o:before{content:""}.fa-check-circle-o:before{content:""}.fa-ban:before{content:""}.fa-arrow-left:before{content:""}.fa-arrow-right:before{content:""}.fa-arrow-up:before{content:""}.fa-arrow-down:before{content:""}.fa-mail-forward:before,.fa-share:before{content:""}.fa-expand:before{content:""}.fa-compress:before{content:""}.fa-plus:before{content:""}.fa-minus:before{content:""}.fa-asterisk:before{content:""}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:""}.fa-gift:before{content:""}.fa-leaf:before{content:""}.fa-fire:before,.icon-fire:before{content:""}.fa-eye:before{content:""}.fa-eye-slash:before{content:""}.fa-exclamation-triangle:before,.fa-warning:before{content:""}.fa-plane:before{content:""}.fa-calendar:before{content:""}.fa-random:before{content:""}.fa-comment:before{content:""}.fa-magnet:before{content:""}.fa-chevron-up:before{content:""}.fa-chevron-down:before{content:""}.fa-retweet:before{content:""}.fa-shopping-cart:before{content:""}.fa-folder:before{content:""}.fa-folder-open:before{content:""}.fa-arrows-v:before{content:""}.fa-arrows-h:before{content:""}.fa-bar-chart-o:before,.fa-bar-chart:before{content:""}.fa-twitter-square:before{content:""}.fa-facebook-square:before{content:""}.fa-camera-retro:before{content:""}.fa-key:before{content:""}.fa-cogs:before,.fa-gears:before{content:""}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:""}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:""}.fa-external-link:before{content:""}.fa-sign-in:before{content:""}.fa-trophy:before{content:""}.fa-github-square:before{content:""}.fa-upload:before{content:""}.fa-lemon-o:before{content:""}.fa-phone:before{content:""}.fa-square-o:before{content:""}.fa-bookmark-o:before{content:""}.fa-phone-square:before{content:""}.fa-twitter:before{content:""}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:""}.fa-unlock:before{content:""}.fa-credit-card:before{content:""}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:""}.fa-bullhorn:before{content:""}.fa-bell:before{content:""}.fa-certificate:before{content:""}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:""}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:""}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:""}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:""}.fa-globe:before{content:""}.fa-wrench:before{content:""}.fa-tasks:before{content:""}.fa-filter:before{content:""}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:""}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:""}.fa-table:before{content:""}.fa-magic:before{content:""}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:""}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:""}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:""}.fa-angle-double-right:before{content:""}.fa-angle-double-up:before{content:""}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:""}.fa-angle-right:before{content:""}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:""}.fa-circle-o:before{content:""}.fa-quote-left:before{content:""}.fa-quote-right:before{content:""}.fa-spinner:before{content:""}.fa-circle:before{content:""}.fa-mail-reply:before,.fa-reply:before{content:""}.fa-github-alt:before{content:""}.fa-folder-o:before{content:""}.fa-folder-open-o:before{content:""}.fa-smile-o:before{content:""}.fa-frown-o:before{content:""}.fa-meh-o:before{content:""}.fa-gamepad:before{content:""}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:""}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:""}.fa-code:before{content:""}.fa-mail-reply-all:before,.fa-reply-all:before{content:""}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:""}.fa-location-arrow:before{content:""}.fa-crop:before{content:""}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:""}.fa-question:before{content:""}.fa-info:before{content:""}.fa-exclamation:before{content:""}.fa-superscript:before{content:""}.fa-subscript:before{content:""}.fa-eraser:before{content:""}.fa-puzzle-piece:before{content:""}.fa-microphone:before{content:""}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:""}.fa-rocket:before{content:""}.fa-maxcdn:before{content:""}.fa-chevron-circle-left:before{content:""}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:""}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:""}.fa-ellipsis-h:before{content:""}.fa-ellipsis-v:before{content:""}.fa-rss-square:before{content:""}.fa-play-circle:before{content:""}.fa-ticket:before{content:""}.fa-minus-square:before{content:""}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:""}.fa-level-up:before{content:""}.fa-level-down:before{content:""}.fa-check-square:before{content:""}.fa-pencil-square:before{content:""}.fa-external-link-square:before{content:""}.fa-share-square:before{content:""}.fa-compass:before{content:""}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:""}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:""}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:""}.fa-eur:before,.fa-euro:before{content:""}.fa-gbp:before{content:""}.fa-dollar:before,.fa-usd:before{content:""}.fa-inr:before,.fa-rupee:before{content:""}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:""}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:""}.fa-krw:before,.fa-won:before{content:""}.fa-bitcoin:before,.fa-btc:before{content:""}.fa-file:before{content:""}.fa-file-text:before{content:""}.fa-sort-alpha-asc:before{content:""}.fa-sort-alpha-desc:before{content:""}.fa-sort-amount-asc:before{content:""}.fa-sort-amount-desc:before{content:""}.fa-sort-numeric-asc:before{content:""}.fa-sort-numeric-desc:before{content:""}.fa-thumbs-up:before{content:""}.fa-thumbs-down:before{content:""}.fa-youtube-square:before{content:""}.fa-youtube:before{content:""}.fa-xing:before{content:""}.fa-xing-square:before{content:""}.fa-youtube-play:before{content:""}.fa-dropbox:before{content:""}.fa-stack-overflow:before{content:""}.fa-instagram:before{content:""}.fa-flickr:before{content:""}.fa-adn:before{content:""}.fa-bitbucket:before,.icon-bitbucket:before{content:""}.fa-bitbucket-square:before{content:""}.fa-tumblr:before{content:""}.fa-tumblr-square:before{content:""}.fa-long-arrow-down:before{content:""}.fa-long-arrow-up:before{content:""}.fa-long-arrow-left:before{content:""}.fa-long-arrow-right:before{content:""}.fa-apple:before{content:""}.fa-windows:before{content:""}.fa-android:before{content:""}.fa-linux:before{content:""}.fa-dribbble:before{content:""}.fa-skype:before{content:""}.fa-foursquare:before{content:""}.fa-trello:before{content:""}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:""}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:""}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:""}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:""}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:""}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:""}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:""}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:""}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:""}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:""}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:""}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:""}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:""}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:""}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:""}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:""}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:""}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:""}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:""}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:""}.fa-id-badge:before{content:""}.fa-drivers-license:before,.fa-id-card:before{content:""}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:""}.fa-free-code-camp:before{content:""}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:""}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:""}.fa-podcast:before{content:""}.fa-window-maximize:before{content:""}.fa-window-minimize:before{content:""}.fa-window-restore:before{content:""}.fa-times-rectangle:before,.fa-window-close:before{content:""}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:""}.fa-bandcamp:before{content:""}.fa-grav:before{content:""}.fa-etsy:before{content:""}.fa-imdb:before{content:""}.fa-ravelry:before{content:""}.fa-eercast:before{content:""}.fa-microchip:before{content:""}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:""}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:""}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs>li{display:inline-block;padding-top:5px}.wy-breadcrumbs>li.wy-breadcrumbs-aside{float:right}.rst-content .wy-breadcrumbs>li code,.rst-content .wy-breadcrumbs>li tt,.wy-breadcrumbs>li .rst-content tt,.wy-breadcrumbs>li code{all:inherit;color:inherit}.breadcrumb-item:before{content:"/";color:#bbb;font-size:13px;padding:0 6px 0 3px}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search .wy-dropdown>aactive,.wy-side-nav-search .wy-dropdown>afocus,.wy-side-nav-search>a:hover,.wy-side-nav-search>aactive,.wy-side-nav-search>afocus{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon,.wy-side-nav-search>a.icon{display:block}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.switch-menus{position:relative;display:block;margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-side-nav-search>div.switch-menus>div.language-switch,.wy-side-nav-search>div.switch-menus>div.version-switch{display:inline-block;padding:.2em}.wy-side-nav-search>div.switch-menus>div.language-switch select,.wy-side-nav-search>div.switch-menus>div.version-switch select{display:inline-block;margin-right:-2rem;padding-right:2rem;max-width:240px;text-align-last:center;background:none;border:none;border-radius:0;box-shadow:none;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-size:1em;font-weight:400;color:hsla(0,0%,100%,.3);cursor:pointer;appearance:none;-webkit-appearance:none;-moz-appearance:none}.wy-side-nav-search>div.switch-menus>div.language-switch select:active,.wy-side-nav-search>div.switch-menus>div.language-switch select:focus,.wy-side-nav-search>div.switch-menus>div.language-switch select:hover,.wy-side-nav-search>div.switch-menus>div.version-switch select:active,.wy-side-nav-search>div.switch-menus>div.version-switch select:focus,.wy-side-nav-search>div.switch-menus>div.version-switch select:hover{background:hsla(0,0%,100%,.1);color:hsla(0,0%,100%,.5)}.wy-side-nav-search>div.switch-menus>div.language-switch select option,.wy-side-nav-search>div.switch-menus>div.version-switch select option{color:#000}.wy-side-nav-search>div.switch-menus>div.language-switch:has(>select):after,.wy-side-nav-search>div.switch-menus>div.version-switch:has(>select):after{display:inline-block;width:1.5em;height:100%;padding:.1em;content:"\f0d7";font-size:1em;line-height:1.2em;font-family:FontAwesome;text-align:center;pointer-events:none;box-sizing:border-box}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions .rst-other-versions .rtd-current-item{font-weight:700}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}#flyout-search-form{padding:6px}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content p a{overflow-wrap:anywhere}.rst-content .wy-table td p,.rst-content .wy-table td ul,.rst-content .wy-table th p,.rst-content .wy-table th ul,.rst-content table.docutils td p,.rst-content table.docutils td ul,.rst-content table.docutils th p,.rst-content table.docutils th ul,.rst-content table.field-list td p,.rst-content table.field-list td ul,.rst-content table.field-list th p,.rst-content table.field-list th ul{font-size:inherit}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .citation-reference>span.fn-bracket,.rst-content .footnote-reference>span.fn-bracket{display:none}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:auto minmax(80%,95%)}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{display:inline-grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{display:grid;grid-template-columns:auto auto minmax(.65rem,auto) minmax(40%,95%)}html.writer-html5 .rst-content aside.citation>span.label,html.writer-html5 .rst-content aside.footnote>span.label,html.writer-html5 .rst-content div.citation>span.label{grid-column-start:1;grid-column-end:2}html.writer-html5 .rst-content aside.citation>span.backrefs,html.writer-html5 .rst-content aside.footnote>span.backrefs,html.writer-html5 .rst-content div.citation>span.backrefs{grid-column-start:2;grid-column-end:3;grid-row-start:1;grid-row-end:3}html.writer-html5 .rst-content aside.citation>p,html.writer-html5 .rst-content aside.footnote>p,html.writer-html5 .rst-content div.citation>p{grid-column-start:4;grid-column-end:5}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{margin-bottom:24px}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.citation>dt>span.brackets:before,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.citation>dt>span.brackets:after,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a{word-break:keep-all}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a:not(:first-child):before,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.citation>dd p,html.writer-html5 .rst-content dl.footnote>dd p{font-size:.9rem}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{padding-left:1rem;padding-right:1rem;font-size:.9rem;line-height:1.2rem}html.writer-html5 .rst-content aside.citation p,html.writer-html5 .rst-content aside.footnote p,html.writer-html5 .rst-content div.citation p{font-size:.9rem;line-height:1.2rem;margin-bottom:12px}html.writer-html5 .rst-content aside.citation span.backrefs,html.writer-html5 .rst-content aside.footnote span.backrefs,html.writer-html5 .rst-content div.citation span.backrefs{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content aside.citation span.backrefs>a,html.writer-html5 .rst-content aside.footnote span.backrefs>a,html.writer-html5 .rst-content div.citation span.backrefs>a{word-break:keep-all}html.writer-html5 .rst-content aside.citation span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content aside.footnote span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content div.citation span.backrefs>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content aside.citation span.label,html.writer-html5 .rst-content aside.footnote span.label,html.writer-html5 .rst-content div.citation span.label{line-height:1.2rem}html.writer-html5 .rst-content aside.citation-list,html.writer-html5 .rst-content aside.footnote-list,html.writer-html5 .rst-content div.citation-list{margin-bottom:24px}html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content aside.footnote-list aside.footnote,html.writer-html5 .rst-content div.citation-list>div.citation,html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content aside.footnote-list aside.footnote code,html.writer-html5 .rst-content aside.footnote-list aside.footnote tt,html.writer-html5 .rst-content aside.footnote code,html.writer-html5 .rst-content aside.footnote tt,html.writer-html5 .rst-content div.citation-list>div.citation code,html.writer-html5 .rst-content div.citation-list>div.citation tt,html.writer-html5 .rst-content dl.citation code,html.writer-html5 .rst-content dl.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040;overflow-wrap:normal}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}.rst-content dl dd>ol:last-child,.rst-content dl dd>p:last-child,.rst-content dl dd>table:last-child,.rst-content dl dd>ul:last-child{margin-bottom:0}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel,.rst-content .menuselection{font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content .guilabel,.rst-content .menuselection{border:1px solid #7fbbe3;background:#e7f2fa}.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>.kbd,.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>kbd{color:inherit;font-size:80%;background-color:#fff;border:1px solid #a6a6a6;border-radius:4px;box-shadow:0 2px grey;padding:2.4px 6px;margin:auto 0}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block}
\ No newline at end of file
diff --git a/latest/_static/doctools.js b/latest/_static/doctools.js
new file mode 100644
index 00000000..0398ebb9
--- /dev/null
+++ b/latest/_static/doctools.js
@@ -0,0 +1,149 @@
+/*
+ * Base JavaScript utilities for all Sphinx HTML documentation.
+ */
+"use strict";
+
+const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([
+  "TEXTAREA",
+  "INPUT",
+  "SELECT",
+  "BUTTON",
+]);
+
+const _ready = (callback) => {
+  if (document.readyState !== "loading") {
+    callback();
+  } else {
+    document.addEventListener("DOMContentLoaded", callback);
+  }
+};
+
+/**
+ * Small JavaScript module for the documentation.
+ */
+const Documentation = {
+  init: () => {
+    Documentation.initDomainIndexTable();
+    Documentation.initOnKeyListeners();
+  },
+
+  /**
+   * i18n support
+   */
+  TRANSLATIONS: {},
+  PLURAL_EXPR: (n) => (n === 1 ? 0 : 1),
+  LOCALE: "unknown",
+
+  // gettext and ngettext don't access this so that the functions
+  // can safely bound to a different name (_ = Documentation.gettext)
+  gettext: (string) => {
+    const translated = Documentation.TRANSLATIONS[string];
+    switch (typeof translated) {
+      case "undefined":
+        return string; // no translation
+      case "string":
+        return translated; // translation exists
+      default:
+        return translated[0]; // (singular, plural) translation tuple exists
+    }
+  },
+
+  ngettext: (singular, plural, n) => {
+    const translated = Documentation.TRANSLATIONS[singular];
+    if (typeof translated !== "undefined")
+      return translated[Documentation.PLURAL_EXPR(n)];
+    return n === 1 ? singular : plural;
+  },
+
+  addTranslations: (catalog) => {
+    Object.assign(Documentation.TRANSLATIONS, catalog.messages);
+    Documentation.PLURAL_EXPR = new Function(
+      "n",
+      `return (${catalog.plural_expr})`
+    );
+    Documentation.LOCALE = catalog.locale;
+  },
+
+  /**
+   * helper function to focus on search bar
+   */
+  focusSearchBar: () => {
+    document.querySelectorAll("input[name=q]")[0]?.focus();
+  },
+
+  /**
+   * Initialise the domain index toggle buttons
+   */
+  initDomainIndexTable: () => {
+    const toggler = (el) => {
+      const idNumber = el.id.substr(7);
+      const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`);
+      if (el.src.substr(-9) === "minus.png") {
+        el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`;
+        toggledRows.forEach((el) => (el.style.display = "none"));
+      } else {
+        el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`;
+        toggledRows.forEach((el) => (el.style.display = ""));
+      }
+    };
+
+    const togglerElements = document.querySelectorAll("img.toggler");
+    togglerElements.forEach((el) =>
+      el.addEventListener("click", (event) => toggler(event.currentTarget))
+    );
+    togglerElements.forEach((el) => (el.style.display = ""));
+    if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler);
+  },
+
+  initOnKeyListeners: () => {
+    // only install a listener if it is really needed
+    if (
+      !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS &&
+      !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS
+    )
+      return;
+
+    document.addEventListener("keydown", (event) => {
+      // bail for input elements
+      if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return;
+      // bail with special keys
+      if (event.altKey || event.ctrlKey || event.metaKey) return;
+
+      if (!event.shiftKey) {
+        switch (event.key) {
+          case "ArrowLeft":
+            if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break;
+
+            const prevLink = document.querySelector('link[rel="prev"]');
+            if (prevLink && prevLink.href) {
+              window.location.href = prevLink.href;
+              event.preventDefault();
+            }
+            break;
+          case "ArrowRight":
+            if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break;
+
+            const nextLink = document.querySelector('link[rel="next"]');
+            if (nextLink && nextLink.href) {
+              window.location.href = nextLink.href;
+              event.preventDefault();
+            }
+            break;
+        }
+      }
+
+      // some keyboard layouts may need Shift to get /
+      switch (event.key) {
+        case "/":
+          if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break;
+          Documentation.focusSearchBar();
+          event.preventDefault();
+      }
+    });
+  },
+};
+
+// quick alias for translations
+const _ = Documentation.gettext;
+
+_ready(Documentation.init);
diff --git a/latest/_static/documentation_options.js b/latest/_static/documentation_options.js
new file mode 100644
index 00000000..54a489bd
--- /dev/null
+++ b/latest/_static/documentation_options.js
@@ -0,0 +1,13 @@
+const DOCUMENTATION_OPTIONS = {
+    VERSION: '1.9.0',
+    LANGUAGE: 'en',
+    COLLAPSE_INDEX: false,
+    BUILDER: 'html',
+    FILE_SUFFIX: '.html',
+    LINK_SUFFIX: '.html',
+    HAS_SOURCE: true,
+    SOURCELINK_SUFFIX: '.txt',
+    NAVIGATION_WITH_KEYS: false,
+    SHOW_SEARCH_SUMMARY: true,
+    ENABLE_SEARCH_SHORTCUTS: true,
+};
\ No newline at end of file
diff --git a/latest/_static/file.png b/latest/_static/file.png
new file mode 100644
index 00000000..a858a410
Binary files /dev/null and b/latest/_static/file.png differ
diff --git a/latest/_static/fonts/Lato/lato-bold.eot b/latest/_static/fonts/Lato/lato-bold.eot
new file mode 100644
index 00000000..3361183a
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bold.eot differ
diff --git a/latest/_static/fonts/Lato/lato-bold.ttf b/latest/_static/fonts/Lato/lato-bold.ttf
new file mode 100644
index 00000000..29f691d5
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bold.ttf differ
diff --git a/latest/_static/fonts/Lato/lato-bold.woff b/latest/_static/fonts/Lato/lato-bold.woff
new file mode 100644
index 00000000..c6dff51f
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bold.woff differ
diff --git a/latest/_static/fonts/Lato/lato-bold.woff2 b/latest/_static/fonts/Lato/lato-bold.woff2
new file mode 100644
index 00000000..bb195043
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bold.woff2 differ
diff --git a/latest/_static/fonts/Lato/lato-bolditalic.eot b/latest/_static/fonts/Lato/lato-bolditalic.eot
new file mode 100644
index 00000000..3d415493
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bolditalic.eot differ
diff --git a/latest/_static/fonts/Lato/lato-bolditalic.ttf b/latest/_static/fonts/Lato/lato-bolditalic.ttf
new file mode 100644
index 00000000..f402040b
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bolditalic.ttf differ
diff --git a/latest/_static/fonts/Lato/lato-bolditalic.woff b/latest/_static/fonts/Lato/lato-bolditalic.woff
new file mode 100644
index 00000000..88ad05b9
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bolditalic.woff differ
diff --git a/latest/_static/fonts/Lato/lato-bolditalic.woff2 b/latest/_static/fonts/Lato/lato-bolditalic.woff2
new file mode 100644
index 00000000..c4e3d804
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-bolditalic.woff2 differ
diff --git a/latest/_static/fonts/Lato/lato-italic.eot b/latest/_static/fonts/Lato/lato-italic.eot
new file mode 100644
index 00000000..3f826421
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-italic.eot differ
diff --git a/latest/_static/fonts/Lato/lato-italic.ttf b/latest/_static/fonts/Lato/lato-italic.ttf
new file mode 100644
index 00000000..b4bfc9b2
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-italic.ttf differ
diff --git a/latest/_static/fonts/Lato/lato-italic.woff b/latest/_static/fonts/Lato/lato-italic.woff
new file mode 100644
index 00000000..76114bc0
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-italic.woff differ
diff --git a/latest/_static/fonts/Lato/lato-italic.woff2 b/latest/_static/fonts/Lato/lato-italic.woff2
new file mode 100644
index 00000000..3404f37e
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-italic.woff2 differ
diff --git a/latest/_static/fonts/Lato/lato-regular.eot b/latest/_static/fonts/Lato/lato-regular.eot
new file mode 100644
index 00000000..11e3f2a5
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-regular.eot differ
diff --git a/latest/_static/fonts/Lato/lato-regular.ttf b/latest/_static/fonts/Lato/lato-regular.ttf
new file mode 100644
index 00000000..74decd9e
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-regular.ttf differ
diff --git a/latest/_static/fonts/Lato/lato-regular.woff b/latest/_static/fonts/Lato/lato-regular.woff
new file mode 100644
index 00000000..ae1307ff
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-regular.woff differ
diff --git a/latest/_static/fonts/Lato/lato-regular.woff2 b/latest/_static/fonts/Lato/lato-regular.woff2
new file mode 100644
index 00000000..3bf98433
Binary files /dev/null and b/latest/_static/fonts/Lato/lato-regular.woff2 differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot
new file mode 100644
index 00000000..79dc8efe
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf
new file mode 100644
index 00000000..df5d1df2
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff
new file mode 100644
index 00000000..6cb60000
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2
new file mode 100644
index 00000000..7059e231
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot
new file mode 100644
index 00000000..2f7ca78a
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf
new file mode 100644
index 00000000..eb52a790
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff
new file mode 100644
index 00000000..f815f63f
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff differ
diff --git a/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2
new file mode 100644
index 00000000..f2c76e5b
Binary files /dev/null and b/latest/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 differ
diff --git a/latest/_static/graphviz.css b/latest/_static/graphviz.css
new file mode 100644
index 00000000..30f3837b
--- /dev/null
+++ b/latest/_static/graphviz.css
@@ -0,0 +1,12 @@
+/*
+ * Sphinx stylesheet -- graphviz extension.
+ */
+
+img.graphviz {
+    border: 0;
+    max-width: 100%;
+}
+
+object.graphviz {
+    max-width: 100%;
+}
diff --git a/latest/_static/jquery.js b/latest/_static/jquery.js
new file mode 100644
index 00000000..c4c6022f
--- /dev/null
+++ b/latest/_static/jquery.js
@@ -0,0 +1,2 @@
+/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
+!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="
",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0"),n("table.docutils.footnote").wrap("
"),n("table.docutils.citation").wrap("
"),n(".wy-menu-vertical ul").not(".simple").siblings("a").each((function(){var t=n(this);expand=n(''),expand.on("click",(function(n){return e.toggleCurrent(t),n.stopPropagation(),!1})),t.prepend(expand)}))},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),t=e.find('[href="'+n+'"]');if(0===t.length){var i=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(t=e.find('[href="#'+i.attr("id")+'"]')).length&&(t=e.find('[href="#"]'))}if(t.length>0){$(".wy-menu-vertical .current").removeClass("current").attr("aria-expanded","false"),t.addClass("current").attr("aria-expanded","true"),t.closest("li.toctree-l1").parent().addClass("current").attr("aria-expanded","true");for(let n=1;n<=10;n++)t.closest("li.toctree-l"+n).addClass("current").attr("aria-expanded","true");t[0].scrollIntoView()}}catch(n){console.log("Error expanding nav for anchor",n)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,t=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(t),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",(function(){this.linkScroll=!1}))},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current").attr("aria-expanded","false"),e.siblings().find("li.current").removeClass("current").attr("aria-expanded","false");var t=e.find("> ul li");t.length&&(t.removeClass("current").attr("aria-expanded","false"),e.toggleClass("current").attr("aria-expanded",(function(n,e){return"true"==e?"false":"true"})))}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:n.exports.ThemeNav,StickyNav:n.exports.ThemeNav}),function(){for(var n=0,e=["ms","moz","webkit","o"],t=0;t a.language.name.localeCompare(b.language.name));
+
+    const languagesHTML = `
+      

+        
Languages

+        ${languages
+          .map(
+            (translation) => `
+        

+          ${translation.language.code}
+        

+        `,
+          )
+          .join("\n")}
+      

+    `;
+    return languagesHTML;
+  }
+
+  function renderVersions(config) {
+    if (!config.versions.active.length) {
+      return "";
+    }
+    const versionsHTML = `
+      

+        
Versions

+        ${config.versions.active
+          .map(
+            (version) => `
+        

+          ${version.slug}
+        

+        `,
+          )
+          .join("\n")}
+      

+    `;
+    return versionsHTML;
+  }
+
+  function renderDownloads(config) {
+    if (!Object.keys(config.versions.current.downloads).length) {
+      return "";
+    }
+    const downloadsNameDisplay = {
+      pdf: "PDF",
+      epub: "Epub",
+      htmlzip: "HTML",
+    };
+
+    const downloadsHTML = `
+      

+        
Downloads

+        ${Object.entries(config.versions.current.downloads)
+          .map(
+            ([name, url]) => `
+          

+            ${downloadsNameDisplay[name]}
+          

+        `,
+          )
+          .join("\n")}
+      

+    `;
+    return downloadsHTML;
+  }
+
+  document.addEventListener("readthedocs-addons-data-ready", function (event) {
+    const config = event.detail.data();
+
+    const flyout = `
+      

+        
+           Read the Docs
+          v: ${config.versions.current.slug}
+          
+        
+        

+          

+            ${renderLanguages(config)}
+            ${renderVersions(config)}
+            ${renderDownloads(config)}
+            

+              
On Read the Docs

+              

+                Project Home
+              

+              

+                Builds
+              

+              

+                Downloads
+              

+            

+            

+              
Search

+              

+                

+                  
+                

+              

+            

+            

+            
+              Hosted by Read the Docs
+            
+          

+        

+    `;
+
+    // Inject the generated flyout into the body HTML element.
+    document.body.insertAdjacentHTML("beforeend", flyout);
+
+    // Trigger the Read the Docs Addons Search modal when clicking on the "Search docs" input from inside the flyout.
+    document
+      .querySelector("#flyout-search-form")
+      .addEventListener("focusin", () => {
+        const event = new CustomEvent("readthedocs-search-show");
+        document.dispatchEvent(event);
+      });
+  })
+}
+
+if (themeLanguageSelector || themeVersionSelector) {
+  function onSelectorSwitch(event) {
+    const option = event.target.selectedIndex;
+    const item = event.target.options[option];
+    window.location.href = item.dataset.url;
+  }
+
+  document.addEventListener("readthedocs-addons-data-ready", function (event) {
+    const config = event.detail.data();
+
+    const versionSwitch = document.querySelector(
+      "div.switch-menus > div.version-switch",
+    );
+    if (themeVersionSelector) {
+      let versions = config.versions.active;
+      if (config.versions.current.hidden || config.versions.current.type === "external") {
+        versions.unshift(config.versions.current);
+      }
+      const versionSelect = `
+    
+  `;
+
+      versionSwitch.innerHTML = versionSelect;
+      versionSwitch.firstElementChild.addEventListener("change", onSelectorSwitch);
+    }
+
+    const languageSwitch = document.querySelector(
+      "div.switch-menus > div.language-switch",
+    );
+
+    if (themeLanguageSelector) {
+      if (config.projects.translations.length) {
+        // Add the current language to the options on the selector
+        let languages = config.projects.translations.concat(
+          config.projects.current,
+        );
+        languages = languages.sort((a, b) =>
+          a.language.name.localeCompare(b.language.name),
+        );
+
+        const languageSelect = `
+      
+    `;
+
+        languageSwitch.innerHTML = languageSelect;
+        languageSwitch.firstElementChild.addEventListener("change", onSelectorSwitch);
+      }
+      else {
+        languageSwitch.remove();
+      }
+    }
+  });
+}
+
+document.addEventListener("readthedocs-addons-data-ready", function (event) {
+  // Trigger the Read the Docs Addons Search modal when clicking on "Search docs" input from the topnav.
+  document
+    .querySelector("[role='search'] input")
+    .addEventListener("focusin", () => {
+      const event = new CustomEvent("readthedocs-search-show");
+      document.dispatchEvent(event);
+    });
+});
\ No newline at end of file
diff --git a/latest/_static/language_data.js b/latest/_static/language_data.js
new file mode 100644
index 00000000..c7fe6c6f
--- /dev/null
+++ b/latest/_static/language_data.js
@@ -0,0 +1,192 @@
+/*
+ * This script contains the language-specific data used by searchtools.js,
+ * namely the list of stopwords, stemmer, scorer and splitter.
+ */
+
+var stopwords = ["a", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "near", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with"];
+
+
+/* Non-minified version is copied as a separate JS file, if available */
+
+/**
+ * Porter Stemmer
+ */
+var Stemmer = function() {
+
+  var step2list = {
+    ational: 'ate',
+    tional: 'tion',
+    enci: 'ence',
+    anci: 'ance',
+    izer: 'ize',
+    bli: 'ble',
+    alli: 'al',
+    entli: 'ent',
+    eli: 'e',
+    ousli: 'ous',
+    ization: 'ize',
+    ation: 'ate',
+    ator: 'ate',
+    alism: 'al',
+    iveness: 'ive',
+    fulness: 'ful',
+    ousness: 'ous',
+    aliti: 'al',
+    iviti: 'ive',
+    biliti: 'ble',
+    logi: 'log'
+  };
+
+  var step3list = {
+    icate: 'ic',
+    ative: '',
+    alize: 'al',
+    iciti: 'ic',
+    ical: 'ic',
+    ful: '',
+    ness: ''
+  };
+
+  var c = "[^aeiou]";          // consonant
+  var v = "[aeiouy]";          // vowel
+  var C = c + "[^aeiouy]*";    // consonant sequence
+  var V = v + "[aeiou]*";      // vowel sequence
+
+  var mgr0 = "^(" + C + ")?" + V + C;                      // [C]VC... is m>0
+  var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$";    // [C]VC[V] is m=1
+  var mgr1 = "^(" + C + ")?" + V + C + V + C;              // [C]VCVC... is m>1
+  var s_v   = "^(" + C + ")?" + v;                         // vowel in stem
+
+  this.stemWord = function (w) {
+    var stem;
+    var suffix;
+    var firstch;
+    var origword = w;
+
+    if (w.length < 3)
+      return w;
+
+    var re;
+    var re2;
+    var re3;
+    var re4;
+
+    firstch = w.substr(0,1);
+    if (firstch == "y")
+      w = firstch.toUpperCase() + w.substr(1);
+
+    // Step 1a
+    re = /^(.+?)(ss|i)es$/;
+    re2 = /^(.+?)([^s])s$/;
+
+    if (re.test(w))
+      w = w.replace(re,"$1$2");
+    else if (re2.test(w))
+      w = w.replace(re2,"$1$2");
+
+    // Step 1b
+    re = /^(.+?)eed$/;
+    re2 = /^(.+?)(ed|ing)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      re = new RegExp(mgr0);
+      if (re.test(fp[1])) {
+        re = /.$/;
+        w = w.replace(re,"");
+      }
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1];
+      re2 = new RegExp(s_v);
+      if (re2.test(stem)) {
+        w = stem;
+        re2 = /(at|bl|iz)$/;
+        re3 = new RegExp("([^aeiouylsz])\\1$");
+        re4 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+        if (re2.test(w))
+          w = w + "e";
+        else if (re3.test(w)) {
+          re = /.$/;
+          w = w.replace(re,"");
+        }
+        else if (re4.test(w))
+          w = w + "e";
+      }
+    }
+
+    // Step 1c
+    re = /^(.+?)y$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(s_v);
+      if (re.test(stem))
+        w = stem + "i";
+    }
+
+    // Step 2
+    re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step2list[suffix];
+    }
+
+    // Step 3
+    re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step3list[suffix];
+    }
+
+    // Step 4
+    re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;
+    re2 = /^(.+?)(s|t)(ion)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      if (re.test(stem))
+        w = stem;
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1] + fp[2];
+      re2 = new RegExp(mgr1);
+      if (re2.test(stem))
+        w = stem;
+    }
+
+    // Step 5
+    re = /^(.+?)e$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      re2 = new RegExp(meq1);
+      re3 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+      if (re.test(stem) || (re2.test(stem) && !(re3.test(stem))))
+        w = stem;
+    }
+    re = /ll$/;
+    re2 = new RegExp(mgr1);
+    if (re.test(w) && re2.test(w)) {
+      re = /.$/;
+      w = w.replace(re,"");
+    }
+
+    // and turn initial Y back to y
+    if (firstch == "y")
+      w = firstch.toLowerCase() + w.substr(1);
+    return w;
+  }
+}
+
diff --git a/latest/_static/minus.png b/latest/_static/minus.png
new file mode 100644
index 00000000..d96755fd
Binary files /dev/null and b/latest/_static/minus.png differ
diff --git a/latest/_static/plus.png b/latest/_static/plus.png
new file mode 100644
index 00000000..7107cec9
Binary files /dev/null and b/latest/_static/plus.png differ
diff --git a/latest/_static/pygments.css b/latest/_static/pygments.css
new file mode 100644
index 00000000..5f2b0a25
--- /dev/null
+++ b/latest/_static/pygments.css
@@ -0,0 +1,75 @@
+pre { line-height: 125%; }
+td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+.highlight .hll { background-color: #ffffcc }
+.highlight { background: #eeffcc; }
+.highlight .c { color: #408090; font-style: italic } /* Comment */
+.highlight .err { border: 1px solid #F00 } /* Error */
+.highlight .k { color: #007020; font-weight: bold } /* Keyword */
+.highlight .o { color: #666 } /* Operator */
+.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */
+.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */
+.highlight .cp { color: #007020 } /* Comment.Preproc */
+.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */
+.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */
+.highlight .cs { color: #408090; background-color: #FFF0F0 } /* Comment.Special */
+.highlight .gd { color: #A00000 } /* Generic.Deleted */
+.highlight .ge { font-style: italic } /* Generic.Emph */
+.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
+.highlight .gr { color: #F00 } /* Generic.Error */
+.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
+.highlight .gi { color: #00A000 } /* Generic.Inserted */
+.highlight .go { color: #333 } /* Generic.Output */
+.highlight .gp { color: #C65D09; font-weight: bold } /* Generic.Prompt */
+.highlight .gs { font-weight: bold } /* Generic.Strong */
+.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
+.highlight .gt { color: #04D } /* Generic.Traceback */
+.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */
+.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */
+.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */
+.highlight .kp { color: #007020 } /* Keyword.Pseudo */
+.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */
+.highlight .kt { color: #902000 } /* Keyword.Type */
+.highlight .m { color: #208050 } /* Literal.Number */
+.highlight .s { color: #4070A0 } /* Literal.String */
+.highlight .na { color: #4070A0 } /* Name.Attribute */
+.highlight .nb { color: #007020 } /* Name.Builtin */
+.highlight .nc { color: #0E84B5; font-weight: bold } /* Name.Class */
+.highlight .no { color: #60ADD5 } /* Name.Constant */
+.highlight .nd { color: #555; font-weight: bold } /* Name.Decorator */
+.highlight .ni { color: #D55537; font-weight: bold } /* Name.Entity */
+.highlight .ne { color: #007020 } /* Name.Exception */
+.highlight .nf { color: #06287E } /* Name.Function */
+.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */
+.highlight .nn { color: #0E84B5; font-weight: bold } /* Name.Namespace */
+.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */
+.highlight .nv { color: #BB60D5 } /* Name.Variable */
+.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */
+.highlight .w { color: #BBB } /* Text.Whitespace */
+.highlight .mb { color: #208050 } /* Literal.Number.Bin */
+.highlight .mf { color: #208050 } /* Literal.Number.Float */
+.highlight .mh { color: #208050 } /* Literal.Number.Hex */
+.highlight .mi { color: #208050 } /* Literal.Number.Integer */
+.highlight .mo { color: #208050 } /* Literal.Number.Oct */
+.highlight .sa { color: #4070A0 } /* Literal.String.Affix */
+.highlight .sb { color: #4070A0 } /* Literal.String.Backtick */
+.highlight .sc { color: #4070A0 } /* Literal.String.Char */
+.highlight .dl { color: #4070A0 } /* Literal.String.Delimiter */
+.highlight .sd { color: #4070A0; font-style: italic } /* Literal.String.Doc */
+.highlight .s2 { color: #4070A0 } /* Literal.String.Double */
+.highlight .se { color: #4070A0; font-weight: bold } /* Literal.String.Escape */
+.highlight .sh { color: #4070A0 } /* Literal.String.Heredoc */
+.highlight .si { color: #70A0D0; font-style: italic } /* Literal.String.Interpol */
+.highlight .sx { color: #C65D09 } /* Literal.String.Other */
+.highlight .sr { color: #235388 } /* Literal.String.Regex */
+.highlight .s1 { color: #4070A0 } /* Literal.String.Single */
+.highlight .ss { color: #517918 } /* Literal.String.Symbol */
+.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */
+.highlight .fm { color: #06287E } /* Name.Function.Magic */
+.highlight .vc { color: #BB60D5 } /* Name.Variable.Class */
+.highlight .vg { color: #BB60D5 } /* Name.Variable.Global */
+.highlight .vi { color: #BB60D5 } /* Name.Variable.Instance */
+.highlight .vm { color: #BB60D5 } /* Name.Variable.Magic */
+.highlight .il { color: #208050 } /* Literal.Number.Integer.Long */
\ No newline at end of file
diff --git a/latest/_static/searchtools.js b/latest/_static/searchtools.js
new file mode 100644
index 00000000..91f4be57
--- /dev/null
+++ b/latest/_static/searchtools.js
@@ -0,0 +1,635 @@
+/*
+ * Sphinx JavaScript utilities for the full-text search.
+ */
+"use strict";
+
+/**
+ * Simple result scoring code.
+ */
+if (typeof Scorer === "undefined") {
+  var Scorer = {
+    // Implement the following function to further tweak the score for each result
+    // The function takes a result array [docname, title, anchor, descr, score, filename]
+    // and returns the new score.
+    /*
+    score: result => {
+      const [docname, title, anchor, descr, score, filename, kind] = result
+      return score
+    },
+    */
+
+    // query matches the full name of an object
+    objNameMatch: 11,
+    // or matches in the last dotted part of the object name
+    objPartialMatch: 6,
+    // Additive scores depending on the priority of the object
+    objPrio: {
+      0: 15, // used to be importantResults
+      1: 5, // used to be objectResults
+      2: -5, // used to be unimportantResults
+    },
+    //  Used when the priority is not in the mapping.
+    objPrioDefault: 0,
+
+    // query found in title
+    title: 15,
+    partialTitle: 7,
+    // query found in terms
+    term: 5,
+    partialTerm: 2,
+  };
+}
+
+// Global search result kind enum, used by themes to style search results.
+class SearchResultKind {
+    static get index() { return  "index"; }
+    static get object() { return "object"; }
+    static get text() { return "text"; }
+    static get title() { return "title"; }
+}
+
+const _removeChildren = (element) => {
+  while (element && element.lastChild) element.removeChild(element.lastChild);
+};
+
+/**
+ * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#escaping
+ */
+const _escapeRegExp = (string) =>
+  string.replace(/[.*+\-?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string
+
+const _displayItem = (item, searchTerms, highlightTerms) => {
+  const docBuilder = DOCUMENTATION_OPTIONS.BUILDER;
+  const docFileSuffix = DOCUMENTATION_OPTIONS.FILE_SUFFIX;
+  const docLinkSuffix = DOCUMENTATION_OPTIONS.LINK_SUFFIX;
+  const showSearchSummary = DOCUMENTATION_OPTIONS.SHOW_SEARCH_SUMMARY;
+  const contentRoot = document.documentElement.dataset.content_root;
+
+  const [docName, title, anchor, descr, score, _filename, kind] = item;
+
+  let listItem = document.createElement("li");
+  // Add a class representing the item's type:
+  // can be used by a theme's CSS selector for styling
+  // See SearchResultKind for the class names.
+  listItem.classList.add(`kind-${kind}`);
+  let requestUrl;
+  let linkUrl;
+  if (docBuilder === "dirhtml") {
+    // dirhtml builder
+    let dirname = docName + "/";
+    if (dirname.match(/\/index\/$/))
+      dirname = dirname.substring(0, dirname.length - 6);
+    else if (dirname === "index/") dirname = "";
+    requestUrl = contentRoot + dirname;
+    linkUrl = requestUrl;
+  } else {
+    // normal html builders
+    requestUrl = contentRoot + docName + docFileSuffix;
+    linkUrl = docName + docLinkSuffix;
+  }
+  let linkEl = listItem.appendChild(document.createElement("a"));
+  linkEl.href = linkUrl + anchor;
+  linkEl.dataset.score = score;
+  linkEl.innerHTML = title;
+  if (descr) {
+    listItem.appendChild(document.createElement("span")).innerHTML =
+      " (" + descr + ")";
+    // highlight search terms in the description
+    if (SPHINX_HIGHLIGHT_ENABLED)  // set in sphinx_highlight.js
+      highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted"));
+  }
+  else if (showSearchSummary)
+    fetch(requestUrl)
+      .then((responseData) => responseData.text())
+      .then((data) => {
+        if (data)
+          listItem.appendChild(
+            Search.makeSearchSummary(data, searchTerms, anchor)
+          );
+        // highlight search terms in the summary
+        if (SPHINX_HIGHLIGHT_ENABLED)  // set in sphinx_highlight.js
+          highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted"));
+      });
+  Search.output.appendChild(listItem);
+};
+const _finishSearch = (resultCount) => {
+  Search.stopPulse();
+  Search.title.innerText = _("Search Results");
+  if (!resultCount)
+    Search.status.innerText = Documentation.gettext(
+      "Your search did not match any documents. Please make sure that all words are spelled correctly and that you've selected enough categories."
+    );
+  else
+    Search.status.innerText = Documentation.ngettext(
+      "Search finished, found one page matching the search query.",
+      "Search finished, found ${resultCount} pages matching the search query.",
+      resultCount,
+    ).replace('${resultCount}', resultCount);
+};
+const _displayNextItem = (
+  results,
+  resultCount,
+  searchTerms,
+  highlightTerms,
+) => {
+  // results left, load the summary and display it
+  // this is intended to be dynamic (don't sub resultsCount)
+  if (results.length) {
+    _displayItem(results.pop(), searchTerms, highlightTerms);
+    setTimeout(
+      () => _displayNextItem(results, resultCount, searchTerms, highlightTerms),
+      5
+    );
+  }
+  // search finished, update title and status message
+  else _finishSearch(resultCount);
+};
+// Helper function used by query() to order search results.
+// Each input is an array of [docname, title, anchor, descr, score, filename, kind].
+// Order the results by score (in opposite order of appearance, since the
+// `_displayNextItem` function uses pop() to retrieve items) and then alphabetically.
+const _orderResultsByScoreThenName = (a, b) => {
+  const leftScore = a[4];
+  const rightScore = b[4];
+  if (leftScore === rightScore) {
+    // same score: sort alphabetically
+    const leftTitle = a[1].toLowerCase();
+    const rightTitle = b[1].toLowerCase();
+    if (leftTitle === rightTitle) return 0;
+    return leftTitle > rightTitle ? -1 : 1; // inverted is intentional
+  }
+  return leftScore > rightScore ? 1 : -1;
+};
+
+/**
+ * Default splitQuery function. Can be overridden in ``sphinx.search`` with a
+ * custom function per language.
+ *
+ * The regular expression works by splitting the string on consecutive characters
+ * that are not Unicode letters, numbers, underscores, or emoji characters.
+ * This is the same as ``\W+`` in Python, preserving the surrogate pair area.
+ */
+if (typeof splitQuery === "undefined") {
+  var splitQuery = (query) => query
+      .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}]+/gu)
+      .filter(term => term)  // remove remaining empty strings
+}
+
+/**
+ * Search Module
+ */
+const Search = {
+  _index: null,
+  _queued_query: null,
+  _pulse_status: -1,
+
+  htmlToText: (htmlString, anchor) => {
+    const htmlElement = new DOMParser().parseFromString(htmlString, 'text/html');
+    for (const removalQuery of [".headerlink", "script", "style"]) {
+      htmlElement.querySelectorAll(removalQuery).forEach((el) => { el.remove() });
+    }
+    if (anchor) {
+      const anchorContent = htmlElement.querySelector(`[role="main"] ${anchor}`);
+      if (anchorContent) return anchorContent.textContent;
+
+      console.warn(
+        `Anchored content block not found. Sphinx search tries to obtain it via DOM query '[role=main] ${anchor}'. Check your theme or template.`
+      );
+    }
+
+    // if anchor not specified or not found, fall back to main content
+    const docContent = htmlElement.querySelector('[role="main"]');
+    if (docContent) return docContent.textContent;
+
+    console.warn(
+      "Content block not found. Sphinx search tries to obtain it via DOM query '[role=main]'. Check your theme or template."
+    );
+    return "";
+  },
+
+  init: () => {
+    const query = new URLSearchParams(window.location.search).get("q");
+    document
+      .querySelectorAll('input[name="q"]')
+      .forEach((el) => (el.value = query));
+    if (query) Search.performSearch(query);
+  },
+
+  loadIndex: (url) =>
+    (document.body.appendChild(document.createElement("script")).src = url),
+
+  setIndex: (index) => {
+    Search._index = index;
+    if (Search._queued_query !== null) {
+      const query = Search._queued_query;
+      Search._queued_query = null;
+      Search.query(query);
+    }
+  },
+
+  hasIndex: () => Search._index !== null,
+
+  deferQuery: (query) => (Search._queued_query = query),
+
+  stopPulse: () => (Search._pulse_status = -1),
+
+  startPulse: () => {
+    if (Search._pulse_status >= 0) return;
+
+    const pulse = () => {
+      Search._pulse_status = (Search._pulse_status + 1) % 4;
+      Search.dots.innerText = ".".repeat(Search._pulse_status);
+      if (Search._pulse_status >= 0) window.setTimeout(pulse, 500);
+    };
+    pulse();
+  },
+
+  /**
+   * perform a search for something (or wait until index is loaded)
+   */
+  performSearch: (query) => {
+    // create the required interface elements
+    const searchText = document.createElement("h2");
+    searchText.textContent = _("Searching");
+    const searchSummary = document.createElement("p");
+    searchSummary.classList.add("search-summary");
+    searchSummary.innerText = "";
+    const searchList = document.createElement("ul");
+    searchList.setAttribute("role", "list");
+    searchList.classList.add("search");
+
+    const out = document.getElementById("search-results");
+    Search.title = out.appendChild(searchText);
+    Search.dots = Search.title.appendChild(document.createElement("span"));
+    Search.status = out.appendChild(searchSummary);
+    Search.output = out.appendChild(searchList);
+
+    const searchProgress = document.getElementById("search-progress");
+    // Some themes don't use the search progress node
+    if (searchProgress) {
+      searchProgress.innerText = _("Preparing search...");
+    }
+    Search.startPulse();
+
+    // index already loaded, the browser was quick!
+    if (Search.hasIndex()) Search.query(query);
+    else Search.deferQuery(query);
+  },
+
+  _parseQuery: (query) => {
+    // stem the search terms and add them to the correct list
+    const stemmer = new Stemmer();
+    const searchTerms = new Set();
+    const excludedTerms = new Set();
+    const highlightTerms = new Set();
+    const objectTerms = new Set(splitQuery(query.toLowerCase().trim()));
+    splitQuery(query.trim()).forEach((queryTerm) => {
+      const queryTermLower = queryTerm.toLowerCase();
+
+      // maybe skip this "word"
+      // stopwords array is from language_data.js
+      if (
+        stopwords.indexOf(queryTermLower) !== -1 ||
+        queryTerm.match(/^\d+$/)
+      )
+        return;
+
+      // stem the word
+      let word = stemmer.stemWord(queryTermLower);
+      // select the correct list
+      if (word[0] === "-") excludedTerms.add(word.substr(1));
+      else {
+        searchTerms.add(word);
+        highlightTerms.add(queryTermLower);
+      }
+    });
+
+    if (SPHINX_HIGHLIGHT_ENABLED) {  // set in sphinx_highlight.js
+      localStorage.setItem("sphinx_highlight_terms", [...highlightTerms].join(" "))
+    }
+
+    // console.debug("SEARCH: searching for:");
+    // console.info("required: ", [...searchTerms]);
+    // console.info("excluded: ", [...excludedTerms]);
+
+    return [query, searchTerms, excludedTerms, highlightTerms, objectTerms];
+  },
+
+  /**
+   * execute search (requires search index to be loaded)
+   */
+  _performSearch: (query, searchTerms, excludedTerms, highlightTerms, objectTerms) => {
+    const filenames = Search._index.filenames;
+    const docNames = Search._index.docnames;
+    const titles = Search._index.titles;
+    const allTitles = Search._index.alltitles;
+    const indexEntries = Search._index.indexentries;
+
+    // Collect multiple result groups to be sorted separately and then ordered.
+    // Each is an array of [docname, title, anchor, descr, score, filename, kind].
+    const normalResults = [];
+    const nonMainIndexResults = [];
+
+    _removeChildren(document.getElementById("search-progress"));
+
+    const queryLower = query.toLowerCase().trim();
+    for (const [title, foundTitles] of Object.entries(allTitles)) {
+      if (title.toLowerCase().trim().includes(queryLower) && (queryLower.length >= title.length/2)) {
+        for (const [file, id] of foundTitles) {
+          const score = Math.round(Scorer.title * queryLower.length / title.length);
+          const boost = titles[file] === title ? 1 : 0;  // add a boost for document titles
+          normalResults.push([
+            docNames[file],
+            titles[file] !== title ? `${titles[file]} > ${title}` : title,
+            id !== null ? "#" + id : "",
+            null,
+            score + boost,
+            filenames[file],
+            SearchResultKind.title,
+          ]);
+        }
+      }
+    }
+
+    // search for explicit entries in index directives
+    for (const [entry, foundEntries] of Object.entries(indexEntries)) {
+      if (entry.includes(queryLower) && (queryLower.length >= entry.length/2)) {
+        for (const [file, id, isMain] of foundEntries) {
+          const score = Math.round(100 * queryLower.length / entry.length);
+          const result = [
+            docNames[file],
+            titles[file],
+            id ? "#" + id : "",
+            null,
+            score,
+            filenames[file],
+            SearchResultKind.index,
+          ];
+          if (isMain) {
+            normalResults.push(result);
+          } else {
+            nonMainIndexResults.push(result);
+          }
+        }
+      }
+    }
+
+    // lookup as object
+    objectTerms.forEach((term) =>
+      normalResults.push(...Search.performObjectSearch(term, objectTerms))
+    );
+
+    // lookup as search terms in fulltext
+    normalResults.push(...Search.performTermsSearch(searchTerms, excludedTerms));
+
+    // let the scorer override scores with a custom scoring function
+    if (Scorer.score) {
+      normalResults.forEach((item) => (item[4] = Scorer.score(item)));
+      nonMainIndexResults.forEach((item) => (item[4] = Scorer.score(item)));
+    }
+
+    // Sort each group of results by score and then alphabetically by name.
+    normalResults.sort(_orderResultsByScoreThenName);
+    nonMainIndexResults.sort(_orderResultsByScoreThenName);
+
+    // Combine the result groups in (reverse) order.
+    // Non-main index entries are typically arbitrary cross-references,
+    // so display them after other results.
+    let results = [...nonMainIndexResults, ...normalResults];
+
+    // remove duplicate search results
+    // note the reversing of results, so that in the case of duplicates, the highest-scoring entry is kept
+    let seen = new Set();
+    results = results.reverse().reduce((acc, result) => {
+      let resultStr = result.slice(0, 4).concat([result[5]]).map(v => String(v)).join(',');
+      if (!seen.has(resultStr)) {
+        acc.push(result);
+        seen.add(resultStr);
+      }
+      return acc;
+    }, []);
+
+    return results.reverse();
+  },
+
+  query: (query) => {
+    const [searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms] = Search._parseQuery(query);
+    const results = Search._performSearch(searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms);
+
+    // for debugging
+    //Search.lastresults = results.slice();  // a copy
+    // console.info("search results:", Search.lastresults);
+
+    // print the results
+    _displayNextItem(results, results.length, searchTerms, highlightTerms);
+  },
+
+  /**
+   * search for object names
+   */
+  performObjectSearch: (object, objectTerms) => {
+    const filenames = Search._index.filenames;
+    const docNames = Search._index.docnames;
+    const objects = Search._index.objects;
+    const objNames = Search._index.objnames;
+    const titles = Search._index.titles;
+
+    const results = [];
+
+    const objectSearchCallback = (prefix, match) => {
+      const name = match[4]
+      const fullname = (prefix ? prefix + "." : "") + name;
+      const fullnameLower = fullname.toLowerCase();
+      if (fullnameLower.indexOf(object) < 0) return;
+
+      let score = 0;
+      const parts = fullnameLower.split(".");
+
+      // check for different match types: exact matches of full name or
+      // "last name" (i.e. last dotted part)
+      if (fullnameLower === object || parts.slice(-1)[0] === object)
+        score += Scorer.objNameMatch;
+      else if (parts.slice(-1)[0].indexOf(object) > -1)
+        score += Scorer.objPartialMatch; // matches in last name
+
+      const objName = objNames[match[1]][2];
+      const title = titles[match[0]];
+
+      // If more than one term searched for, we require other words to be
+      // found in the name/title/description
+      const otherTerms = new Set(objectTerms);
+      otherTerms.delete(object);
+      if (otherTerms.size > 0) {
+        const haystack = `${prefix} ${name} ${objName} ${title}`.toLowerCase();
+        if (
+          [...otherTerms].some((otherTerm) => haystack.indexOf(otherTerm) < 0)
+        )
+          return;
+      }
+
+      let anchor = match[3];
+      if (anchor === "") anchor = fullname;
+      else if (anchor === "-") anchor = objNames[match[1]][1] + "-" + fullname;
+
+      const descr = objName + _(", in ") + title;
+
+      // add custom score for some objects according to scorer
+      if (Scorer.objPrio.hasOwnProperty(match[2]))
+        score += Scorer.objPrio[match[2]];
+      else score += Scorer.objPrioDefault;
+
+      results.push([
+        docNames[match[0]],
+        fullname,
+        "#" + anchor,
+        descr,
+        score,
+        filenames[match[0]],
+        SearchResultKind.object,
+      ]);
+    };
+    Object.keys(objects).forEach((prefix) =>
+      objects[prefix].forEach((array) =>
+        objectSearchCallback(prefix, array)
+      )
+    );
+    return results;
+  },
+
+  /**
+   * search for full-text terms in the index
+   */
+  performTermsSearch: (searchTerms, excludedTerms) => {
+    // prepare search
+    const terms = Search._index.terms;
+    const titleTerms = Search._index.titleterms;
+    const filenames = Search._index.filenames;
+    const docNames = Search._index.docnames;
+    const titles = Search._index.titles;
+
+    const scoreMap = new Map();
+    const fileMap = new Map();
+
+    // perform the search on the required terms
+    searchTerms.forEach((word) => {
+      const files = [];
+      // find documents, if any, containing the query word in their text/title term indices
+      // use Object.hasOwnProperty to avoid mismatching against prototype properties
+      const arr = [
+        { files: terms.hasOwnProperty(word) ? terms[word] : undefined, score: Scorer.term },
+        { files: titleTerms.hasOwnProperty(word) ? titleTerms[word] : undefined, score: Scorer.title },
+      ];
+      // add support for partial matches
+      if (word.length > 2) {
+        const escapedWord = _escapeRegExp(word);
+        if (!terms.hasOwnProperty(word)) {
+          Object.keys(terms).forEach((term) => {
+            if (term.match(escapedWord))
+              arr.push({ files: terms[term], score: Scorer.partialTerm });
+          });
+        }
+        if (!titleTerms.hasOwnProperty(word)) {
+          Object.keys(titleTerms).forEach((term) => {
+            if (term.match(escapedWord))
+              arr.push({ files: titleTerms[term], score: Scorer.partialTitle });
+          });
+        }
+      }
+
+      // no match but word was a required one
+      if (arr.every((record) => record.files === undefined)) return;
+
+      // found search word in contents
+      arr.forEach((record) => {
+        if (record.files === undefined) return;
+
+        let recordFiles = record.files;
+        if (recordFiles.length === undefined) recordFiles = [recordFiles];
+        files.push(...recordFiles);
+
+        // set score for the word in each file
+        recordFiles.forEach((file) => {
+          if (!scoreMap.has(file)) scoreMap.set(file, new Map());
+          const fileScores = scoreMap.get(file);
+          fileScores.set(word, record.score);
+        });
+      });
+
+      // create the mapping
+      files.forEach((file) => {
+        if (!fileMap.has(file)) fileMap.set(file, [word]);
+        else if (fileMap.get(file).indexOf(word) === -1) fileMap.get(file).push(word);
+      });
+    });
+
+    // now check if the files don't contain excluded terms
+    const results = [];
+    for (const [file, wordList] of fileMap) {
+      // check if all requirements are matched
+
+      // as search terms with length < 3 are discarded
+      const filteredTermCount = [...searchTerms].filter(
+        (term) => term.length > 2
+      ).length;
+      if (
+        wordList.length !== searchTerms.size &&
+        wordList.length !== filteredTermCount
+      )
+        continue;
+
+      // ensure that none of the excluded terms is in the search result
+      if (
+        [...excludedTerms].some(
+          (term) =>
+            terms[term] === file ||
+            titleTerms[term] === file ||
+            (terms[term] || []).includes(file) ||
+            (titleTerms[term] || []).includes(file)
+        )
+      )
+        break;
+
+      // select one (max) score for the file.
+      const score = Math.max(...wordList.map((w) => scoreMap.get(file).get(w)));
+      // add result to the result list
+      results.push([
+        docNames[file],
+        titles[file],
+        "",
+        null,
+        score,
+        filenames[file],
+        SearchResultKind.text,
+      ]);
+    }
+    return results;
+  },
+
+  /**
+   * helper function to return a node containing the
+   * search summary for a given text. keywords is a list
+   * of stemmed words.
+   */
+  makeSearchSummary: (htmlText, keywords, anchor) => {
+    const text = Search.htmlToText(htmlText, anchor);
+    if (text === "") return null;
+
+    const textLower = text.toLowerCase();
+    const actualStartPosition = [...keywords]
+      .map((k) => textLower.indexOf(k.toLowerCase()))
+      .filter((i) => i > -1)
+      .slice(-1)[0];
+    const startWithContext = Math.max(actualStartPosition - 120, 0);
+
+    const top = startWithContext === 0 ? "" : "...";
+    const tail = startWithContext + 240 < text.length ? "..." : "";
+
+    let summary = document.createElement("p");
+    summary.classList.add("context");
+    summary.textContent = top + text.substr(startWithContext, 240).trim() + tail;
+
+    return summary;
+  },
+};
+
+_ready(Search.init);
diff --git a/latest/_static/sphinx_highlight.js b/latest/_static/sphinx_highlight.js
new file mode 100644
index 00000000..8a96c69a
--- /dev/null
+++ b/latest/_static/sphinx_highlight.js
@@ -0,0 +1,154 @@
+/* Highlighting utilities for Sphinx HTML documentation. */
+"use strict";
+
+const SPHINX_HIGHLIGHT_ENABLED = true
+
+/**
+ * highlight a given string on a node by wrapping it in
+ * span elements with the given class name.
+ */
+const _highlight = (node, addItems, text, className) => {
+  if (node.nodeType === Node.TEXT_NODE) {
+    const val = node.nodeValue;
+    const parent = node.parentNode;
+    const pos = val.toLowerCase().indexOf(text);
+    if (
+      pos >= 0 &&
+      !parent.classList.contains(className) &&
+      !parent.classList.contains("nohighlight")
+    ) {
+      let span;
+
+      const closestNode = parent.closest("body, svg, foreignObject");
+      const isInSVG = closestNode && closestNode.matches("svg");
+      if (isInSVG) {
+        span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+      } else {
+        span = document.createElement("span");
+        span.classList.add(className);
+      }
+
+      span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+      const rest = document.createTextNode(val.substr(pos + text.length));
+      parent.insertBefore(
+        span,
+        parent.insertBefore(
+          rest,
+          node.nextSibling
+        )
+      );
+      node.nodeValue = val.substr(0, pos);
+      /* There may be more occurrences of search term in this node. So call this
+       * function recursively on the remaining fragment.
+       */
+      _highlight(rest, addItems, text, className);
+
+      if (isInSVG) {
+        const rect = document.createElementNS(
+          "http://www.w3.org/2000/svg",
+          "rect"
+        );
+        const bbox = parent.getBBox();
+        rect.x.baseVal.value = bbox.x;
+        rect.y.baseVal.value = bbox.y;
+        rect.width.baseVal.value = bbox.width;
+        rect.height.baseVal.value = bbox.height;
+        rect.setAttribute("class", className);
+        addItems.push({ parent: parent, target: rect });
+      }
+    }
+  } else if (node.matches && !node.matches("button, select, textarea")) {
+    node.childNodes.forEach((el) => _highlight(el, addItems, text, className));
+  }
+};
+const _highlightText = (thisNode, text, className) => {
+  let addItems = [];
+  _highlight(thisNode, addItems, text, className);
+  addItems.forEach((obj) =>
+    obj.parent.insertAdjacentElement("beforebegin", obj.target)
+  );
+};
+
+/**
+ * Small JavaScript module for the documentation.
+ */
+const SphinxHighlight = {
+
+  /**
+   * highlight the search words provided in localstorage in the text
+   */
+  highlightSearchWords: () => {
+    if (!SPHINX_HIGHLIGHT_ENABLED) return;  // bail if no highlight
+
+    // get and clear terms from localstorage
+    const url = new URL(window.location);
+    const highlight =
+        localStorage.getItem("sphinx_highlight_terms")
+        || url.searchParams.get("highlight")
+        || "";
+    localStorage.removeItem("sphinx_highlight_terms")
+    url.searchParams.delete("highlight");
+    window.history.replaceState({}, "", url);
+
+    // get individual terms from highlight string
+    const terms = highlight.toLowerCase().split(/\s+/).filter(x => x);
+    if (terms.length === 0) return; // nothing to do
+
+    // There should never be more than one element matching "div.body"
+    const divBody = document.querySelectorAll("div.body");
+    const body = divBody.length ? divBody[0] : document.querySelector("body");
+    window.setTimeout(() => {
+      terms.forEach((term) => _highlightText(body, term, "highlighted"));
+    }, 10);
+
+    const searchBox = document.getElementById("searchbox");
+    if (searchBox === null) return;
+    searchBox.appendChild(
+      document
+        .createRange()
+        .createContextualFragment(
+          '
' +
+            '' +
+            _("Hide Search Matches") +
+            "
"
+        )
+    );
+  },
+
+  /**
+   * helper function to hide the search marks again
+   */
+  hideSearchWords: () => {
+    document
+      .querySelectorAll("#searchbox .highlight-link")
+      .forEach((el) => el.remove());
+    document
+      .querySelectorAll("span.highlighted")
+      .forEach((el) => el.classList.remove("highlighted"));
+    localStorage.removeItem("sphinx_highlight_terms")
+  },
+
+  initEscapeListener: () => {
+    // only install a listener if it is really needed
+    if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) return;
+
+    document.addEventListener("keydown", (event) => {
+      // bail for input elements
+      if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return;
+      // bail with special keys
+      if (event.shiftKey || event.altKey || event.ctrlKey || event.metaKey) return;
+      if (DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS && (event.key === "Escape")) {
+        SphinxHighlight.hideSearchWords();
+        event.preventDefault();
+      }
+    });
+  },
+};
+
+_ready(() => {
+  /* Do not call highlightSearchWords() when we are on the search page.
+   * It will highlight words from the *previous* search query.
+   */
+  if (typeof Search === "undefined") SphinxHighlight.highlightSearchWords();
+  SphinxHighlight.initEscapeListener();
+});
diff --git a/latest/basic-tutorial.html b/latest/basic-tutorial.html
new file mode 100644
index 00000000..b6d26d5f
--- /dev/null
+++ b/latest/basic-tutorial.html
@@ -0,0 +1,319 @@
+
+
+
+
+
+  
+
+  
+  A Basic Introduction to GSSAPI — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
A Basic Introduction to GSSAPI

+
GSSAPI (which stands for “Generic Security Service API”) is an
+standard layer for interfacing with security services.  While it
+supports multiple different mechanisms, it is most commonly used
+with Kerberos 5 (“krb5” for short).

+
This tutorial will provide a basic introduction to interacting with
+GSSAPI through Python.

+
Note: This file is designed to be runnable using
+YALPT.  You can also just
+read it normally.

+
To start out, we’ll import python-gssapi, and save the current FQDN
+for later:

+
>>> import gssapi, socket
+>>> FQDN = socket.getfqdn()
+>>>
+

+

+
Note that this assumes you have a KRB5 realm set up, and some relevant
+functions available in the REALM object (see gssapi-console.py in
+gssapi_console), or
+try $ run-lit -e gssapi basic-tutorial.md when you have both
+gssapi_console and yalpt installed).  Any actions performed using the
+REALM object are not part of the GSSAPI library; the REALM object
+simply contains wrappers to krb5 commands generally run separately from
+the application using GSSAPI.

+

+
Names and Credentials

+
Two important concepts in GSSAPI are names and credentials.

+
Names, as the name suggests, identify different entities, be they
+users or services.  GSSAPI has the concept of different name types.
+These represent different types of names and corresponding syntax
+for representing names as strings.

+
Suppose we wanted to refer to an HTTP server on the current host.
+We could refer to it as a host-based service, or in the default
+mechanism form (in this case, for krb5):

+
>>> server_hostbased_name = gssapi.Name(f"HTTP@{FQDN}", name_type=gssapi.NameType.hostbased_service)
+>>> server_hostbased_name
+Name(b'HTTP@seton.mivehind.net', <OID 1.2.840.113554.1.2.1.4>)
+>>> server_name = gssapi.Name(f"HTTP/{FQDN}@")
+>>> server_name
+Name(b'HTTP/seton.mivehind.net@', None)
+>>>
+

+

+
These are both effectively the same, but if we canonicalize both
+names with respect to krb5, we’ll see that GSSAPI knows they’re the
+same:

+
>>> server_name == server_hostbased_name
+False
+>>> server_canon_name = server_name.canonicalize(gssapi.MechType.kerberos)
+>>> server_hostbased_canon_name = server_hostbased_name.canonicalize(gssapi.MechType.kerberos)
+>>> server_canon_name == server_hostbased_canon_name
+True
+>>>
+

+

+
To compare two names of different name types, you should canonicalize
+them first.

+
Credentials represent identification for a user or service.  In
+order to establish secure communication with other entities, a user
+or service first needs credentials.  For the krb5 mechanism,
+credentials generally represent a handle to the TGT.

+
Credentials may be acquired for a particular name, or the default set
+of credentials may be acquired.

+
For instance, suppose that we are writing a server, and wish to
+communicate accept connections as the ‘HTTP’ service.  We would need
+to acquire credentials as such:

+
>>> REALM.addprinc('HTTP/%s@%s' % (FQDN, REALM.realm))
+>>> REALM.extract_keytab('HTTP/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
+>>> server_creds = gssapi.Credentials(usage='accept', name=server_name)
+>>>
+

+

+
Note that for the krb5 mechanism, in order to acquire credentials with
+the GSSAPI, the system must already have a way to access those credentials.
+For users, this generally means that they have already performed a kinit
+(i.e. have cached a TGT), while for services (like above), having a keytab
+is sufficient.  This process is generally performed outside the application
+using the GSSAPI.

+
Credentials have a usage: ‘accept’ for accepting security contexts,
+‘initiate’ for initiating security contexts, or ‘both’ for
+credentials used for both initiating and accepting security contexts.

+
Credentials also have an associated name, lifetime (which may
+be None for indefinite), and set of mechanisms with which the
+credentials are usable:

+
>>> server_creds.usage
+'accept'
+>>> server_creds.name == server_name
+True
+>>> server_creds.lifetime is None
+True
+>>> gssapi.MechType.kerberos in server_creds.mechs
+True
+>>> gssapi.MechType.kerberos in server_creds.mechs
+True
+>>>
+

+

+
Each of these settings is setable from the constructor as usage,
+name, lifetime, and mechs.

+

+

+
Security Contexts

+
Security contexts represent active sessions between two different
+entities.  Security contexts are used to verify identities, as well
+as ensure integrity (message signing), confidentiality (message
+encryption), or both for messages exchanged between the two parties.

+
When establishing a security context, the default credentials are
+used unless otherwise specified.  This allows applications to use
+the user’s already acquired credentials:

+
>>> client_ctx = gssapi.SecurityContext(name=server_name, usage='initiate')
+>>> initial_client_token = client_ctx.step()
+>>> client_ctx.complete
+False
+>>>
+

+

+
Just like credentials, security contexts are either initiating
+contexts, or accepting contexts (they cannot be both).  Initiating
+contexts must specify at least a target name.  In this case,
+we indicate that we wish to establish a context with the HTTP server
+from above.  The http server can then accept that context:

+
>>> server_ctx = gssapi.SecurityContext(creds=server_creds, usage='accept')
+>>> initial_server_token = server_ctx.step(initial_client_token)
+>>>
+

+

+
As you can see, creating an accepting security context is similar.
+Here, we specify a set of accepting credentials to use, although
+this is optional (the defaults will be used if no credentials are
+specified).

+
Let’s finish up the exchange:

+
>>> server_tok = initial_server_token
+>>>
+>>> while not (client_ctx.complete and server_ctx.complete):
+...     client_tok = client_ctx.step(server_tok)
+...     if not client_tok:
+...         break
+...     server_tok = server_ctx.step(client_tok)
+...
+>>> client_ctx.complete and server_ctx.complete
+True
+>>>
+

+

+
We can now wrap and unwrap messages, using the wrap and unwrap methods
+on SecurityContext:

+
>>> message = b'some message here'
+>>> wrapped_message, msg_encrypted = client_ctx.wrap(message, True)
+>>> message not in wrapped_message
+True
+>>> msg_encrypted
+True
+>>> server_ctx.unwrap(wrapped_message)
+UnwrapResult(message=b'some message here', encrypted=True, qop=0)
+>>>
+

+

+
We can use the second parameter to control whether or not we encrypt the
+messages, or just sign them:

+
>>> signed_message, msg_encrypted = client_ctx.wrap(message, False)
+>>> msg_encrypted
+False
+>>> message in signed_message
+True
+>>> server_ctx.unwrap(signed_message)
+UnwrapResult(message=b'some message here', encrypted=False, qop=0)
+>>>
+

+

+
Manually passing in a second parameter and checking whether or not encryption
+was used can get tedious, so python-gssapi provides two convenience methods
+to help with this: encrypt and decrypt.  If the context is set up to use
+encryption, they will call wrap with encryption.  If not, they will
+call wrap without encryption.

+
>>> encrypted_message = client_ctx.encrypt(message)
+>>> encrypted_message != message
+True
+>>> server_ctx.decrypt(encrypted_message)
+b'some message here'
+>>>
+

+

+
Notice that if we try to use decrypt a signed message, and exception will be raised,
+since the context was set up to use encryption (the default):

+
>>> signed_message, _ = client_ctx.wrap(message, False)
+>>> server_ctx.decrypt(signed_message)
+Traceback (most recent call last):
+  File "<stdin>", line 1, in <module>
+  File "<string>", line 2, in decrypt
+  File "/usr/lib/python3.4/site-packages/gssapi/_utils.py", line 167, in check_last_err
+    return func(self, *args, **kwargs)
+  File "/usr/lib/python3.4/site-packages/gssapi/sec_contexts.py", line 295, in decrypt
+    unwrapped_message=res.message)
+gssapi.exceptions.EncryptionNotUsed: Confidentiality was requested, but not used: The context was established with encryption, but unwrapped message was not encrypted.
+>>>
+

+

+
There you have it: the basics of GSSAPI.  You can use the help function
+at the interpreter, or check the docs
+for more information.

+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/credstore.html b/latest/credstore.html
new file mode 100644
index 00000000..86742b50
--- /dev/null
+++ b/latest/credstore.html
@@ -0,0 +1,192 @@
+
+
+
+
+
+  
+
+  
+  Common Values for Credentials Store Extensions — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Common Values for Credentials Store Extensions

+
The credentials store extension is an extension introduced by the MIT krb5
+library implementation of GSSAPI.  It allows for finer control of credentials
+from within a GSSAPI application.  Each mechanism can define keywords to
+manipulate various aspects of their credentials for storage or retrieval
+operations.

+

+
The krb5 mechanism in MIT libraries

+
The krb5 mechanism as implemented by MIT libraries supports the credentials
+store extension with a number of keywords.

+

+
client_keytab

+
The client_keytab keyword can be used in a credential store when it is used
+with the gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions to indicate a custom
+location for a keytab containing client keys.  It is not used in the context
+of calls used to store credentials.

+
The value is a string in the form type:residual where type can be any
+keytab storage type understood by the implementation and residual is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to FILE.

+

+

+
keytab

+
The keytab keyword can be used in a credential store when it is used with
+the gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions to indicate a custom
+location for a keytab containing service keys.  It is not used in the context
+of calls used to store credentials.

+
The value is a string in the form type:residual where type can be any
+keytab storage type understood by the implementation and residual is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to FILE.

+

+

+
ccache

+
The ccache keyword can be used to reference a specific credential storage.
+It can be used both to indicate the source of existing credentials for the
+gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions, as well as the
+destination storage for the gssapi.raw.ext_cred_store.store_cred_into()
+function.

+
The value is a string in the form type:residual where type can be any
+credential cache storage type understood by the implementation and
+residual is the ccache identifier.  If the string is a path, then the type
+is defaulted to FILE.  Other commonly used types are DIR, KEYRING,
+KCM, and MEMORY.  Each type has a different format for the residual;
+refer to the MIT krb5 documentation for more details.

+

+

+
rcache

+
The rcache keyword can be used to reference a custom replay cache storage.
+It is used only with the gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions for credentials used
+to accept context establishments, not to initiate contexts.

+
The value is a string in the form type:residual where type can be any
+replay cache storage type understood by the implementation and residual is
+the cache identifier (usually something like a path).  If the string is a
+path, then the type is defaulted to FILE.

+

+

+

+
The krb5 mechanism in Heimdal

+
Heimdal has recently implemented the credential store extensions with the same
+interface as MIT krb5.  However, it is not yet present in any released
+version.

+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/genindex.html b/latest/genindex.html
new file mode 100644
index 00000000..ba227bd4
--- /dev/null
+++ b/latest/genindex.html
@@ -0,0 +1,1440 @@
+
+
+
+
+
+  
+  
+  Index — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Index
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+
+
Index

+
+

+ A
+ | B
+ | C
+ | D
+ | E
+ | F
+ | G
+ | H
+ | I
+ | K
+ | L
+ | M
+ | N
+ | O
+ | P
+ | Q
+ | R
+ | S
+ | T
+ | U
+ | V
+ | W
+ | X
+ 
+

+
A

+
+  
+  
+

+
+
B

+
+  
+  
+

+
+
C

+
+  
+  
+

+
+
D

+
+  
+  
+

+
+
E

+
+  
+  
+

+
+
F

+
+  
+  
+

+
+
G

+
+  
+  
+
    
+      
  • 
+    gssapi.raw.ext_krb5
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_password
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_password_add
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc4178
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5587
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5588
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5801
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc6680
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_s4u
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_set_cred_opt
+
+      
    • 
+      
  • 
+    gssapi.raw.message
+
+      
    • 
+      
  • 
+    gssapi.raw.misc
+
+      
    • 
+      
  • 
+    gssapi.raw.named_tuples
+
+      
    • 
+      
  • 
+    gssapi.raw.names
+
+      
    • 
+      
  • 
+    gssapi.raw.oids
+
+      
    • 
+      
  • 
+    gssapi.raw.sec_contexts
+
+      
    • 
+      
  • 
+    gssapi.raw.types
+
+      
    • 
+      
  • 
+    gssapi.sec_contexts
+
+      
    • 
+      
  • GSSError, [1], [2]
+
    • 
+  

+
+
H

+
+  
+  
+

+
+
I

+
+  
+  
+

+
+
K

+
+  
+  
+

+
+
L

+
+  
+  
+

+
+
M

+
+  
+  
+

+
+
N

+
+  
+  
+

+
+
O

+
+  
+  
+

+
+
P

+
+  
+  
+

+
+
Q

+
+  
+

+
+
R

+
+  
+  
+

+
+
S

+
+  
+  
+

+
+
T

+
+  
+  
+

+
+
U

+
+  
+  
+

+
+
V

+
+  
+  
+

+
+
W

+
+  
+  
+

+
+
X

+
+  
+  
+

+
+
+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/gssapi.html b/latest/gssapi.html
new file mode 100644
index 00000000..9ad031a5
--- /dev/null
+++ b/latest/gssapi.html
@@ -0,0 +1,1729 @@
+
+
+
+
+
+  
+
+  
+  High-Level API — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
High-Level API

+
The high-level API contains three main classes for interacting with GSSAPI,
+representing the primary abstractions that GSSAPI provides:
+Name, Credentials, and
+SecurityContext.

+

+
Note

+
Classes in the high-level API inherit from the corresponding classes in the
+low-level API, and thus may be passed in to low-level API functions.

+

+

+
Warning

+
All methods in both the high-level and low-level APIs may throw the generic
+GSSError exception.

+

+

+
Main Classes

+

+
Names

+

+

+class Name(base: Name | bytes | str | None = None, name_type: OID | None = None, token: bytes | None = None, composite: bool = False)[source]

+
A GSSAPI Name

+
This class represents a GSSAPI name which may be used with and/or returned
+by other GSSAPI methods.

+
It inherits from the low-level GSSAPI Name
+class, and thus may used with both low-level and high-level API methods.

+
This class may be pickled and unpickled, as well as copied.

+
The str and bytes methods may be used to retrieve the
+text of the name.

+

+
Note

+
Name strings will be automatically converted to and from unicode
+strings as appropriate.  If a method is listed as returning a
+str object, it will return a unicode string.

+
The encoding used will be python-gssapi’s current encoding, which
+defaults to UTF-8.

+

+
The constructor can be used to “import” a name from a human readable
+representation, or from a token, and can also be used to convert a
+low-level gssapi.raw.names.Name object into a high-level
+object.

+
If a Name object from the low-level API
+is passed as the base argument, it will be converted into a
+high-level object.

+
If the token argument is used, the name will be imported using
+the token.  If the token was exported as a composite token,
+pass composite=True.

+
Otherwise, a new name will be created, using the base argument as
+the human-readable string and the name_type argument to denote the
+name type.

+

+
Raises:

+

+

+

+

+

+display_as(name_type: OID)  str[source]

+
Display this name as the given name type.

+
This method attempts to display the current Name
+using the syntax of the given NameType, if
+possible.

+

+
Warning

+
In MIT krb5 versions below 1.13.3, this method can segfault if
+the name was not originally created with a name_type that was
+not None (even in cases when a name_type
+is later “added”, such as via canonicalize()).
+Do not use this method unless you are sure the above
+conditions can never happen in your code.

+

+

+
Warning

+
In addition to the above warning, current versions of MIT krb5 do
+not actually fully implement this method, and it may return
+incorrect results in the case of canonicalized names.

+

+
requires the RFC 6680 extension

+

+
Parameters:

+
name_type (OID) – the NameType to
+use to display the given name

+

+
Returns:

+
the displayed name

+

+
Return type:

+
str

+

+
Raises:

+
OperationUnavailableError

+

+

+

+
+

+

+property name_type: OID | None

+
The NameType of this name

+

+
+

+

+export(composite: bool = False)  bytes[source]

+
Export this name as a token.

+
This method exports the name into a byte string which can then be
+imported by using the token argument of the constructor.

+

+
Parameters:

+
composite (bool) – whether or not use to a composite token –
+requires the RFC 6680 extension

+

+
Returns:

+
the exported name in token form

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+canonicalize(mech: OID)  Name[source]

+
Canonicalize a name with respect to a mechanism.

+
This method returns a new Name that is canonicalized according
+to the given mechanism.

+

+
Parameters:

+
mech (OID) – the MechType to use

+

+
Returns:

+
the canonicalized name

+

+
Return type:

+
Name

+

+
Raises:

+

+

+

+

+
+

+

+property is_mech_name: bool

+
Whether or not this name is a mechanism name
+(requires the RFC 6680 extension)

+

+
+

+

+property mech: OID

+
The mechanism associated with this name (requires the RFC 6680 extension)

+

+
+

+

+property attributes: MutableMapping | None

+
The attributes of this name (requires the RFC 6680 extension)

+
The attributes are presenting in the form of a
+MutableMapping (a dict-like object).

+
Retrieved values will always be in the form of frozenset.

+
When assigning values, if iterables are used, they be considered to be
+the set of values for the given attribute.  If a non-iterable is used,
+it will be considered a single value, and automatically wrapped in an
+iterable.

+

+
Note

+
String types (includes bytes) are not considered to
+be iterables in this case.

+

+

+
+

+
+

+

+
Credentials

+

+

+class Credentials(base: Creds | None = None, token: bytes | None = None, name: Name | None = None, lifetime: int | None = None, mechs: Iterable[OID] | None = None, usage: str = 'both', store: Dict[bytes | str, bytes | str] | None = None)[source]

+
GSSAPI Credentials

+
This class represents a set of GSSAPI credentials which may
+be used with and/or returned by other GSSAPI methods.

+
It inherits from the low-level GSSAPI Creds
+class, and thus may used with both low-level and high-level API methods.

+
If your implementation of GSSAPI supports the credentials import-export
+extension, you may pickle and unpickle this object.

+
The constructor either acquires or imports a set of GSSAPI
+credentials.

+
If the base argument is used, an existing
+Creds object from the low-level API is
+converted into a high-level object.

+
If the token argument is used, the credentials
+are imported using the token, if the credentials import-export
+extension is supported (requires the cred_imp_exp extension).

+
Otherwise, the credentials are acquired as per the
+acquire() method.

+

+
Raises:

+

+

+

+

+

+property name: Name

+
Get the name associated with these credentials

+

+
+

+

+property lifetime: int

+
Get the remaining lifetime of these credentials, in seconds

+

+
+

+

+property mechs: Set[OID]

+
Get the mechanisms for these credentials

+

+
+

+

+property usage: str

+
Get the usage (initiate, accept, or both) of these credentials

+

+
+

+

+classmethod acquire(name: Name | None = None, lifetime: int | None = None, mechs: Iterable[OID] | None = None, usage: str = 'both', store: Dict[bytes | str, bytes | str] | None = None)  AcquireCredResult[source]

+
Acquire GSSAPI credentials

+
This method acquires credentials.  If the store argument is
+used, the credentials will be acquired from the given
+credential store (if supported).  Otherwise, the credentials are
+acquired from the default store.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+
Using a non-default store requires support for the credentials store
+extension.

+

+
Parameters:

+
    
+
  • name (Name) – the name associated with the
+credentials, or None for the default name
    • 
+
  • lifetime (int) – the desired lifetime of the credentials in seconds,
+or None for indefinite
    • 
+
  • mechs (list) – the desired MechType OIDs to be used
+with the credentials, or None for the default set
    • 
+
  • usage (str) – the usage for the credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials,
+or None for the default store (requires the cred_store extension)
    • 
+

+

+
Returns:

+
the acquired credentials and information about
+them

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+store(store: Dict[bytes | str, bytes | str] | None = None, usage: str = 'both', mech: OID | None = None, overwrite: bool = False, set_default: bool = False)  StoreCredResult[source]

+
Store these credentials into the given store

+
This method stores the current credentials into the specified
+credentials store.  If the default store is used, support for
+RFC 5588 is required.  Otherwise, support for the credentials
+store extension is required.

+
requires the RFC 5588 extension or requires the cred_store extension

+

+
Parameters:

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the MechType to associate with the
+stored credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns:

+
the results of the credential storing operation

+

+
Return type:

+
StoreCredResult

+

+
Raises:

+

+

+

+

+
+

+

+impersonate(name: Name | None = None, lifetime: int | None = None, mechs: Iterable[OID] | None = None, usage: str = 'initiate')  Credentials[source]

+
Impersonate a name using the current credentials

+
This method acquires credentials by impersonating another
+name using the current credentials.

+
requires the s4u extension

+

+
Parameters:

+
    
+
  • name (Name) – the name to impersonate
    • 
+
  • lifetime (int) – the desired lifetime of the new credentials in
+seconds, or None for indefinite
    • 
+
  • mechs (list) – the desired MechType OIDs for the new
+credentials
    • 
+
  • usage (str) – the desired usage for the new credentials – either
+‘both’, ‘initiate’, or ‘accept’.  Note that some mechanisms
+may only support ‘initiate’.
    • 
+

+

+
Returns:

+
the new credentials impersonating the given name

+

+
Return type:

+
Credentials

+

+

+

+
+

+

+inquire(name: bool = True, lifetime: bool = True, usage: bool = True, mechs: bool = True)  InquireCredResult[source]

+
Inspect these credentials for information

+
This method inspects these credentials for information about them.

+

+
Parameters:

+
    
+
  • name (bool) – get the name associated with the credentials
    • 
+
  • lifetime (bool) – get the remaining lifetime for the credentials
    • 
+
  • usage (bool) – get the usage for the credentials
    • 
+
  • mechs (bool) – get the mechanisms associated with the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with None used when the corresponding argument was False

+

+
Return type:

+
InquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_by_mech(mech: OID, name: bool = True, init_lifetime: bool = True, accept_lifetime: bool = True, usage: bool = True)  InquireCredByMechResult[source]

+
Inspect these credentials for per-mechanism information

+
This method inspects these credentials for per-mechanism information
+about them.

+

+
Parameters:

+
    
+
  • mech (OID) – the mechanism for which to retrieve the
+information
    • 
+
  • name (bool) – get the name associated with the credentials
    • 
+
  • init_lifetime (bool) – get the remaining initiate lifetime for
+the credentials in seconds
    • 
+
  • accept_lifetime (bool) – get the remaining accept lifetime for
+the credentials in seconds
    • 
+
  • usage (bool) – get the usage for the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with None used when the corresponding argument was False

+

+
Return type:

+
InquireCredByMechResult

+

+

+

+
+

+

+add(name: Name, mech: OID, usage: str = 'both', init_lifetime: int | None = None, accept_lifetime: int | None = None, impersonator: Creds | None = None, store: Dict[bytes | str, bytes | str] | None = None)  Credentials[source]

+
Acquire more credentials to add to the current set

+
This method works like acquire(), except that it adds the
+acquired credentials for a single mechanism to a copy of the current
+set, instead of creating a new set for multiple mechanisms.
+Unlike acquire(), you cannot pass None desired name or
+mechanism.

+
If the impersonator argument is used, the credentials will
+impersonate the given name using the impersonator credentials
+(requires the s4u extension).

+
If the store argument is used, the credentials will be acquired
+from the given credential store (requires the cred_store extension).
+Otherwise, the credentials are acquired from the default store.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+
Note that the store argument is not compatible with the
+impersonator argument.

+

+
Parameters:

+
    
+
  • name (Name) – the name associated with the
+credentials
    • 
+
  • mech (OID) – the desired MechType to be used with
+the credentials
    • 
+
  • usage (str) – the usage for the credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • init_lifetime (int) – the desired initiate lifetime of the
+credentials in seconds, or None for indefinite
    • 
+
  • accept_lifetime (int) – the desired accept lifetime of the
+credentials in seconds, or None for indefinite
    • 
+
  • impersonator (Credentials) – the credentials to use to impersonate
+the given name, or None to not acquire normally
+(requires the s4u extension)
    • 
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials,
+or None for the default store (requires the cred_store extension)
    • 
+

+

+
Returns:

+
the credentials set containing the current credentials
+and the newly acquired ones.

+

+
Return type:

+
Credentials

+

+
Raises:

+

+

+

+

+
+

+

+export()  bytes[source]

+
Export these credentials into a token

+
This method exports the current credentials to a token that can
+then be imported by passing the token argument to the constructor.

+
This is often used to pass credentials between processes.

+
requires the cred_imp_exp extension

+

+
Returns:

+
the exported credentials in token form

+

+
Return type:

+
bytes

+

+

+

+
+

+
+

+

+
Security Contexts

+

+

+class SecurityContext(base: SecurityContext | None = None, token: bytes | None = None, name: Name | None = None, creds: Credentials | None = None, lifetime: int | None = None, flags: int | None = None, mech: OID | None = None, channel_bindings: ChannelBindings | None = None, usage: str | None = None)[source]

+
A GSSAPI Security Context

+
This class represents a GSSAPI security context that may be used
+with and/or returned by other GSSAPI methods.

+
It inherits from the low-level GSSAPI
+SecurityContext class,
+and thus may used with both low-level and high-level API methods.

+
This class may be pickled and unpickled (the attached delegated
+credentials object will not be preserved, however).

+
The constructor creates a new security context, but does not begin
+the initiate or accept process.

+
If the base argument is used, an existing
+SecurityContext object from
+the low-level API is converted into a high-level object.

+
If the token argument is passed, the security context is imported
+using the token.

+
Otherwise, a new security context is created.

+
If the usage argument is not passed, the constructor will attempt
+to detect what the appropriate usage is based on either the existing
+security context (if base or token are used) or the argument set.

+
For a security context of the initiate usage, the name argument
+must be used, and the creds, mech, flags,
+lifetime, and channel_bindings arguments may be
+used as well.

+
For a security context of the accept usage, the creds and
+channel_bindings arguments may optionally be used.

+

+

+get_signature(message: bytes)  bytes[source]

+
Calculate the signature for a message.

+
This method calculates the signature (called a MIC) for
+the given message, which may be then used with
+verify_signature() to confirm the validity of the
+signature.  This is useful if you wish to transmit the
+message signature and message in your own format.

+

+
Parameters:

+
message (bytes) – the input message

+

+
Returns:

+
the message signature

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+verify_signature(message: bytes, mic: bytes)  int[source]

+
Verify the signature for a message.

+
This method verifies that a signature (generated by
+get_signature() is valid for the given message.

+
If the signature is valid, the method will return.
+Otherwise, it will raise an error.

+

+
Parameters:

+
    
+
  • message (bytes) – the message
    • 
+
  • mic (bytes) – the signature to verify
    • 
+

+

+
Returns:

+
the QoP used.

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+wrap(message: bytes, encrypt: bool)  WrapResult[source]

+
Wrap a message, optionally with encryption

+
This wraps a message, signing it and optionally
+encrypting it.

+

+
Parameters:

+
    
+
  • message (bytes) – the message to wrap
    • 
+
  • encrypt (bool) – whether or not to encrypt the message
    • 
+

+

+
Returns:

+
the wrapped message and details about it
+(e.g. whether encryption was used succesfully)

+

+
Return type:

+
WrapResult

+

+
Raises:

+

+

+

+

+
+

+

+unwrap(message: bytes)  UnwrapResult[source]

+
Unwrap a wrapped message.

+
This method unwraps/unencrypts a wrapped message,
+verifying the signature along the way.

+

+
Parameters:

+
message (bytes) – the message to unwrap/decrypt

+

+
Returns:

+
the unwrapped message and details about it
+(e.g. wheter encryption was used)

+

+
Return type:

+
UnwrapResult

+

+
Raises:

+

+

+

+

+
+

+

+encrypt(message: bytes)  bytes[source]

+
Encrypt a message.

+
This method wraps and encrypts a message, similarly to
+wrap().  The difference is that encryption is always
+used, and the method will raise an exception if this is
+not possible.  Additionally, this method simply returns
+the encrypted message directly.

+

+
Parameters:

+
message (bytes) – the message to encrypt

+

+
Returns:

+
the encrypted message

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+decrypt(message: bytes)  bytes[source]

+
Decrypt a message.

+
This method decrypts and unwraps a message, verifying the signature
+along the way, similarly to unwrap().  The difference is that
+this method will raise an exception if encryption was established
+by the context and not used, and simply returns the decrypted
+message directly.

+

+
Parameters:

+
message (bytes) – the encrypted message

+

+
Returns:

+
the decrypted message

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+get_wrap_size_limit(desired_output_size: int, encrypted: bool = True)  int[source]

+
Calculate the maximum message size for a given wrapped message size.

+
This method calculates the maximum input message size for a given
+maximum wrapped/encrypted message size.

+

+
Parameters:

+
    
+
  • desired_output_size (int) – the maximum output message size
    • 
+
  • encrypted (bool) – whether or not encryption should be taken
+into account
    • 
+

+

+
Returns:

+
the maximum input message size

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+process_token(token: bytes)  None[source]

+
Process an output token asynchronously.

+
This method processes an output token even when the security context
+was not expecting it.

+

+
Warning

+
This method is deprecated.

+

+

+
Parameters:

+
token (bytes) – the token to process

+

+
Raises:

+

+

+

+

+
+

+

+export()  bytes[source]

+
Export a security context.

+
This method exports a security context, allowing it to be passed
+between processes.

+

+
Returns:

+
the exported security context

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+property lifetime: int

+
The amount of time for which this context remains valid

+

+
+

+

+property delegated_creds: Credentials | None

+
The credentials delegated from the initiator to the acceptor

+

+
Warning

+
This value will not be preserved across picklings.  These should
+be separately exported and transferred.

+

+

+
+

+

+property initiator_name: Any

+
The Name of the initiator of this context

+

+
+

+

+property target_name: Any

+
The Name of the target of this context

+

+
+

+

+property mech: Any

+
The mechanism (MechType) in use by this context

+

+
+

+

+property actual_flags: Any

+
The flags set on this context

+

+
+

+

+property locally_initiated: Any

+
Whether this context was locally intiated

+

+
+

+

+property complete: bool

+
Whether negotiation for this context has been completed

+

+
+

+

+step(token: bytes | None = None)  bytes | None[source]

+
Perform a negotation step.

+
This method performs a negotiation step based on the usage type
+of this context.  If __DEFER_STEP_ERRORS__ is set to True on
+the class, this method will return a token, even when exceptions
+would be thrown.  The generated exception will be thrown on the next
+method call or property lookup on the context.
+This is the default behavior.

+
This method should be used in a while loop, as such:

+
input_token = None
+try:
+    while not ctx.complete:
+        output_token = ctx.step(input_token)
+        if not output_token:
+            break
+        input_token = send_and_receive(output_token)
+except GSSError as e:
+     handle_the_issue()
+

+

+

+
Tip

+
Disabling __DEFER_STEP_ERRORS__ is rarely necessary.
+When this method is used in a loop (as above),
+__DEFER_STEP_ERRORS__ will ensure that you always
+send an error token when it’s available,
+keeping the other end of the security context updated
+with the status of the negotiation.

+

+

+
Parameters:

+
token (bytes) – the input token from the other participant’s step

+

+
Returns:

+
the output token to send to the other participant

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+
+

+

+

+
Enums and Helper Classes

+
The following enumerations from the low-level API are also
+used with the high-level API.  For convenience, they are
+imported in the high-level API gssapi module:

+

+

+class NameType[source]

+
Bases: object

+

+

+anonymous = <OID 1.3.6.1.5.6.3>

+

+
+

+

+composite_export = <OID 1.3.6.1.5.6.6>

+

+
+

+

+export = <OID 1.3.6.1.5.6.4>

+

+
+

+

+hostbased_service = <OID 1.2.840.113554.1.2.1.4>

+

+
+

+

+kerberos_principal = <OID 1.2.840.113554.1.2.2.1>

+

+
+

+

+krb5_nt_principal_name = <OID 1.2.840.113554.1.2.2.1>

+

+
+

+

+machine_uid = <OID 1.2.840.113554.1.2.1.2>

+

+
+

+

+string_uid = <OID 1.2.840.113554.1.2.1.3>

+

+
+

+

+user = <OID 1.2.840.113554.1.2.1.1>

+

+
+

+
+

+

+class MechType[source]

+
Bases: object

+

+

+kerberos = <OID 1.2.840.113554.1.2.2>

+

+
+

+
+

+

+class RequirementFlag(*values)[source]

+
Bases: IntEnum

+

+
+
The ok_as_delegate flag corresponds to the C level flag
+GSS_C_DELEG_POLICY_FLAG. This flag is similar to delegate_to_peer
+except it only delegates if the KDC delegation policies for the service
+principal allow it to use delegation. This is typically used on Microsoft
+domain environments to control whether constrained or unconstrained delegation
+is allowed for a service principal. By setting this flag, the delegation
+process follows the same behaviour as delegation on SSPI/Windows.

+
Here are the four cases when either of these flags are set or not.

+

+
Neither flag set
No delegation occurs.

+

+
delegate_to_peer
Always try to delegate regardless of the KDC delegation policies.
+delegate_to_peer is set in the return flags if successful.

+

+
ok_as_delegate
Try to delegate but only if the KDC trusts the service principal for
+delegation. delegate_to_peer and ok_as_delegate are set in the
+return flags if successful.

+

+
delegate_to_peer | ok_as_delegate
Acts like delegate_to_peer being set but will also set
+ok_as_delegate in the return flags if the service principal was trusted
+for delegation by the KDC.

+

+

+

+

+class AddressType(*values)[source]

+
Bases: IntEnum

+

+
+
Similarly, there are a couple classes from the low-level API
+that are imported into the high-level API module.  These classes
+are less likely to be used directly by a user, but are returned
+by several methods:

+

+

+class OID[source]

+

+
+

+

+class IntEnumFlagSet(enum, flags=None)[source]

+
Bases: GenericFlagSet

+

+
+

+

+
Exceptions

+
The high-level API can raise all of the exceptions that the low-level API
+can raise in addition to several other high-level-specific exceptions:

+

+

+exception GSSError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: Exception

+

+

+MESSAGE = 'Major ({maj_stat}): {maj_str}, Minor ({min_stat}): {min_str}'

+

+
+

+

+gen_message()[source]

+

+
+

+

+get_all_statuses(code, is_maj)[source]

+

+
+

+
+

+

+exception GeneralError(minor_message: str, **kwargs: str)[source]

+
Bases: Exception

+
A General High-Level API Error

+

+

+MAJOR_MESSAGE = 'General error'

+

+
+

+

+FMT_STR = '{maj}: {min}.'

+

+
+

+
+

+

+exception UnknownUsageError(minor_message: str, **kwargs: str)[source]

+
Bases: GeneralError

+
An Error indicating an unknown usage type

+

+

+MAJOR_MESSAGE = 'Unable to determine {obj} usage'

+

+
+

+
+

+

+exception EncryptionNotUsed(minor_message: str, unwrapped_message: bytes | None = None, **kwargs: str)[source]

+
Bases: GeneralError

+
An Error indicating that encryption was requested, but not used

+

+

+MAJOR_MESSAGE = 'Confidentiality was requested, but not used'

+

+
+

+
+

+

+exception BadChannelBindingsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 262144

+

+
+

+
+

+

+exception BadMICError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 393216

+

+
+

+
+

+

+exception BadMechanismError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 65536

+

+
+

+
+

+

+exception BadNameError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 131072

+

+
+

+
+

+

+exception BadNameTypeError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 196608

+

+
+

+
+

+

+exception BadQoPError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 917504

+

+
+

+
+

+

+exception BadStatusError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 327680

+

+
+

+
+

+

+exception ContextReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, MissingContextError

+

+
+

+

+exception ContextWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterWriteError, MissingContextError

+

+
+

+

+exception CredentialsReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, MissingCredentialsError

+

+
+

+

+exception CredentialsWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterWriteError, MissingCredentialsError

+

+
+

+

+exception DuplicateCredentialsElementError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1114112

+

+
+

+
+

+

+exception DuplicateTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+

+SUPPLEMENTARY_CODE = 2

+

+
+

+
+

+

+exception ExpiredContextError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 786432

+

+
+

+
+

+

+exception ExpiredCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 720896

+

+
+

+
+

+

+exception ExpiredTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+

+SUPPLEMENTARY_CODE = 4

+

+
+

+
+

+

+exception InvalidCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 655360

+

+
+

+
+

+

+exception InvalidTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 589824

+

+
+

+
+

+

+exception MalformedParameterError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 50331648

+

+
+

+
+

+

+exception MechanismNameRequiredError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1179648

+

+
+

+
+

+

+exception MissingContextError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 524288

+

+
+

+
+

+

+exception MissingCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 458752

+

+
+

+
+

+

+exception NameReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, BadNameError

+

+
+

+

+exception NameTypeReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, BadNameTypeError

+

+
+

+

+exception OperationUnavailableError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1048576

+

+
+

+
+

+

+exception ParameterReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 16777216

+

+
+

+
+

+

+exception ParameterWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 33554432

+

+
+

+
+

+

+exception SupplementaryError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+
+

+

+exception TokenOutOfSequenceError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+
+

+

+exception TokenReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, InvalidTokenError

+

+
+

+

+exception TokenTooEarlyError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: TokenOutOfSequenceError

+

+

+SUPPLEMENTARY_CODE = 16

+

+
+

+
+

+

+exception TokenTooLateError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: TokenOutOfSequenceError

+

+

+SUPPLEMENTARY_CODE = 8

+

+
+

+
+

+

+exception UnauthorizedError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 983040

+

+
+

+
+

+

+
Utilities

+

+

+set_encoding(enc: str)  None[source]

+
Sets the current encoding used for strings

+
This value is used to encode and decode string
+values like names.

+

+
Parameters:

+
enc – the encoding to use

+

+

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/gssapi.raw.html b/latest/gssapi.raw.html
new file mode 100644
index 00000000..47ffaef3
--- /dev/null
+++ b/latest/gssapi.raw.html
@@ -0,0 +1,4501 @@
+
+
+
+
+
+  
+
+  
+  Low-Level API — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Low-Level API

+
The low-level API contains a variety of Python functions that map directly
+to the corresponding C functions.  Additionally, it contains several basic
+wrapper classes that wrap underlying C structs and automatically deallocate
+them when the Python object itself is deallocated.

+

+
Warning

+
All methods in both the high-level and low-level APIs may throw the generic
+GSSError exception.

+

+

+
Core RFC 2744

+

+
Names

+

+
Note

+
Some functions in the following section will refer to
+“mechanism names”.  These are not names of mechanisms.
+Instead, they are a special form of name specific to
+a given mechanism.

+

+

+

+class Name[source]

+
A GSSAPI Name

+

+
+

+

+import_name(name: bytes, name_type: gssapi.raw.oids.OID | None = None)  Name[source]

+
Convert a string and a name type into a GSSAPI name.

+
This method takes a string name and a name type and converts
+them into a GSSAPI Name.

+

+
Parameters:

+
    
+
  • name (Name) – the string version of the name
    • 
+
  • name_type (MechType) – the type of this name
    • 
+

+

+
Returns:

+
the GSSAPI version of the name

+

+
Return type:

+
Name

+

+
Raises:

+

+

+

+

+
+

+

+display_name(name: Name, name_type: bool = True)  gssapi.raw.named_tuples.DisplayNameResult[source]

+
Convert a GSSAPI name into its components.

+
This method converts a GSSAPI Name back into its
+text form.  If name_type is True, it also attempts to
+retrieve the NameType of the name (otherwise the
+returned name type will be None).

+

+
Parameters:

+
    
+
  • name (Name) – the name in question
    • 
+
  • name_type (MechType) – whether or not to retrieve the
+name type
    • 
+

+

+
Returns:

+
the text part of the name and its type

+

+
Return type:

+
DisplayNameResult

+

+
Raises:

+
BadNameError

+

+

+

+
+

+

+compare_name(name1: Name, name2: Name)  bool[source]

+
Check two GSSAPI names to see if they are the same.

+
This method compares two GSSAPI names, checking to
+see if they are equivalent.

+

+
Parameters:

+
    
+
  • name1 (Name) – the first name to compare
    • 
+
  • name2 (Name) – the second name to compare
    • 
+

+

+
Returns:

+
whether or not the names are equal

+

+
Return type:

+
bool

+

+
Raises:

+

+

+

+

+
+

+

+export_name(name: Name)  bytes[source]

+
Export a GSSAPI name.

+
This method “produces a canonical contigous string representation
+of a mechanism name, suitable for direct comparison for use in
+authorization functions”.

+
The input name must be a valid GSSAPI mechanism name, as generated by
+canonicalize_name() or
+accept_sec_context().

+

+
Parameters:

+
name (Name) – the name to export

+

+
Returns:

+
the exported name

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+canonicalize_name(name: Name, mech: gssapi.raw.oids.OID)  Name[source]

+
Canonicalize an arbitrary GSSAPI Name into a Mechanism Name

+
This method turns any GSSAPI name into a “mechanism name” –
+a full form name specific to a mechanism.

+

+
Parameters:

+
    
+
  • name (Name) – the name to canonicalize
    • 
+
  • mech (MechType) – the mechanism type to use to
+canonicalize the name
    • 
+

+

+
Returns:

+
a canonicalized version of the input name

+

+
Return type:

+
Name

+

+
Raises:

+

+

+

+

+
+

+

+duplicate_name(name: Name)  Name[source]

+
Duplicate a GSSAPI name.

+

+
Parameters:

+
name (Name) – the name to duplicate

+

+
Returns:

+
a duplicate of the input name

+

+
Return type:

+
Name

+

+
Raises:

+
BadNameError

+

+

+

+
+

+

+release_name(name: Name)  None[source]

+
Release a GSSAPI name.

+
This method frees a GSSAPI Name.
+You probably won’t have to do this.

+

+
Warning

+
This method is deprecated.  Names are
+automatically freed by Python.

+

+

+
Parameters:

+
name (Name) – the name in question

+

+
Raises:

+
BadNameError

+

+

+

+
+

+

+
Credentials

+

+

+class Creds[source]

+
GSSAPI Credentials

+

+
+

+

+acquire_cred(name: gssapi.raw.names.Name | None, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'both')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Get GSSAPI credentials for the given name and mechanisms.

+
This method gets GSSAPI credentials corresponding to the given name
+and mechanims.  The desired TTL and usage for the the credential may also
+be specified.

+

+
Parameters:

+
    
+
  • name (Name) – the name for which to acquire the
+credentials (or None for the “no name” functionality)
    • 
+
  • lifetime (int) – the lifetime in seconds for the credentials (or None
+for indefinite)
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work, or None for the default set
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+

+

+
Returns:

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not supported)

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+release_cred(creds: Creds)  None[source]

+
release_cred(creds)
+Release GSSAPI Credentials.

+
This method releases GSSAPI credentials.

+

+
Warning

+
This method is deprecated.  Credentials are
+automatically freed by Python.

+

+

+
Parameters:

+
creds (Creds) – the credentials in question

+

+
Raises:

+
MissingCredentialsError

+

+

+

+
+

+

+add_cred(input_cred: Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'initiate', init_lifetime: int | None = None, accept_lifetime: int | None = None, mutate_input: bool = False)  gssapi.raw.named_tuples.AddCredResult[source]

+
Add a credential element to a credential.

+
This method can be used to either compose two credentials (i.e., original
+and new credential), or to add a new element to an existing credential.

+

+
Parameters:

+
    
+
  • input_cred (Creds) – the set of credentials to which to add the new
+credentials
    • 
+
  • name (Name) – name of principal to acquire a
+credential for
    • 
+
  • mech (MechType) – the desired security mechanism
+(required).
    • 
+
  • usage (str) – usage type for credentials.  Possible values:
+‘initiate’ (default), ‘accept’, ‘both’ (failsafe).
    • 
+
  • init_lifetime (int) – lifetime of credentials for use in initiating
+security contexts in seconds (None for indefinite)
    • 
+
  • accept_lifetime (int) – lifetime of credentials for use in accepting
+security contexts in seconds (None for indefinite)
    • 
+
  • mutate_input (bool) – whether to mutate the input credentials (True)
+or produce a new set of credentials (False).  Defaults to False
    • 
+

+

+
Returns:

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL, and the actual acceptor TTL (None for
+either indefinite or not supported).  Note that the credentials may
+be set to None if mutate_input is set to True.

+

+
Return type:

+
AddCredResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_cred(creds: Creds, name: bool = True, lifetime: bool = True, usage: bool = True, mechs: bool = True)  gssapi.raw.named_tuples.InquireCredResult[source]

+
Inspect credentials for information.

+
This method inspects a Creds object for information.

+

+
Parameters:

+
    
+
  • creds (Creds) – the credentials to inspect
    • 
+
  • name (bool) – get the Name associated with the credentials
    • 
+
  • lifetime (bool) – get the TTL for the credentials
    • 
+
  • usage (bool) – get the usage type of the credentials
    • 
+
  • mechs (bool) – the mechanims used with the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with unused fields set to None

+

+
Return type:

+
InquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_cred_by_mech(creds: Creds, mech: gssapi.raw.oids.OID, name: bool = True, init_lifetime: bool = True, accept_lifetime: bool = True, usage: bool = True)  gssapi.raw.named_tuples.InquireCredByMechResult[source]

+
Inspect credentials for mechanism-specific information.

+
This method inspects a Creds object for information
+specific to a particular mechanism.  It functions similarly
+to inquire_cred().

+

+
Parameters:

+
    
+
  • creds (Creds) – the credentials to inspect
    • 
+
  • mech (OID) – the desired mechanism
    • 
+
  • name (bool) – get the Name associated with the credentials
    • 
+
  • init_lifetime (bool) – get the initiator TTL for the credentials (in
+seconds)
    • 
+
  • accept_lifetime (bool) – get the acceptor TTL for the credentials (in
+seconds)
    • 
+
  • usage (bool) – get the usage type of the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with unused fields set to None

+

+
Return type:

+
InquireCredByMechResult

+

+
Raises:

+

+

+

+

+
+

+

+
Security Contexts

+

+

+class SecurityContext[source]

+
A GSSAPI Security Context

+

+
+

+

+init_sec_context(name: gssapi.raw.names.Name, creds: gssapi.raw.creds.Creds | None = None, context: SecurityContext | None = None, mech: gssapi.raw.oids.OID | None = None, flags: int | gssapi.raw.types.RequirementFlag | Iterable[int] | Iterable[gssapi.raw.types.RequirementFlag] | None = None, lifetime: int | None = None, channel_bindings: gssapi.raw.chan_bindings.ChannelBindings | None = None, input_token: bytes | None = None)  gssapi.raw.named_tuples.InitSecContextResult[source]

+
Initiate a GSSAPI security context.

+
This method initiates a GSSAPI security context, targeting the given
+target name.  To create a basic context, just provide the target name.
+Further calls used to update the context should pass in the output context
+of the last call, as well as the input token received from the acceptor.

+

+
Warning

+
This changes the input context!

+

+

+
Parameters:

+
    
+
  • target_name (Name) – the target for the security
+context
    • 
+
  • creds (Creds) – the credentials to use to initiate the context,
+or None to use the default credentials
    • 
+
  • context (SecurityContext) – the security
+context to update, or None to create a new context
    • 
+
  • mech (MechType) – the mechanism type for this security
+context, or None for the default mechanism type
    • 
+
  • flags (list) – the flags to request for the security context, or
+None to use the default set: mutual_authentication and
+out_of_sequence_detection.  This may also be an
+IntEnumFlagSet
    • 
+
  • lifetime (int) – the request lifetime of the security context in seconds
+(a value of 0 or None means indefinite)
    • 
+
  • channel_bindings (ChannelBindings) – The channel bindings (or None for
+no channel bindings)
    • 
+
  • input_token (bytes) – the token to use to update the security context,
+or None if you are creating a new context
    • 
+

+

+
Returns:

+
the output security context, the actual mech
+type, the actual flags used, the output token to send to the acceptor,
+the actual lifetime of the context in seconds (or None if not supported
+or indefinite), and whether or not more calls are needed to finish the
+initiation.

+

+
Return type:

+
InitSecContextResult

+

+
Raises:

+

+

+

+

+
+

+

+accept_sec_context(input_token: bytes, acceptor_creds: gssapi.raw.creds.Creds | None = None, context: SecurityContext | None = None, channel_bindings: gssapi.raw.chan_bindings.ChannelBindings | None = None)  gssapi.raw.named_tuples.AcceptSecContextResult[source]

+
Accept a GSSAPI security context.

+
This method accepts a GSSAPI security context using a token sent by the
+initiator, using the given credentials.  It can either be used to accept a
+security context and create a new security context object, or to update an
+existing security context object.

+

+
Warning

+
This changes the input context!

+

+

+
Parameters:

+
    
+
  • input_token (bytes) – the token sent by the context initiator
    • 
+
  • acceptor_creds (Creds) – the credentials to be used to accept the
+context (or None to use the default credentials)
    • 
+
  • context (SecurityContext) – the security
+context to update (or None to create a new security context object)
    • 
+
  • channel_bindings (ChannelBindings) – The channel bindings (or None for
+no channel bindings)
    • 
+

+

+
Returns:

+
the resulting security context, the initiator
+name, the mechanism being used, the output token, the flags in use,
+the lifetime of the context in seconds (or None for indefinite or not
+supported), the delegated credentials (valid only if the
+delegate_to_peer flag is set), and whether or not further token
+exchanges are needed to finalize the security context.

+

+
Return type:

+
AcceptSecContextResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_context(context: SecurityContext, initiator_name: bool = True, target_name: bool = True, lifetime: bool = True, mech: bool = True, flags: bool = True, locally_init: bool = True, complete: bool = True)  gssapi.raw.named_tuples.InquireContextResult[source]

+
Get information about a security context.

+
This method obtains information about a security context, including
+the initiator and target names, as well as the TTL, mech,
+flags, and its current state (open vs closed).

+

+
Note

+
the target name may be None if it would have been GSS_C_NO_NAME

+

+

+
Parameters:

+
context (SecurityContext) – the context in
+question

+

+
Returns:

+
the initiator name, the target name, the TTL
+(can be None for indefinite or not supported), the mech type, the
+flags, whether or not the context was locally initiated,
+and whether or not the context is currently fully established

+

+
Return type:

+
InquireContextResult

+

+
Raises:

+
MissingContextError

+

+

+

+
+

+

+context_time(context: SecurityContext)  int[source]

+
Get the amount of time for which the given context will remain valid.

+
This method determines the amount of time for which the given
+security context will remain valid.  An expired context will
+give a result of 0.

+

+
Parameters:

+
context (SecurityContext) – the security
+context in question

+

+
Returns:

+
the number of seconds for which the context will be valid

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+process_context_token(context: SecurityContext, token: bytes)  None[source]

+
Process a token asynchronously.

+
This method provides a way to process a token, even if the
+given security context is not expecting one.  For example,
+if the initiator has the initSecContext return that the context
+is complete, but the acceptor is unable to accept the context,
+and wishes to send a token to the initiator, letting the
+initiator know of the error.

+

+
Warning

+
This method has been essentially deprecated by RFC 2744.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the security
+context against which to process the token
    • 
+
  • token (bytes) – the token to process
    • 
+

+

+
Raises:

+

+

+

+

+
+

+

+import_sec_context(token: bytes)  SecurityContext[source]

+
Import a context from another process.

+
This method imports a security context established in another process
+by reading the specified token which was output by
+export_sec_context().

+

+
Raises:

+

+

+

+

+
+

+

+export_sec_context(context: SecurityContext)  bytes[source]

+
Export a context for use in another process.

+
This method exports a security context, deactivating in the current process
+and creating a token which can then be imported into another process
+with import_sec_context().

+
Warning: this modifies the input context

+

+
Parameters:

+
context (SecurityContext) – the context to send
+to another process

+

+
Returns:

+
the output token to be imported

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+delete_sec_context(context: SecurityContext, local_only: bool = True)  bytes[source]

+
Delete a GSSAPI security context.

+
This method deletes a GSSAPI security context,
+returning an output token to send to the other
+holder of the security context to notify them
+of the deletion.

+

+
Note

+
This method generally should not be used.  SecurityContext
+objects will automatically be freed by Python.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the security
+context in question
    • 
+
  • local_only (bool) – should we request local deletion (True), or also
+remote deletion (False), in which case a token is also returned
    • 
+

+

+
Returns:

+

+
the output token (if remote deletion is requested).  Generally
this is None, but bytes for compatibility.

+

+

+

+

+
Return type:

+
bytes

+

+
Raises:

+
MissingContextError

+

+

+

+
+

+

+get_mic(context: gssapi.sec_contexts.SecurityContext, message: bytes, qop: int | None = None)  bytes[source]

+
Generate a MIC for a message.

+
This method generates a Message Integrity Check token for the
+given message.  This can be separately trasmitted to the other
+entity, unlike wrap, which bundles the MIC and the message
+together.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message for which to generate the MIC
    • 
+
  • qop (int) – the requested Quality of Protection
+(or None to use the default)
    • 
+

+

+
Returns:

+
the generated MIC token

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+verify_mic(context: gssapi.sec_contexts.SecurityContext, message: bytes, token: bytes)  int[source]

+
Verify that a MIC matches a message.

+
This method verifies that the given MIC matches the given message.
+If the MIC does not match the given message, an exception will
+be raised.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message in question
    • 
+
  • token (bytes) – the MIC token in question
    • 
+

+

+
Returns:

+
the QoP used.

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+wrap_size_limit(context: gssapi.sec_contexts.SecurityContext, output_size: int, confidential: bool = True, qop: int | None = None)  int[source]

+
Calculate the max message size.

+
This method calculates the unwrapped/unencrypted message size for
+the given maximum wrapped/encrypted message size.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • output_size (int) – the maximum desired wrapped/encrypted message size
    • 
+
  • confidential (bool) – whether or not confidentiality is being used
    • 
+
  • qop (int) – the QoP that will be when you actually call wrap
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
the maximum unencrypted/unwrapped message size

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+wrap(context: gssapi.sec_contexts.SecurityContext, message: bytes, confidential: bool = True, qop: int | None = None)  gssapi.raw.named_tuples.WrapResult[source]

+
Wrap/Encrypt a message.

+
This method wraps or encrypts a message (depending on the value
+of confidential) with the given Quality of Protection.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to wrap or encrypt
    • 
+
  • confidential (bool) – whether or not to encrypt the message (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+

+
the wrapped/encrypted message, and whether or not
encryption was actually used

+

+

+

+

+
Return type:

+
WrapResult

+

+
Raises:

+

+

+

+

+
+

+

+unwrap(context: gssapi.sec_contexts.SecurityContext, message: bytes)  gssapi.raw.named_tuples.UnwrapResult[source]

+
Unwrap/Decrypt a message.

+
This method unwraps or decrypts a message, depending
+on whether the sender used confidentiality.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to unwrap/decrypt
    • 
+

+

+
Returns:

+

+
the unwrapped/decrypted message, whether or on
encryption was used, and the QoP used

+

+

+

+

+
Return type:

+
UnwrapResult

+

+
Raises:

+

+

+

+

+
+

+

+
Misc

+

+

+class OID[source]

+
A GSSAPI OID

+
A new OID may be created by passing the elements argument
+to the constructor.  The elements argument should be a
+bytes consisting of the BER-encoded values in the OID.

+
To retrieve the underlying bytes, use the bytes
+function in Python 3.

+
This object is hashable, and may be compared using equality
+operators.

+

+

+classmethod from_int_seq(integer_sequence: str | Iterable[int])  OID[source]

+
Create a OID from a sequence of integers.

+
This method creates an OID from a sequence of integers.
+The sequence can either be in dotted form as a string,
+or in list form.

+
This method is not for BER-encoded byte strings, which
+can be passed directly to the OID constructor.

+

+
Parameters:

+
integer_sequence – either a list of integers or
+a string in dotted form

+

+
Returns:

+
the OID represented by the given integer sequence

+

+
Return type:

+
OID

+

+
Raises:

+
ValueError – the sequence is less than two elements long

+

+

+

+
+

+

+property dotted_form: str[source]

+

+
+

+
+

+

+class Name[source]

+
A GSSAPI Name

+

+
+

+

+class OID[source]

+
A GSSAPI OID

+
A new OID may be created by passing the elements argument
+to the constructor.  The elements argument should be a
+bytes consisting of the BER-encoded values in the OID.

+
To retrieve the underlying bytes, use the bytes
+function in Python 3.

+
This object is hashable, and may be compared using equality
+operators.

+

+

+classmethod from_int_seq(integer_sequence: str | Iterable[int])  OID[source]

+
Create a OID from a sequence of integers.

+
This method creates an OID from a sequence of integers.
+The sequence can either be in dotted form as a string,
+or in list form.

+
This method is not for BER-encoded byte strings, which
+can be passed directly to the OID constructor.

+

+
Parameters:

+
integer_sequence – either a list of integers or
+a string in dotted form

+

+
Returns:

+
the OID represented by the given integer sequence

+

+
Return type:

+
OID

+

+
Raises:

+
ValueError – the sequence is less than two elements long

+

+

+

+
+

+

+property dotted_form: str

+

+
+

+
+

+

+class MechType[source]

+
GSSAPI Mechanism Types

+
This enum-like object contains any mechanism OID
+values registered by imported mechanisms.

+

+

+kerberos: gssapi.raw.oids.OID

+

+
+

+
+

+

+indicate_mechs()  Set[gssapi.raw.oids.OID][source]

+
Get the currently supported mechanisms.

+
This method retrieves the currently supported GSSAPI mechanisms.
+Note that if unknown mechanims are found, those will be skipped.

+

+
+

+

+inquire_names_for_mech(mech: gssapi.raw.oids.OID)  Set[gssapi.raw.oids.OID][source]

+
inquire_names_for_mech(mech)
+Get the name types supported by a mechanism.

+
This method retrieves the different name types supported by
+the given mechanism.

+

+
Parameters:

+
mech (OID) – the mechanism in question

+

+
Returns:

+
the name type OIDs supported by the given mechanism

+

+
Return type:

+
list

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+inquire_mechs_for_name(name: gssapi.raw.names.Name)  Set[gssapi.raw.oids.OID][source]

+
inquire_mechs_for_name(name)
+List the mechanisms which can process a name.

+
This method lists the mechanisms which may be able to
+process the given name.

+

+
Parameters:

+
name (Name) – the name in question

+

+
Returns:

+
The mechanism OIDs able to process the given name

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+exception GSSError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+

+maj_code: int[source]

+

+
+

+

+min_code: int[source]

+

+
+

+

+token: bytes | None[source]

+

+
+

+

+calling_code: int[source]

+

+
+

+

+routine_code: int[source]

+

+
+

+

+supplementary_code: int[source]

+

+
+

+

+get_all_statuses(code: int, is_maj: bool)  List[str][source]

+
Retrieve all messages for a status code.

+
This method retrieves all human-readable messages
+available for the given status code.

+

+
Parameters:

+
    
+
  • code – the status code in question
    • 
+
  • is_maj – whether this is a major status code (True)
+or minor status code (False)
    • 
+

+

+
Returns:

+

+
A list of string messages associated with the
given code

+

+

+

+

+
Return type:

+
[str]

+

+

+

+
+

+

+gen_message()  str[source]

+
Retrieves all messages for this error’s status codes

+
This method retrieves all messages for this error’s status codes,
+and forms them into a string for use as an exception message

+

+
Returns:

+
a string for use as this error’s message

+

+
Return type:

+
str

+

+

+

+
+

+
+

+

+class NameType[source]

+
GSSAPI Name Types

+
This enum-like object represents GSSAPI name
+types (to be used with import_name(), etc)

+

+

+anonymous: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+export: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+hostbased_service: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+machine_uid: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+string_uid: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+user: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+composite_export: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+kerberos_principal: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+krb5_nt_principal_name: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+
+

+

+class RequirementFlag[source]

+
GSSAPI Requirement Flags

+
This IntEnum represents flags used with the
+SecurityContext-related methods (e.g.
+init_sec_context())

+
The numbers behind the values correspond directly
+to their C counterparts.

+

+

+delegate_to_peer = 1[source]

+

+
+

+

+mutual_authentication = 2[source]

+

+
+

+

+replay_detection = 4[source]

+

+
+

+

+out_of_sequence_detection = 8[source]

+

+
+

+

+confidentiality = 16[source]

+

+
+

+

+integrity = 32[source]

+

+
+

+

+anonymity = 64[source]

+

+
+

+

+protection_ready = 128[source]

+

+
+

+

+transferable = 256[source]

+

+
+

+

+channel_bound = 2048[source]

+

+
+

+

+dce_style = 4096[source]

+

+
+

+

+identify = 8192[source]

+

+
+

+

+extended_error = 16384[source]

+

+
+

+

+ok_as_delegate = 32768[source]

+

+
+

+
+

+

+class AddressType[source]

+
GSSAPI Channel Bindings Address Types

+
This IntEnum represents the various address
+types used with the ChannelBindings
+structure.

+
The numbers behind the values correspond directly
+to their C counterparts.  There is no value for
+GSS_C_AF_UNSPEC, since this is represented
+by None.

+

+

+local = 1[source]

+

+
+

+

+ip = 2[source]

+

+
+

+

+arpanet = 3[source]

+

+
+

+

+pup = 4[source]

+

+
+

+

+chaos = 5[source]

+

+
+

+

+xerox_ns = 6[source]

+

+
+

+

+nbs = 7[source]

+

+
+

+

+ecma = 8[source]

+

+
+

+

+datakit = 9[source]

+

+
+

+

+ccitt = 10[source]

+

+
+

+

+ibm_sna = 11[source]

+

+
+

+

+decnet = 12[source]

+

+
+

+

+dli = 13[source]

+

+
+

+

+lat = 14[source]

+

+
+

+

+hyperchannel = 15[source]

+

+
+

+

+appletalk = 16[source]

+

+
+

+

+bisync = 17[source]

+

+
+

+

+dss = 18[source]

+

+
+

+

+osi_tp4 = 19[source]

+

+
+

+

+x25 = 21[source]

+

+
+

+

+null = 255[source]

+

+
+

+
+

+

+class MechType[source]

+
GSSAPI Mechanism Types

+
This enum-like object contains any mechanism OID
+values registered by imported mechanisms.

+

+

+kerberos: gssapi.raw.oids.OID[source]

+

+
+

+
+

+

+class GenericFlagSet(flags: GenericFlagSet | numbers.Integral | int | None = None)[source]

+
A set backed by a 32-bit integer

+
This is a set backed by a 32 bit integer.
+the members are integers where only one
+bit is set.

+
The class supports normal set operations,
+as well as traditional “flag set” operations,
+such as bitwise AND, OR, and XOR.

+

+

+MAX_VAL: int[source]

+

+
+

+

+add(flag: int)  None[source]

+
Add an element.

+

+
+

+

+discard(flag: int)  None[source]

+
Remove an element.  Do not raise an exception if absent.

+

+
+

+
+

+

+class IntEnumFlagSet(enum: Type[enum.IntEnum], flags: GenericFlagSet | numbers.Integral | int | None = None)[source]

+
A set backed by a 32-bit integer with enum members

+
This class is a GenericFlagSet where the returned
+members are values in an IntEnum.

+
It functions exactly like a GenericFlagSet, except that
+it also supports bitwise operations with the enum values.

+

+
+

+

+class ChannelBindings(initiator_address_type: int | None = None, initiator_address: bytes | None = None, acceptor_address_type: int | None = None, acceptor_address: bytes | None = None, application_data: bytes | None = None)[source]

+
GSSAPI Channel Bindings

+
This class represents a set of GSSAPI channel bindings.

+

+
Parameters:

+
    
+
  • initiator_address_type – the initiator address type
    • 
+
  • initiator_address – the initiator address
    • 
+
  • acceptor_address_type – the acceptor address type
    • 
+
  • acceptor_address – the acceptor address
    • 
+
  • application_data – additional application-specific data
    • 
+

+

+

+

+

+initiator_address_type: int | None[source]

+

+
+

+

+initiator_address: bytes | None[source]

+

+
+

+

+acceptor_address_type: int | None[source]

+

+
+

+

+acceptor_address: bytes | None[source]

+

+
+

+

+application_data: bytes | None[source]

+

+
+

+
+

+

+

+
Additional RFCs and Extensions

+
The following is a list of GSSAPI extensions supported by the low-level API.

+

+
Note

+
While all of these extensions have bindings, they may not be supported
+by your particularly GSSAPI implementation.  In this case, they will not
+be compiled, and will simply not be available in the gssapi.raw
+namespace.

+

+

+
RFC 4178 (GSS-API Negotiation Mechanism)

+

+

+set_neg_mechs(cred_handle: gssapi.raw.creds.Creds, mech_set: Iterable[gssapi.raw.oids.OID])  None[source]

+
Specify the set of security mechanisms that may be negotiated with
+the credential identified by cred_handle.
+If more than one mechanism is specified in mech_set, the order in
+which those mechanisms are specified implies a relative preference.

+

+
Parameters:

+
    
+
  • cred_handle (Creds) – credentials to set negotiable mechanisms for
    • 
+
  • mech_set (MechType) – negotiable mechanisms to be set
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
RFC 5587 (GSS-API Extension for Mech Attributes)

+

+

+indicate_mechs_by_attrs(desired_mech_attrs: Iterable[gssapi.raw.oids.OID] | None = None, except_mech_attrs: Iterable[gssapi.raw.oids.OID] | None = None, critical_mech_attrs: Iterable[gssapi.raw.oids.OID] | None = None)  Set[gssapi.raw.oids.OID][source]

+
Get a set of mechanisms that have the specified attributes.

+

+
Parameters:

+
    
+
  • desired_mech_attrs (OID) – Attributes that the output mechs MUST
+offer
    • 
+
  • except_mech_attrs (OID) – Attributes that the output mechs MUST
+NOT offer
    • 
+
  • critical_mech_attrs (OID) – Attributes that the output mechs
+MUST understand and offer
    • 
+

+

+
Returns:

+
a set of mechs which satisfy the given criteria

+

+
Return type:

+
MechType

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+inquire_attrs_for_mech(mech: gssapi.raw.oids.OID)  gssapi.raw.named_tuples.InquireAttrsResult[source]

+
Gets the set of attrs supported and known by a mechanism.

+

+
Parameters:

+
mech (MechType) – Mechanism to inquire about

+

+
Returns:

+
the results of inquiry; a mech’s attributes and
+known attributes

+

+
Return type:

+
InquireAttrsResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+display_mech_attr(attr: gssapi.raw.oids.OID)  gssapi.raw.named_tuples.DisplayAttrResult[source]

+
Returns information about attributes in human readable form.

+

+
Parameters:

+
attr (OID) – Mechanism attribute to retrieve names and
+descriptions of

+

+
Returns:

+
the results of displaying the attribute; mech name,
+short description, and long description.

+

+
Return type:

+
DisplayAttrResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
RFC 5588 (GSS-API Extension for Storing Delegated Credentials)

+

+

+store_cred(creds: gssapi.raw.creds.Creds, usage: str = 'both', mech: gssapi.raw.oids.OID | None = None, overwrite: bool = False, set_default: bool = False)  gssapi.raw.named_tuples.StoreCredResult[source]

+
Store credentials into the default store.

+
This method stores the given credentials into the default store.
+They may then be retrieved later using
+acquire_cred().

+

+
Parameters:

+
    
+
  • creds (Creds) – the credentials to store
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the mechansim to associate with the stored
+credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns:

+
the results of the credential storing operation

+

+
Return type:

+
StoreCredResult

+

+
Raises:

+

+

+

+

+
+

+

+
RFC 5801 (GSS-API SASL Extensions)

+

+

+inquire_saslname_for_mech(mech: gssapi.raw.oids.OID)  gssapi.raw.named_tuples.InquireSASLNameResult[source]

+
Gets information about a specified mech, including the SASL name,
+the mech name, and the mech description.

+

+
Parameters:

+
mech (OID) – Mechanism to inquire about

+

+
Returns:

+
the results of inquiry; a mech’s SASL name,
+name, and description.

+

+
Return type:

+
InquireSASLNameResult

+

+
Raises:

+
GSSError – an unknown failure occurred

+

+

+

+
+

+

+inquire_mech_for_saslname(sasl_name: bytes)  gssapi.raw.oids.OID[source]

+
Gets the OID for the mech specified by SASL name.

+

+
Parameters:

+
sasl_name (bytes) – SASL name of the mechanism

+

+
Returns:

+
the mechanism with corresponding SASL name.

+

+
Return type:

+
OID

+

+
Raises:

+
GSSError – An unknown failure occurred

+

+

+

+
+

+

+
Credential Store Extensions

+
Credential Store Extension

+

+

+acquire_cred_from(dict_store: Dict[bytes | str, bytes | str] | None = None, name: gssapi.raw.names.Name | None = None, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'both')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials from the given store.

+
This method acquires credentials from the store specified by the
+given credential store information.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters:

+
    
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • name (Name) – the name associated with the
+credentials, or None for the default name
    • 
+
  • lifetime (int) – the desired lifetime of the credentials in seconds, or
+None for indefinite
    • 
+
  • mechs (list) – the desired mechanisms to be used with these
+credentials, or None for the default set
    • 
+
  • usage (str) – the usage for these credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+

+

+
Returns:

+
the acquired credentials and information about
+them

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+add_cred_from(dict_store: Dict[bytes | str, bytes | str] | None, input_creds: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'both', init_lifetime: int | None = None, accept_lifetime: int | None = None)  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials to add to the current set from the given store.

+
This method works like acquire_cred_from(), except that it
+adds the acquired credentials for a single mechanism to a copy of
+the current set, instead of creating a new set for multiple mechanisms.
+Unlike acquire_cred(), you cannot pass None for the
+desired name or mechanism.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters:

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • name (Name) – the name associated with the credentials
    • 
+
  • mech (OID) – the desired mechanism to be used with these
+credentials
    • 
+
  • usage (str) – the usage for these credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • init_lifetime (int) – the desired initiate lifetime of the credentials
+in seconds, or None for indefinite
    • 
+
  • accept_lifetime (int) – the desired accept lifetime of the credentials
+in seconds, or None for indefinite
    • 
+

+

+
Returns:

+
the new credentials set and information about
+it

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+store_cred_into(dict_store: Dict[bytes | str, bytes | str] | None, creds: gssapi.raw.creds.Creds, usage: str = 'both', mech: gssapi.raw.oids.OID | None = None, overwrite: bool = False, set_default: bool = False)  gssapi.raw.named_tuples.StoreCredResult[source]

+
Store credentials into the given store.

+
This method stores the given credentials into the store specified
+by the given store information.  They may then be retrieved later using
+acquire_cred_from() or add_cred_from().

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters:

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • creds (Creds) – the credentials to store
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the mechansim to associate with the stored
+credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns:

+
the results of the credential storing operation

+

+
Return type:

+
StoreCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
RFC 6680 (GSS-API Naming Extensions)

+

+

+display_name_ext(name: gssapi.raw.names.Name, name_type: gssapi.raw.oids.OID)  bytes[source]

+
Display the given Name using the given name type.

+
This method attempts to display the given Name using the syntax of
+the given name type.  If this is not possible, an appropriate error
+will be raised.

+

+
Parameters:

+
    
+
  • name (Name) – the name to display
    • 
+
  • name_type (OID) – the name type (see NameType) to use to
+display the given name
    • 
+

+

+
Returns:

+
the displayed name

+

+
Return type:

+
bytes

+

+
Raises:

+
OperationUnavailableError – the given name could not
+be displayed using the given name type

+

+

+

+
+

+

+inquire_name(name: gssapi.raw.names.Name, mech_name: bool = True, attrs: bool = True)  gssapi.raw.named_tuples.InquireNameResult[source]

+
Get information about a Name.

+
This method retrieves information about the given name, including
+the set of attribute names for the given name, as well as whether or
+not the name is a mechanism name.  Additionally, if the given name is
+a mechanism name, the associated mechansim is returned as well.

+

+
Parameters:

+
    
+
  • name (Name) – the name about which to inquire
    • 
+
  • mech_name (bool) – whether or not to retrieve if this name
+is a mech_name (and the associate mechanism)
    • 
+
  • attrs (bool) – whether or not to retrieve the attribute name list
    • 
+

+

+
Returns:

+
the set of attribute names for the given name,
+whether or not the name is a Mechanism Name, and potentially
+the associated mechanism if it is a Mechanism Name

+

+
Return type:

+
InquireNameResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+set_name_attribute(name: gssapi.raw.names.Name, attr: bytes, value: Iterable[bytes], complete: bool = False)  None[source]

+
Set the value(s) of a name attribute.

+
This method sets the value(s) of the given attribute on the given name.

+
Note that this functionality more closely matches the pseudo-API
+presented in RFC 6680, not the C API (which uses multiple calls to
+add multiple values).  However, multiple calls to this method will
+continue adding values, so delete_name_attribute() must be
+used in between calls to “clear” the values.

+

+
Parameters:

+
    
+
  • name (Name) – the Name on which to set the attribute
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+
  • value (list) – a list of bytes objects to use as the value(s)
    • 
+
  • complete (bool) – whether or not to mark this attribute’s value
+set as being “complete”
    • 
+

+

+
Raises:

+
OperationUnavailableError – the given attribute name
+is unknown or could not be set

+

+

+

+
+

+

+get_name_attribute(name: gssapi.raw.names.Name, attr: bytes, more: int | None = None)  gssapi.raw.named_tuples.GetNameAttributeResult[source]

+
Get the value(s) of a name attribute.

+
This method retrieves the value(s) of the given attribute
+for the given Name.

+
Note that this functionality matches pseudo-API presented
+in RFC 6680, not the C API (which uses a state variable and
+multiple calls to retrieve multiple values).

+

+
Parameters:

+
    
+
  • name (Name) – the Name from which to get the attribute
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+

+

+
Returns:

+
the raw version of the value(s),
+the human-readable version of the value(s), whether
+or not the attribute was authenticated, and whether or
+not the attribute’s value set was marked as complete

+

+
Return type:

+
GetNameAttributeResult

+

+
Raises:

+
OperationUnavailableError – the given attribute is
+unknown or unset

+

+

+

+
+

+

+delete_name_attribute(name: gssapi.raw.names.Name, attr: bytes)  None[source]

+
Remove an attribute from a name.

+
This method removes an attribute from a Name.  This method may be
+used before set_name_attribute() clear the values of an attribute
+before setting a new value (making the latter method work like a ‘set’
+operation instead of an ‘add’ operation).

+
Note that the removal of certain attributes may not be allowed.

+

+
Parameters:

+
    
+
  • name (Name) – the name to remove the attribute from
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+

+

+
Raises:

+

+

+

+

+
+

+

+export_name_composite(name: gssapi.raw.names.Name)  bytes[source]

+
Export a name, preserving attribute information.

+
This method functions similarly to export_name(),
+except that it preserves attribute information.  The resulting bytes may be
+imported using import_name() with the
+composite_export name type.

+

+
Note

+
Some versions of MIT Kerberos require you to either canonicalize a name
+once it has been imported with composite-export name type, or to import
+using the normal export name type.

+

+

+
Parameters:

+
name (Name) – the name to export

+

+
Returns:

+
the exported composite name

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Credentials Import-Export Extensions

+
Credentials Import/Export Extension

+

+

+export_cred(creds: gssapi.raw.creds.Creds)  bytes[source]

+
Export GSSAPI credentials.

+
This method exports GSSSAPI credentials into a token
+which may be transmitted between different processes.

+

+
Parameters:

+
creds (Creds) – the credentials object to be exported

+

+
Returns:

+
the exported token representing the given credentials object

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+import_cred(token: bytes)  gssapi.raw.creds.Creds[source]

+
Import GSSAPI credentials from a token.

+
This method imports a credentials object from a token
+previously exported by export_cred().

+

+
Parameters:

+
token (bytes) – the token to import

+

+
Returns:

+
the imported credentials object

+

+
Return type:

+
Creds

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
DCE (IOV/AEAD) Extensions

+

+

+wrap_aead(context: gssapi.raw.sec_contexts.SecurityContext, message: bytes, associated: bytes | None = None, confidential: bool = True, qop: int | None = None)  gssapi.raw.named_tuples.WrapResult[source]

+
Wrap/Encrypt an AEAD message.

+
This method takes an input message and associated data,
+and outputs and AEAD message.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to wrap or encrypt
    • 
+
  • associated (bytes) – associated data to go with the message
    • 
+
  • confidential (bool) – whether or not to encrypt the message (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
the wrapped/encrypted total message, and whether or not
+encryption was actually used

+

+
Return type:

+
WrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+unwrap_aead(context: gssapi.raw.sec_contexts.SecurityContext, message: bytes, associated: bytes | None = None)  gssapi.raw.named_tuples.UnwrapResult[source]

+
Unwrap/Decrypt an AEAD message.

+
This method takes an encrpyted/wrapped AEAD message and some associated
+data, and returns an unwrapped/decrypted message.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the AEAD message to unwrap or decrypt
    • 
+
  • associated (bytes) – associated data that goes with the message
    • 
+

+

+
Returns:

+
the unwrapped/decrypted message, whether or on
+encryption was used, and the QoP used

+

+
Return type:

+
UnwrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+class IOVBufferType[source]

+
IOV Buffer Types

+
This IntEnum represent GSSAPI IOV buffer
+types to be used with the IOV methods.

+
The numbers behind the values correspond directly
+to their C counterparts.

+

+

+empty = 0[source]

+

+
+

+

+data = 1[source]

+

+
+

+

+header = 2[source]

+

+
+

+

+mech_params = 3[source]

+

+
+

+

+trailer = 7[source]

+

+
+

+

+padding = 9[source]

+

+
+

+

+stream = 10[source]

+

+
+

+

+sign_only = 11[source]

+

+
+

+

+mic_token = 12[source]

+

+
+

+
+

+

+class IOVBuffer[source]

+

+

+type: IOVBufferType[source]

+

+
+

+

+allocate: bool | None[source]

+

+
+

+

+value: bytes | None[source]

+

+
+

+
+

+

+class IOV(*args: IOVBuffer | Tuple[IOVBufferType | int, bool | None, bytes | None] | Tuple[IOVBufferType | int, bool | bytes | None] | bytes | IOVBufferType | int, std_layout: bool = True, auto_alloc: bool = True)[source]

+
A GSSAPI IOV

+

+

+index(value: Any)  int[source]

+

+
+

+

+count(value: Any)  int[source]

+

+
+

+
+

+

+wrap_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV, confidential: bool = True, qop: int | None = None)  bool[source]

+
Wrap/Encrypt an IOV message.

+
This method wraps or encrypts an IOV message.  The allocate
+parameter of the IOVBuffer objects in the IOV
+indicates whether or not that particular buffer should be
+automatically allocated (for use with padding, header, and
+trailer buffers).

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+
  • confidential (bool) – whether or not to encrypt the miovessage (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
whether or not confidentiality was actually used

+

+
Return type:

+
bool

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+unwrap_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV)  gssapi.raw.named_tuples.IOVUnwrapResult[source]

+
Unwrap/Decrypt an IOV message.

+
This method uwraps or decrypts an IOV message.  The allocate
+parameter of the IOVBuffer objects in the IOV
+indicates whether or not that particular buffer should be
+automatically allocated (for use with padding, header, and
+trailer buffers).

+
As a special case, you may pass an entire IOV message
+as a single ‘stream’.  In this case, pass a buffer type
+of IOVBufferType.stream followed by a buffer type of
+IOVBufferType.data.  The former should contain the
+entire IOV message, while the latter should be empty.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+

+

+
Returns:

+
whether or not confidentiality was used,
+and the QoP used.

+

+
Return type:

+
IOVUnwrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+wrap_iov_length(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV, confidential: bool = True, qop: int | None = None)  gssapi.raw.named_tuples.WrapResult[source]

+
Appropriately size padding, trailer, and header IOV buffers.

+
This method sets the length values on the IOV buffers.  You
+should already have data provided for the data (and sign-only)
+buffer(s) so that padding lengths can be appropriately computed.

+
In Python terms, this will result in an appropriately sized
+bytes object consisting of all zeros.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+

+

+
Returns:

+
a list of :class:IOVBuffer` objects, and whether or not
+encryption was actually used

+

+
Return type:

+
WrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
IOV MIC Extensions

+

+

+get_mic_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: int | None = None)  None[source]

+
Generate MIC tokens for the given IOV message.

+
This method generates a MIC token for the given IOV message, and places it
+in the mic_token buffer in the
+IOV. This method operates entirely in-place, and returns nothing.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+get_mic_iov_length(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: int | None = None)  None[source]

+
Allocate space for the MIC buffer in the given IOV message.

+
This method allocates space for the MIC token buffer
+(mic_token) in the given IOV
+message.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+verify_mic_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: int | None = None)  int[source]

+
Verify that the MIC matches the data in the given IOV message.

+
This method verifies that the MIC token in the MIC buffer
+(mic_token) match the data
+buffer(s) in the given IOV method.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+

+

+
Returns:

+
the QoP used to generate the MIC token

+

+
Return type:

+
int

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Global Grid Forum (GGF) Extensions

+
GGF Extensions

+
GGF provides extended credential and security context inquiry that allows
+application to retrieve more information about the client’s credentials and
+security context. One common use case is to use
+inquire_sec_context_by_oid() to retrieve the “session” key that is
+required by the SMB protocol for signing and encrypting a message.

+
Draft IETF document for these extensions can be found at
+https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00

+

+

+inquire_cred_by_oid(cred_handle: gssapi.raw.creds.Creds, desired_aspect: gssapi.raw.oids.OID)  List[bytes][source]

+
This method inspects a Creds object for
+information specific to a particular desired aspect as an OID.

+

+
Parameters:

+
    
+
  • cred_handle (Creds) – the Credentials to query
    • 
+
  • desired_aspect (OID) – the desired aspect of the
+Credentials to inquire about.
    • 
+

+

+
Returns:

+
A list of zero or more pieces of data (as bytes objects)

+

+
Return type:

+
list

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+inquire_sec_context_by_oid(context: gssapi.raw.sec_contexts.SecurityContext, desired_aspect: gssapi.raw.oids.OID)  List[bytes][source]

+
This method inspects a SecurityContext
+object for information specific to a particular desired aspect as an OID.

+
This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
+retrieve the required key that is used to derive the SMB/SAMBA signing and
+encryption keys.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the Security
+Context to query
    • 
+
  • desired_aspect (OID) – the desired aspect of the
+Security Context to inquire about.
    • 
+

+

+
Returns:

+
A list of zero or more pieces of data (as bytes objects)

+

+
Return type:

+
list

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+set_sec_context_option(desired_aspect: gssapi.raw.oids.OID, context: gssapi.raw.sec_contexts.SecurityContext, value: bytes | None = None)  None[source]

+
This method is used to set a value for a specific OID of a
+SecurityContext object. The OID and value
+to pass in depends on the mech the SecurityContext backs.

+
An example of how this can be used would be to reset the NTLM crypto engine
+used in gss-ntlmssp. The OID that controls this value is
+‘1.3.6.1.4.1.7165.655.1.3’ and it takes it a byte value that represents
+an int32 where 1 resets the verifier handle and any other int resets the
+sender handle.

+

+
Parameters:

+
    
+
  • desired_aspect (OID) – the desired aspect of the
+Security Context to set the value for.
    • 
+
  • context (SecurityContext) – the Security
+Context to set, or None to create a new context.
    • 
+
  • value (bytes) – the value to set on the desired aspect of the Security
+Context or None to send GSS_C_EMPTY_BUFFER.
    • 
+

+

+
Returns:

+
The output security context.

+

+
Return type:

+
SecurityContext

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Services4User Extensions

+
Service4User Extension

+

+

+acquire_cred_impersonate_name(impersonator_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'initiate')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials by impersonating another name.

+
This method is one of the ways to use S4U2Self.  It acquires credentials
+by impersonating another name using a set of proxy credentials.  The
+impersonator credentials must have a usage of ‘both’ or ‘initiate’.

+

+
Parameters:

+
    
+
  • impersonator_cred (Creds) – the credentials with
+permissions to impersonate the target name
    • 
+
  • name (Name) – the name to impersonate
    • 
+
  • lifetime (int) – the lifetime for the credentials (or None for
+indefinite) in seconds
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work (or None for the default set)
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+

+

+
Returns:

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not support)

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+add_cred_impersonate_name(input_cred: gssapi.raw.creds.Creds, impersonator_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'initiate', init_lifetime: int | None = None, accept_lifetime: int | None = None)  gssapi.raw.named_tuples.AddCredResult[source]

+
Add a credentials element to a credential by impersonating another name.

+
This method is one of the ways to use S4U2Self.  It adds credentials
+to the input credentials by impersonating another name using a set of
+proxy credentials.  The impersonator credentials must have a usage of
+‘both’ or ‘initiate’.

+

+
Parameters:

+
    
+
  • input_cred (Creds) – the set of credentials to which
+to add the new credentials
    • 
+
  • impersonator_cred (Creds) – the credentials with
+permissions to impersonate the target name
    • 
+
  • name (Name) – the name to impersonate
    • 
+
  • mech (MechType) – the desired mechanism. Note that
+this is both
+singular and required, unlike acquireCredImpersonateName
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+
  • init_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to initiate security contexts (or None
+for indefinite)
    • 
+
  • accept_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to accept security contexts (or None
+for indefinite)
    • 
+

+

+
Returns:

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL in seconds, and the actual acceptor TTL
+in seconds (the TTLs may be None for indefinite or not supported)

+

+
Return type:

+
AddCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Acquiring Credentials With a Password Extensions

+

+

+acquire_cred_with_password(name: gssapi.raw.names.Name, password: bytes, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'initiate')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials through provided password.

+
This function is originally from Solaris and is not documented by either
+MIT or Heimdal.

+
In general, it functions similarly to
+acquire_cred().

+

+
Parameters:

+
    
+
  • name (Name) – the name to acquire credentials for
    • 
+
  • password (bytes) – the password used to acquire credentialss with
    • 
+
  • lifetime (int) – the lifetime for the credentials in seconds (or None
+for indefinite)
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work (or None for the default set)
    • 
+
  • usage (str) – usage type for credentials.  Possible values:
+‘initiate’ (default), ‘accept’, ‘both’ (failsafe).
    • 
+

+

+
Returns:

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not supported)

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+add_cred_with_password(input_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, password: bytes, usage: str = 'initiate', init_lifetime: int | None = None, accept_lifetime: int | None = None)  gssapi.raw.named_tuples.AddCredResult[source]

+
Add a credential-element to a credential using provided password.

+
This function is originally from Solaris and is not documented by either
+MIT or Heimdal.

+
In general, it functions similarly to add_cred().

+

+
Parameters:

+
    
+
  • input_cred (Creds) – the credentials to add to
    • 
+
  • name (Name) – the name to acquire credentials for
    • 
+
  • mech (MechType) – the desired mechanism.  Note that
+this is both singular and required
    • 
+
  • password (bytes) – the password used to acquire credentialss with
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+
  • init_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to initiate security contexts (or None
+for indefinite)
    • 
+
  • accept_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to accept security contexts (or None
+for indefinite)
    • 
+

+

+
Returns:

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL in seconds, and the actual acceptor TTL
+in seconds (the TTLs may be None for indefinite or not supported)

+

+
Return type:

+
AddCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Kerberos Specific Extensions

+

+

+class Krb5LucidContext[source]

+
The base container returned by krb5_export_lucid_sec_context() when
+an unknown version was requested.

+

+
+

+

+class Krb5LucidContextV1[source]

+
Kerberos context data returned by krb5_export_lucid_sec_context()
+when version 1 was requested.

+

+

+property version: int | None[source]

+
The structure version number

+

+
Returns:

+
the structure version number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property is_initiator: bool | None[source]

+
Whether the context was the initiator

+

+
Returns:

+
True when the exported context was the
+initiator

+

+
Return type:

+
Optional[bool]

+

+

+

+
+

+

+property endtime: int | None[source]

+
Expiration time of the context

+

+
Returns:

+
the expiration time of the context

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property send_seq: int | None[source]

+
Sender sequence number

+

+
Returns:

+
the sender sequence number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property recv_seq: int | None[source]

+
Receiver sequence number

+

+
Returns:

+
the receiver sequence number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property protocol: int | None[source]

+
The protocol number

+
If the protocol number is 0 then rfc1964_kd is set and
+cfx_kd is None. If the protocol number is 1 then the opposite
+is true.

+
Protocol 0 refers to RFC1964 and 1 refers to RFC4121.

+

+
Returns:

+
the protocol number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property rfc1964_kd: gssapi.raw.named_tuples.Rfc1964KeyData | None[source]

+
Keydata for protocol 0 (RFC1964)

+
This will be set when protocol is 0.

+

+
Returns:

+
the RFC1964 key data

+

+
Return type:

+
Optional[Rfc1964KeyData]

+

+

+

+
+

+

+property cfx_kd: gssapi.raw.named_tuples.CfxKeyData | None[source]

+
Key data for protocol 1 (RFC4121)

+
This will be set when protocol is 1.

+

+
Returns:

+
the RFC4121 key data

+

+
Return type:

+
Optional[CfxKeyData]

+

+

+

+
+

+
+

+

+krb5_ccache_name(name: bytes | None)  bytes[source]

+
Set the default Kerberos Protocol credentials cache name.

+
This method sets the default credentials cache name for use by he Kerberos
+mechanism. The default credentials cache is used by
+acquire_cred() to create a GSS-API credential. It
+is also used by init_sec_context() when
+GSS_C_NO_CREDENTIAL is specified.

+

+
Note

+
Heimdal does not return the old name when called. It also does not
+reset the ccache lookup behaviour when setting to None.

+

+

+
Note

+
The return value may not be thread safe.

+

+

+
Parameters:

+
name (Optional[bytes]) – the name to set as the new thread specific
+ccache name. Set to None to revert back to getting the ccache
+from the config/environment settings.

+

+
Returns:

+
the old name that was previously set

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_export_lucid_sec_context(context: gssapi.raw.sec_contexts.SecurityContext, version: int)  Krb5LucidContext[source]

+
Returns a non-opaque version of the internal context info.

+
Gets information about the Kerberos security context passed in. Currently
+only version 1 is known and supported by this library.

+

+
Note

+
The context handle must not be used again by the caller after this
+call.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • version (int) – the output structure version to export.  Currently
+only 1 is supported.
    • 
+

+

+
Returns:

+
the non-opaque version context info

+

+
Return type:

+
Krb5LucidContext

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_extract_authtime_from_sec_context(context: gssapi.raw.sec_contexts.SecurityContext)  int[source]

+
Get the auth time for the security context.

+
Gets the auth time for the established security context.

+

+
Note

+
Heimdal can only get the authtime on the acceptor security context.
+MIT is able to get the authtime on both initiators and acceptors.

+

+

+
Parameters:

+
context (SecurityContext) – the current
+security context

+

+
Returns:

+
the authtime

+

+
Return type:

+
int

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_extract_authz_data_from_sec_context(context: gssapi.raw.sec_contexts.SecurityContext, ad_type: int)  bytes[source]

+
Extracts Kerberos authorization data.

+
Extracts authorization data that may be stored within the context.

+

+
Note

+
Only operates on acceptor contexts.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • ad_type (int) – the type of data to extract
    • 
+

+

+
Returns:

+
the raw authz data from the sec context

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_import_cred(cred_handle: gssapi.raw.creds.Creds, cache: int | None = None, keytab_principal: int | None = None, keytab: int | None = None)  None[source]

+
Import Krb5 credentials into GSSAPI credential.

+
Imports the krb5 credentials (either or both of the keytab and cache) into
+the GSSAPI credential so it can be used within GSSAPI. The ccache is
+copied by reference and thus shared, so if the credential is destroyed,
+all users of cred_handle will fail.

+

+
Parameters:

+
    
+
  • cred_handle (Creds) – the credential handle to import into
    • 
+
  • cache (int) – the krb5_ccache address pointer, as an int, to import
+from
    • 
+
  • keytab_principal (int) – the krb5_principal address pointer, as an int,
+of the credential to import
    • 
+
  • keytab (int) – the krb5_keytab address pointer, as an int, of the
+keytab to import
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_get_tkt_flags(context: gssapi.raw.sec_contexts.SecurityContext)  int[source]

+
Return ticket flags for the kerberos ticket.

+
Return the ticket flags for the kerberos ticket received when
+authenticating the initiator.

+

+
Note

+
Heimdal can only get the tkt flags on the acceptor security context.
+MIT is able to get the tkt flags on initiators and acceptors.

+

+

+
Parameters:

+
context (SecurityContext) – the security
+context

+

+
Returns:

+
the ticket flags for the received kerberos ticket

+

+
Return type:

+
int

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_set_allowable_enctypes(cred_handle: gssapi.raw.creds.Creds, ktypes: Iterable[int])  None[source]

+
Limits the keys that can be exported.

+
Called by a context initiator after acquiring the creds but before calling
+init_sec_context() to restrict the set of
+enctypes which will be negotiated during context establisment to those in
+the provided list.

+

+
Warning

+
The cred_handle should not be GSS_C_NO_CREDENTIAL.

+

+

+
Parameters:

+
    
+
  • cred_hande (Creds) – the credential handle
    • 
+
  • ktypes (List[int]) – list of enctypes allowed
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Other Extensions

+
gss_set_cred_option

+
Provides a way to set options on a credential based on the OID specified. A
+common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
+credential. This is used for interoperability with Microsoft’s SSPI.

+
Note this function is commonly lumped with the GGF extensions but they are not
+part of the GGF IETF draft so it’s separated into it’s own file.

+
Closest draft IETF document for the gss_set_cred_option can be found at
+https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01

+

+

+set_cred_option(desired_aspect: gssapi.raw.oids.OID, creds: gssapi.raw.creds.Creds | None = None, value: bytes | None = None)  gssapi.raw.creds.Creds[source]

+
This method is used to set options of a Creds
+object based on an OID key. The options that can be set depends on the mech
+the credentials were created with.

+
An example of how this can be used would be to set the
+GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
+this flag is ‘1.2.752.43.13.29’ and it requires no value to be set. This
+must be set before the SecurityContext was initialised with the
+credentials.

+

+
Parameters:

+
    
+
  • desired_aspect (OID) – the desired aspect of the
+Credential to set.
    • 
+
  • cred_handle (Creds) – the Credentials to set, or None
+to create a new credential.
    • 
+
  • value (bytes) – the value to set on the desired aspect of the Credential
+or None to send GSS_C_EMPTY_BUFFER.
    • 
+

+

+
Returns:

+
The output credential.

+

+
Return type:

+
Creds

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+

+
Results

+

+

+class AcquireCredResult(creds: gssapi.raw.creds.Creds, mechs: Set[OID], lifetime: int)[source]

+
Credential result when acquiring a GSSAPI credential.

+
Create new instance of AcquireCredResult(creds, mechs, lifetime)

+

+

+creds: gssapi.raw.creds.Creds

+
GSSAPI credentials that were acquired

+

+
+

+

+mechs: Set[OID]

+
Set of mechs the cred is for

+

+
+

+

+lifetime: int

+
Number of seconds for which the cred will remain valid

+

+
+

+
+

+

+class InquireCredResult(name: gssapi.raw.names.Name | None, lifetime: int | None, usage: str | None, mechs: Set[OID] | None)[source]

+
Information about the credential.

+
Create new instance of InquireCredResult(name, lifetime, usage, mechs)

+

+

+name: gssapi.raw.names.Name | None

+
The principal associated with the credential

+

+
+

+

+lifetime: int | None

+
Number of seconds which the cred is valid for

+

+
+

+

+usage: str | None

+
How the credential can be used

+

+
+

+

+mechs: Set[OID] | None

+
Set of mechs the cred is for

+

+
+

+
+

+

+class InquireCredByMechResult(name: gssapi.raw.names.Name | None, init_lifetime: int | None, accept_lifetime: int | None, usage: str | None)[source]

+
Information about the credential for a specific mechanism.

+
Create new instance of InquireCredByMechResult(name, init_lifetime, accept_lifetime, usage)

+

+

+name: gssapi.raw.names.Name | None

+
The principal associated with the credential

+

+
+

+

+init_lifetime: int | None

+
Time valid for initiation, in seconds

+

+
+

+

+accept_lifetime: int | None

+
Time valid for accepting, in seconds

+

+
+

+

+usage: str | None

+
How the credential can be used

+

+
+

+
+

+

+class AddCredResult(creds: gssapi.raw.creds.Creds | None, mechs: Set[OID], init_lifetime: int, accept_lifetime: int)[source]

+
Result of adding to a GSSAPI credential.

+
Create new instance of AddCredResult(creds, mechs, init_lifetime, accept_lifetime)

+

+

+creds: gssapi.raw.creds.Creds | None

+
The credential that was generated

+

+
+

+

+mechs: Set[OID]

+
Set of mechs the cred is for

+

+
+

+

+init_lifetime: int

+
Time valid for initiation, in seconds

+

+
+

+

+accept_lifetime: int

+
Time valid for accepting, in seconds

+

+
+

+
+

+

+class DisplayNameResult(name: bytes, name_type: OID | None)[source]

+
Textual representation of a GSSAPI name.

+
Create new instance of DisplayNameResult(name, name_type)

+

+

+name: bytes

+
The representation of the GSSAPI name

+

+
+

+

+name_type: OID | None

+
The type of GSSAPI name

+

+
+

+
+

+

+class WrapResult(message: bytes, encrypted: bool)[source]

+
Wrapped message result.

+
Create new instance of WrapResult(message, encrypted)

+

+

+message: bytes

+
The wrapped message

+

+
+

+

+encrypted: bool

+
Whether the message is encrypted and not just signed

+

+
+

+
+

+

+class UnwrapResult(message: bytes, encrypted: bool, qop: int)[source]

+
Unwrapped message result.

+
Create new instance of UnwrapResult(message, encrypted, qop)

+

+

+message: bytes

+
The unwrapped message

+

+
+

+

+encrypted: bool

+
Whether the message was encrypted and not just signed

+

+
+

+

+qop: int

+
The quality of protection applied to the message

+

+
+

+
+

+

+class AcceptSecContextResult(context: gssapi.raw.sec_contexts.SecurityContext, initiator_name: gssapi.raw.names.Name, mech: OID, token: bytes | None, flags: RequirementFlag, lifetime: int, delegated_creds: gssapi.raw.creds.Creds | None, more_steps: bool)[source]

+
Result when accepting a security context by an initiator.

+
Create new instance of AcceptSecContextResult(context, initiator_name, mech, token, flags, lifetime, delegated_creds, more_steps)

+

+

+context: gssapi.raw.sec_contexts.SecurityContext

+
The acceptor security context

+

+
+

+

+initiator_name: gssapi.raw.names.Name

+
The authenticated name of the initiator

+

+
+

+

+mech: OID

+
Mechanism with which the context was established

+

+
+

+

+token: bytes | None

+
Token to be returned to the initiator

+

+
+

+

+flags: RequirementFlag

+
Services requested by the initiator

+

+
+

+

+lifetime: int

+
Seconds for which the context is valid for

+

+
+

+

+delegated_creds: gssapi.raw.creds.Creds | None

+
Delegated credentials

+

+
+

+

+more_steps: bool

+
More input is required to complete the exchange

+

+
+

+
+

+

+class InitSecContextResult(context: gssapi.raw.sec_contexts.SecurityContext, mech: OID, flags: RequirementFlag, token: bytes | None, lifetime: int, more_steps: bool)[source]

+
Result when initiating a security context

+
Create new instance of InitSecContextResult(context, mech, flags, token, lifetime, more_steps)

+

+

+context: gssapi.raw.sec_contexts.SecurityContext

+
The initiator security context

+

+
+

+

+mech: OID

+
Mechanism used in the security context

+

+
+

+

+flags: RequirementFlag

+
Services available for the context

+

+
+

+

+token: bytes | None

+
Token to be sent to the acceptor

+

+
+

+

+lifetime: int

+
Seconds for which the context is valid for

+

+
+

+

+more_steps: bool

+
More input is required to complete the exchange

+

+
+

+
+

+

+class InquireContextResult(initiator_name: gssapi.raw.names.Name | None, target_name: gssapi.raw.names.Name | None, lifetime: int | None, mech: OID | None, flags: RequirementFlag | None, locally_init: bool | None, complete: bool | None)[source]

+
Information about the security context.

+
Create new instance of InquireContextResult(initiator_name, target_name, lifetime, mech, flags, locally_init, complete)

+

+

+initiator_name: gssapi.raw.names.Name | None

+
Name of the initiator

+

+
+

+

+target_name: gssapi.raw.names.Name | None

+
Name of the acceptor

+

+
+

+

+lifetime: int | None

+
Time valid for the security context, in seconds

+

+
+

+

+mech: OID | None

+
Mech used to create the security context

+

+
+

+

+flags: RequirementFlag | None

+
Services available for the context

+

+
+

+

+locally_init: bool | None

+
Context was initiated locally

+

+
+

+

+complete: bool | None

+
Context has been established and ready to use

+

+
+

+
+

+

+class StoreCredResult(mechs: List[OID], usage: str)[source]

+
Result of the credential storing operation.

+
Create new instance of StoreCredResult(mechs, usage)

+

+

+mechs: List[OID]

+
Mechs that were stored in the credential store

+

+
+

+

+usage: str

+
How the credential can be used

+

+
+

+
+

+

+class IOVUnwrapResult(encrypted: bool, qop: int)[source]

+
Unwrapped IOV message result.

+
Create new instance of IOVUnwrapResult(encrypted, qop)

+

+

+encrypted: bool

+
Whether the message was encrypted and not just signed

+

+
+

+

+qop: int

+
The quality of protection applied to the message

+

+
+

+
+

+

+class InquireNameResult(attrs: List[bytes], is_mech_name: bool, mech: OID)[source]

+
Information about a GSSAPI Name.

+
Create new instance of InquireNameResult(attrs, is_mech_name, mech)

+

+

+attrs: List[bytes]

+
Set of attribute names

+

+
+

+

+is_mech_name: bool

+
Name is a mechanism name

+

+
+

+

+mech: OID

+
The mechanism if is_name_mech is True

+

+
+

+
+

+

+class GetNameAttributeResult(values: List[bytes], display_values: List[bytes], authenticated: bool, complete: bool)[source]

+
GSSAPI Name attribute values.

+
Create new instance of GetNameAttributeResult(values, display_values, authenticated, complete)

+

+

+values: List[bytes]

+
Raw values

+

+
+

+

+display_values: List[bytes]

+
Human-readable values

+

+
+

+

+authenticated: bool

+
Attribute has been authenticated

+

+
+

+

+complete: bool

+
Attribute value is marked as complete

+

+
+

+
+

+

+class InquireAttrsResult(mech_attrs: Set[OID], known_mech_attrs: Set[OID])[source]

+
Set of attributes supported and known by a mechanism.

+
Create new instance of InquireAttrsResult(mech_attrs, known_mech_attrs)

+

+

+mech_attrs: Set[OID]

+
The mechanisms attributes

+

+
+

+

+known_mech_attrs: Set[OID]

+
Known attributes of the mechanism

+

+
+

+
+

+

+class DisplayAttrResult(name: bytes, short_desc: bytes, long_desc: bytes)[source]

+
Information about an attribute.

+
Create new instance of DisplayAttrResult(name, short_desc, long_desc)

+

+

+name: bytes

+
The mechanism name

+

+
+

+

+short_desc: bytes

+
Short description of the mechanism

+

+
+

+

+long_desc: bytes

+
Long description of the mechanism

+

+
+

+
+

+

+class InquireSASLNameResult(sasl_mech_name: bytes, mech_name: bytes, mech_description: bytes)[source]

+
SASL informmation about a GSSAPI Name.

+
Create new instance of InquireSASLNameResult(sasl_mech_name, mech_name, mech_description)

+

+

+sasl_mech_name: bytes

+
The SASL name

+

+
+

+

+mech_name: bytes

+
The mechanism name

+

+
+

+

+mech_description: bytes

+
The mechanism description

+

+
+

+
+

+

+class Rfc1964KeyData(sign_alg: int, seal_alg: int, key_type: int, key: bytes)[source]

+
Security context key data based on RFC1964.

+
Create new instance of Rfc1964KeyData(sign_alg, seal_alg, key_type, key)

+

+

+sign_alg: int

+
Signing algorithm identifier

+

+
+

+

+seal_alg: int

+
Sealing algorithm identifier

+

+
+

+

+key_type: int

+
Key encryption type identifier

+

+
+

+

+key: bytes

+
Encryption key data

+

+
+

+
+

+

+class CfxKeyData(ctx_key_type: int, ctx_key: bytes, acceptor_subkey_type: int | None, acceptor_subkey: bytes | None)[source]

+
Securty context key data.

+
Create new instance of CfxKeyData(ctx_key_type, ctx_key, acceptor_subkey_type, acceptor_subkey)

+

+

+ctx_key_type: int

+
Context key encryption type identifier

+

+
+

+

+ctx_key: bytes

+
Context key data - session or sub-session key

+

+
+

+

+acceptor_subkey_type: int | None

+
Acceptor key enc type identifier

+

+
+

+

+acceptor_subkey: bytes | None

+
Acceptor key data

+

+
+

+
+

+

+
Exceptions

+

+

+exception GSSError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: Exception

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+

+maj_code: int

+

+
+

+

+min_code: int

+

+
+

+

+token: bytes | None

+

+
+

+

+calling_code: int

+

+
+

+

+routine_code: int

+

+
+

+

+supplementary_code: int

+

+
+

+

+get_all_statuses(code: int, is_maj: bool)  List[str][source]

+
Retrieve all messages for a status code.

+
This method retrieves all human-readable messages
+available for the given status code.

+

+
Parameters:

+
    
+
  • code – the status code in question
    • 
+
  • is_maj – whether this is a major status code (True)
+or minor status code (False)
    • 
+

+

+
Returns:

+

+
A list of string messages associated with the
given code

+

+

+

+

+
Return type:

+
[str]

+

+

+

+
+

+

+gen_message()  str[source]

+
Retrieves all messages for this error’s status codes

+
This method retrieves all messages for this error’s status codes,
+and forms them into a string for use as an exception message

+

+
Returns:

+
a string for use as this error’s message

+

+
Return type:

+
str

+

+

+

+
+

+
+

+

+exception ParameterReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ParameterWriteError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MalformedParameterError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadMechanismError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadNameError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadNameTypeError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadChannelBindingsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadStatusError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadMICError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MissingCredentialsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MissingContextError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception InvalidTokenError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception InvalidCredentialsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredCredentialsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredContextError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadQoPError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception UnauthorizedError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception OperationUnavailableError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception DuplicateCredentialsElementError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MechanismNameRequiredError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception NameReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, BadNameError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception NameTypeReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, BadNameTypeError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, InvalidTokenError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ContextReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, MissingContextError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception CredentialsReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, MissingCredentialsError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ContextWriteError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterWriteError, MissingContextError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception CredentialsWriteError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterWriteError, MissingCredentialsError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception SupplementaryError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception DuplicateTokenError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredTokenError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenOutOfSequenceError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenTooLateError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: TokenOutOfSequenceError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenTooEarlyError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: TokenOutOfSequenceError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/index.html b/latest/index.html
new file mode 100644
index 00000000..4c5c7b8d
--- /dev/null
+++ b/latest/index.html
@@ -0,0 +1,132 @@
+
+
+
+
+
+  
+
+  
+  Python-GSSAPI: Python bindings for GSSAPI — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Python-GSSAPI: Python bindings for GSSAPI

+
Python-GSSAPI provides Python bindings for the GSSAPI C bindings as defined
+by RFC 2744, as well as several extensions.

+
The package is organized into two parts: a high-level API and a low-level API.
+The high-level API resides in gssapi, and presents an object-oriented
+API around GSSAPI.

+
The other part of Python-GSSAPI is the low-level API, which resides in
+gssapi.raw.  The low-level API provides thin wrappers around the
+corresponding C functions.  The high-level API makes use of the low-level API
+to access underlying GSSAPI functionality.  Additionally certain extensions
+are currently only available from the low-level API.

+
To get started, check out the tutorials page or jump
+straight into the high-level API documentation.

+

+

+

+

+
Indices and tables

+
+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/objects.inv b/latest/objects.inv
new file mode 100644
index 00000000..b51dafd5
Binary files /dev/null and b/latest/objects.inv differ
diff --git a/latest/otherdoc.html b/latest/otherdoc.html
new file mode 100644
index 00000000..95c3432b
--- /dev/null
+++ b/latest/otherdoc.html
@@ -0,0 +1,123 @@
+
+
+
+
+
+  
+
+  
+  Other Documentation — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Other Documentation

+
This section contain documentation that is not expressed directly in functions
+documentation, like implementation specific quirks or issues, implementation
+tips, environment influence on operations and similar.

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/py-modindex.html b/latest/py-modindex.html
new file mode 100644
index 00000000..21aa6570
--- /dev/null
+++ b/latest/py-modindex.html
@@ -0,0 +1,273 @@
+
+
+
+
+
+  
+  
+  Python Module Index — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+ 
+
+
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Python Module Index
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+
+   
Python Module Index

+
+   

+   g
+   

+
+   
+     
+     
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+   
 

+       g

+       gssapi
+       
   
+       gssapi.creds
+       
   
+       gssapi.exceptions
+       
   
+       gssapi.names
+       
   
+       gssapi.raw
+       
   
+       gssapi.raw.chan_bindings
+       
   
+       gssapi.raw.creds
+       
   
+       gssapi.raw.exceptions
+       
   
+       gssapi.raw.ext_cred_imp_exp
+       
   
+       gssapi.raw.ext_cred_store
+       
   
+       gssapi.raw.ext_dce
+       
   
+       gssapi.raw.ext_ggf
+       
   
+       gssapi.raw.ext_iov_mic
+       
   
+       gssapi.raw.ext_krb5
+       
   
+       gssapi.raw.ext_password
+       
   
+       gssapi.raw.ext_password_add
+       
   
+       gssapi.raw.ext_rfc4178
+       
   
+       gssapi.raw.ext_rfc5587
+       
   
+       gssapi.raw.ext_rfc5588
+       
   
+       gssapi.raw.ext_rfc5801
+       
   
+       gssapi.raw.ext_rfc6680
+       
   
+       gssapi.raw.ext_s4u
+       
   
+       gssapi.raw.ext_set_cred_opt
+       
   
+       gssapi.raw.message
+       
   
+       gssapi.raw.misc
+       
   
+       gssapi.raw.named_tuples
+       
   
+       gssapi.raw.names
+       
   
+       gssapi.raw.oids
+       
   
+       gssapi.raw.sec_contexts
+       
   
+       gssapi.raw.types
+       
   
+       gssapi.sec_contexts
+       

+
+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/latest/search.html b/latest/search.html
new file mode 100644
index 00000000..0a85d528
--- /dev/null
+++ b/latest/search.html
@@ -0,0 +1,123 @@
+
+
+
+
+
+  
+  
+  Search — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+    
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Search
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+  
+
+  
+  

+  
+  

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+  
+  
+  
+  
+   
+
+
+
+
\ No newline at end of file
diff --git a/latest/searchindex.js b/latest/searchindex.js
new file mode 100644
index 00000000..d6bb86eb
--- /dev/null
+++ b/latest/searchindex.js
@@ -0,0 +1 @@
+Search.setIndex({"alltitles":{"A Basic Introduction to GSSAPI":[[0,null]],"Acquiring Credentials With a Password Extensions":[[3,"module-gssapi.raw.ext_password"]],"Additional RFCs and Extensions":[[3,"additional-rfcs-and-extensions"]],"Common Values for Credentials Store Extensions":[[1,null]],"Core RFC 2744":[[3,"core-rfc-2744"]],"Credential Store Extensions":[[3,"module-gssapi.raw.ext_cred_store"]],"Credentials":[[2,"module-gssapi.creds"],[3,"module-gssapi.raw.creds"]],"Credentials Import-Export Extensions":[[3,"module-gssapi.raw.ext_cred_imp_exp"]],"DCE (IOV/AEAD) Extensions":[[3,"module-gssapi.raw.ext_dce"]],"Enums and Helper Classes":[[2,"enums-and-helper-classes"]],"Exceptions":[[2,"exceptions"],[3,"module-gssapi.raw.exceptions"]],"Global Grid Forum (GGF) Extensions":[[3,"module-gssapi.raw.ext_ggf"]],"High-Level API":[[2,null]],"IOV MIC Extensions":[[3,"module-gssapi.raw.ext_iov_mic"]],"Indices and tables":[[4,"indices-and-tables"]],"Kerberos Specific Extensions":[[3,"module-gssapi.raw.ext_krb5"]],"Low-Level API":[[3,null]],"Main Classes":[[2,"main-classes"]],"Misc":[[3,"module-gssapi.raw.oids"]],"Names":[[2,"module-gssapi.names"],[3,"names"]],"Names and Credentials":[[0,"names-and-credentials"]],"Other Documentation":[[5,null]],"Other Extensions":[[3,"module-gssapi.raw.ext_set_cred_opt"]],"Python-GSSAPI: Python bindings for GSSAPI":[[4,null]],"RFC 4178 (GSS-API Negotiation Mechanism)":[[3,"module-gssapi.raw.ext_rfc4178"]],"RFC 5587 (GSS-API Extension for Mech Attributes)":[[3,"module-gssapi.raw.ext_rfc5587"]],"RFC 5588 (GSS-API Extension for Storing Delegated Credentials)":[[3,"module-gssapi.raw.ext_rfc5588"]],"RFC 5801 (GSS-API SASL Extensions)":[[3,"module-gssapi.raw.ext_rfc5801"]],"RFC 6680 (GSS-API Naming Extensions)":[[3,"module-gssapi.raw.ext_rfc6680"]],"Results":[[3,"results"]],"Security Contexts":[[0,"security-contexts"],[2,"module-gssapi.sec_contexts"],[3,"module-gssapi.raw.sec_contexts"]],"Services4User Extensions":[[3,"module-gssapi.raw.ext_s4u"]],"The krb5 mechanism in Heimdal":[[1,"the-krb5-mechanism-in-heimdal"]],"The krb5 mechanism in MIT libraries":[[1,"the-krb5-mechanism-in-mit-libraries"]],"Tutorials":[[6,null]],"Utilities":[[2,"utilities"]],"ccache":[[1,"ccache"]],"client_keytab":[[1,"client-keytab"]],"keytab":[[1,"keytab"]],"rcache":[[1,"rcache"]]},"docnames":["basic-tutorial","credstore","gssapi","gssapi.raw","index","otherdoc","tutorials"],"envversion":{"sphinx":65,"sphinx.domains.c":3,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":9,"sphinx.domains.index":1,"sphinx.domains.javascript":3,"sphinx.domains.math":2,"sphinx.domains.python":4,"sphinx.domains.rst":2,"sphinx.domains.std":2,"sphinx.ext.intersphinx":1,"sphinx.ext.viewcode":1},"filenames":["basic-tutorial.md","credstore.rst","gssapi.rst","gssapi.raw.rst","index.rst","otherdoc.rst","tutorials.rst"],"indexentries":{"accept_lifetime (addcredresult attribute)":[[3,"gssapi.raw.named_tuples.AddCredResult.accept_lifetime",false]],"accept_lifetime (inquirecredbymechresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredByMechResult.accept_lifetime",false]],"accept_sec_context() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.accept_sec_context",false]],"acceptor_address (channelbindings attribute)":[[3,"gssapi.raw.chan_bindings.ChannelBindings.acceptor_address",false]],"acceptor_address_type (channelbindings attribute)":[[3,"gssapi.raw.chan_bindings.ChannelBindings.acceptor_address_type",false]],"acceptor_subkey (cfxkeydata attribute)":[[3,"gssapi.raw.named_tuples.CfxKeyData.acceptor_subkey",false]],"acceptor_subkey_type (cfxkeydata attribute)":[[3,"gssapi.raw.named_tuples.CfxKeyData.acceptor_subkey_type",false]],"acceptseccontextresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult",false]],"acquire() (credentials class method)":[[2,"gssapi.creds.Credentials.acquire",false]],"acquire_cred() (in module gssapi.raw.creds)":[[3,"gssapi.raw.creds.acquire_cred",false]],"acquire_cred_from() (in module gssapi.raw.ext_cred_store)":[[3,"gssapi.raw.ext_cred_store.acquire_cred_from",false]],"acquire_cred_impersonate_name() (in module gssapi.raw.ext_s4u)":[[3,"gssapi.raw.ext_s4u.acquire_cred_impersonate_name",false]],"acquire_cred_with_password() (in module gssapi.raw.ext_password)":[[3,"gssapi.raw.ext_password.acquire_cred_with_password",false]],"acquirecredresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.AcquireCredResult",false]],"actual_flags (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.actual_flags",false]],"add() (credentials method)":[[2,"gssapi.creds.Credentials.add",false]],"add() (genericflagset method)":[[3,"gssapi.raw.types.GenericFlagSet.add",false]],"add_cred() (in module gssapi.raw.creds)":[[3,"gssapi.raw.creds.add_cred",false]],"add_cred_from() (in module gssapi.raw.ext_cred_store)":[[3,"gssapi.raw.ext_cred_store.add_cred_from",false]],"add_cred_impersonate_name() (in module gssapi.raw.ext_s4u)":[[3,"gssapi.raw.ext_s4u.add_cred_impersonate_name",false]],"add_cred_with_password() (in module gssapi.raw.ext_password_add)":[[3,"gssapi.raw.ext_password_add.add_cred_with_password",false]],"addcredresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.AddCredResult",false]],"addresstype (class in gssapi)":[[2,"gssapi.AddressType",false]],"addresstype (class in gssapi.raw.types)":[[3,"gssapi.raw.types.AddressType",false]],"allocate (iovbuffer attribute)":[[3,"gssapi.raw.ext_dce.IOVBuffer.allocate",false]],"anonymity (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.anonymity",false]],"anonymous (nametype attribute)":[[2,"gssapi.NameType.anonymous",false],[3,"gssapi.raw.types.NameType.anonymous",false]],"appletalk (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.appletalk",false]],"application_data (channelbindings attribute)":[[3,"gssapi.raw.chan_bindings.ChannelBindings.application_data",false]],"arpanet (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.arpanet",false]],"attributes (name property)":[[2,"gssapi.names.Name.attributes",false]],"attrs (inquirenameresult attribute)":[[3,"gssapi.raw.named_tuples.InquireNameResult.attrs",false]],"authenticated (getnameattributeresult attribute)":[[3,"gssapi.raw.named_tuples.GetNameAttributeResult.authenticated",false]],"badchannelbindingserror":[[2,"gssapi.exceptions.BadChannelBindingsError",false],[3,"gssapi.raw.exceptions.BadChannelBindingsError",false]],"badmechanismerror":[[2,"gssapi.exceptions.BadMechanismError",false],[3,"gssapi.raw.exceptions.BadMechanismError",false]],"badmicerror":[[2,"gssapi.exceptions.BadMICError",false],[3,"gssapi.raw.exceptions.BadMICError",false]],"badnameerror":[[2,"gssapi.exceptions.BadNameError",false],[3,"gssapi.raw.exceptions.BadNameError",false]],"badnametypeerror":[[2,"gssapi.exceptions.BadNameTypeError",false],[3,"gssapi.raw.exceptions.BadNameTypeError",false]],"badqoperror":[[2,"gssapi.exceptions.BadQoPError",false],[3,"gssapi.raw.exceptions.BadQoPError",false]],"badstatuserror":[[2,"gssapi.exceptions.BadStatusError",false],[3,"gssapi.raw.exceptions.BadStatusError",false]],"bisync (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.bisync",false]],"calling_code (gsserror attribute)":[[3,"gssapi.raw.exceptions.GSSError.calling_code",false],[3,"gssapi.raw.misc.GSSError.calling_code",false]],"calling_code (malformedparametererror attribute)":[[2,"gssapi.exceptions.MalformedParameterError.CALLING_CODE",false]],"calling_code (parameterreaderror attribute)":[[2,"gssapi.exceptions.ParameterReadError.CALLING_CODE",false]],"calling_code (parameterwriteerror attribute)":[[2,"gssapi.exceptions.ParameterWriteError.CALLING_CODE",false]],"canonicalize() (name method)":[[2,"gssapi.names.Name.canonicalize",false]],"canonicalize_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.canonicalize_name",false]],"ccitt (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.ccitt",false]],"cfx_kd (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.cfx_kd",false]],"cfxkeydata (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.CfxKeyData",false]],"channel_bound (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.channel_bound",false]],"channelbindings (class in gssapi.raw.chan_bindings)":[[3,"gssapi.raw.chan_bindings.ChannelBindings",false]],"chaos (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.chaos",false]],"compare_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.compare_name",false]],"complete (getnameattributeresult attribute)":[[3,"gssapi.raw.named_tuples.GetNameAttributeResult.complete",false]],"complete (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.complete",false]],"complete (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.complete",false]],"composite_export (nametype attribute)":[[2,"gssapi.NameType.composite_export",false],[3,"gssapi.raw.types.NameType.composite_export",false]],"confidentiality (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.confidentiality",false]],"context (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.context",false]],"context (initseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.InitSecContextResult.context",false]],"context_time() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.context_time",false]],"contextreaderror":[[2,"gssapi.exceptions.ContextReadError",false],[3,"gssapi.raw.exceptions.ContextReadError",false]],"contextwriteerror":[[2,"gssapi.exceptions.ContextWriteError",false],[3,"gssapi.raw.exceptions.ContextWriteError",false]],"count() (iov method)":[[3,"gssapi.raw.ext_dce.IOV.count",false]],"credentials (class in gssapi.creds)":[[2,"gssapi.creds.Credentials",false]],"credentialsreaderror":[[2,"gssapi.exceptions.CredentialsReadError",false],[3,"gssapi.raw.exceptions.CredentialsReadError",false]],"credentialswriteerror":[[2,"gssapi.exceptions.CredentialsWriteError",false],[3,"gssapi.raw.exceptions.CredentialsWriteError",false]],"creds (acquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.AcquireCredResult.creds",false]],"creds (addcredresult attribute)":[[3,"gssapi.raw.named_tuples.AddCredResult.creds",false]],"creds (class in gssapi.raw.creds)":[[3,"gssapi.raw.creds.Creds",false]],"ctx_key (cfxkeydata attribute)":[[3,"gssapi.raw.named_tuples.CfxKeyData.ctx_key",false]],"ctx_key_type (cfxkeydata attribute)":[[3,"gssapi.raw.named_tuples.CfxKeyData.ctx_key_type",false]],"data (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.data",false]],"datakit (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.datakit",false]],"dce_style (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.dce_style",false]],"decnet (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.decnet",false]],"decrypt() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.decrypt",false]],"delegate_to_peer (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.delegate_to_peer",false]],"delegated_creds (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.delegated_creds",false]],"delegated_creds (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.delegated_creds",false]],"delete_name_attribute() (in module gssapi.raw.ext_rfc6680)":[[3,"gssapi.raw.ext_rfc6680.delete_name_attribute",false]],"delete_sec_context() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.delete_sec_context",false]],"discard() (genericflagset method)":[[3,"gssapi.raw.types.GenericFlagSet.discard",false]],"display_as() (name method)":[[2,"gssapi.names.Name.display_as",false]],"display_mech_attr() (in module gssapi.raw.ext_rfc5587)":[[3,"gssapi.raw.ext_rfc5587.display_mech_attr",false]],"display_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.display_name",false]],"display_name_ext() (in module gssapi.raw.ext_rfc6680)":[[3,"gssapi.raw.ext_rfc6680.display_name_ext",false]],"display_values (getnameattributeresult attribute)":[[3,"gssapi.raw.named_tuples.GetNameAttributeResult.display_values",false]],"displayattrresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.DisplayAttrResult",false]],"displaynameresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.DisplayNameResult",false]],"dli (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.dli",false]],"dotted_form (oid property)":[[3,"gssapi.raw.misc.OID.dotted_form",false],[3,"gssapi.raw.oids.OID.dotted_form",false]],"dss (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.dss",false]],"duplicate_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.duplicate_name",false]],"duplicatecredentialselementerror":[[2,"gssapi.exceptions.DuplicateCredentialsElementError",false],[3,"gssapi.raw.exceptions.DuplicateCredentialsElementError",false]],"duplicatetokenerror":[[2,"gssapi.exceptions.DuplicateTokenError",false],[3,"gssapi.raw.exceptions.DuplicateTokenError",false]],"ecma (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.ecma",false]],"empty (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.empty",false]],"encrypt() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.encrypt",false]],"encrypted (iovunwrapresult attribute)":[[3,"gssapi.raw.named_tuples.IOVUnwrapResult.encrypted",false]],"encrypted (unwrapresult attribute)":[[3,"gssapi.raw.named_tuples.UnwrapResult.encrypted",false]],"encrypted (wrapresult attribute)":[[3,"gssapi.raw.named_tuples.WrapResult.encrypted",false]],"encryptionnotused":[[2,"gssapi.exceptions.EncryptionNotUsed",false]],"endtime (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.endtime",false]],"expiredcontexterror":[[2,"gssapi.exceptions.ExpiredContextError",false],[3,"gssapi.raw.exceptions.ExpiredContextError",false]],"expiredcredentialserror":[[2,"gssapi.exceptions.ExpiredCredentialsError",false],[3,"gssapi.raw.exceptions.ExpiredCredentialsError",false]],"expiredtokenerror":[[2,"gssapi.exceptions.ExpiredTokenError",false],[3,"gssapi.raw.exceptions.ExpiredTokenError",false]],"export (nametype attribute)":[[2,"gssapi.NameType.export",false],[3,"gssapi.raw.types.NameType.export",false]],"export() (credentials method)":[[2,"gssapi.creds.Credentials.export",false]],"export() (name method)":[[2,"gssapi.names.Name.export",false]],"export() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.export",false]],"export_cred() (in module gssapi.raw.ext_cred_imp_exp)":[[3,"gssapi.raw.ext_cred_imp_exp.export_cred",false]],"export_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.export_name",false]],"export_name_composite() (in module gssapi.raw.ext_rfc6680)":[[3,"gssapi.raw.ext_rfc6680.export_name_composite",false]],"export_sec_context() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.export_sec_context",false]],"extended_error (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.extended_error",false]],"flags (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.flags",false]],"flags (initseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.InitSecContextResult.flags",false]],"flags (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.flags",false]],"fmt_str (generalerror attribute)":[[2,"gssapi.exceptions.GeneralError.FMT_STR",false]],"from_int_seq() (oid class method)":[[3,"gssapi.raw.misc.OID.from_int_seq",false],[3,"gssapi.raw.oids.OID.from_int_seq",false]],"gen_message() (gsserror method)":[[2,"gssapi.exceptions.GSSError.gen_message",false],[3,"gssapi.raw.exceptions.GSSError.gen_message",false],[3,"gssapi.raw.misc.GSSError.gen_message",false]],"generalerror":[[2,"gssapi.exceptions.GeneralError",false]],"genericflagset (class in gssapi.raw.types)":[[3,"gssapi.raw.types.GenericFlagSet",false]],"get_all_statuses() (gsserror method)":[[2,"gssapi.exceptions.GSSError.get_all_statuses",false],[3,"gssapi.raw.exceptions.GSSError.get_all_statuses",false],[3,"gssapi.raw.misc.GSSError.get_all_statuses",false]],"get_mic() (in module gssapi.raw.message)":[[3,"gssapi.raw.message.get_mic",false]],"get_mic_iov() (in module gssapi.raw.ext_iov_mic)":[[3,"gssapi.raw.ext_iov_mic.get_mic_iov",false]],"get_mic_iov_length() (in module gssapi.raw.ext_iov_mic)":[[3,"gssapi.raw.ext_iov_mic.get_mic_iov_length",false]],"get_name_attribute() (in module gssapi.raw.ext_rfc6680)":[[3,"gssapi.raw.ext_rfc6680.get_name_attribute",false]],"get_signature() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.get_signature",false]],"get_wrap_size_limit() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.get_wrap_size_limit",false]],"getnameattributeresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.GetNameAttributeResult",false]],"gssapi":[[2,"module-gssapi",false]],"gssapi.creds":[[2,"module-gssapi.creds",false]],"gssapi.exceptions":[[2,"module-gssapi.exceptions",false]],"gssapi.names":[[2,"module-gssapi.names",false]],"gssapi.raw":[[3,"module-gssapi.raw",false]],"gssapi.raw.chan_bindings":[[3,"module-gssapi.raw.chan_bindings",false]],"gssapi.raw.creds":[[3,"module-gssapi.raw.creds",false]],"gssapi.raw.exceptions":[[3,"module-gssapi.raw.exceptions",false]],"gssapi.raw.ext_cred_imp_exp":[[3,"module-gssapi.raw.ext_cred_imp_exp",false]],"gssapi.raw.ext_cred_store":[[3,"module-gssapi.raw.ext_cred_store",false]],"gssapi.raw.ext_dce":[[3,"module-gssapi.raw.ext_dce",false]],"gssapi.raw.ext_ggf":[[3,"module-gssapi.raw.ext_ggf",false]],"gssapi.raw.ext_iov_mic":[[3,"module-gssapi.raw.ext_iov_mic",false]],"gssapi.raw.ext_krb5":[[3,"module-gssapi.raw.ext_krb5",false]],"gssapi.raw.ext_password":[[3,"module-gssapi.raw.ext_password",false]],"gssapi.raw.ext_password_add":[[3,"module-gssapi.raw.ext_password_add",false]],"gssapi.raw.ext_rfc4178":[[3,"module-gssapi.raw.ext_rfc4178",false]],"gssapi.raw.ext_rfc5587":[[3,"module-gssapi.raw.ext_rfc5587",false]],"gssapi.raw.ext_rfc5588":[[3,"module-gssapi.raw.ext_rfc5588",false]],"gssapi.raw.ext_rfc5801":[[3,"module-gssapi.raw.ext_rfc5801",false]],"gssapi.raw.ext_rfc6680":[[3,"module-gssapi.raw.ext_rfc6680",false]],"gssapi.raw.ext_s4u":[[3,"module-gssapi.raw.ext_s4u",false]],"gssapi.raw.ext_set_cred_opt":[[3,"module-gssapi.raw.ext_set_cred_opt",false]],"gssapi.raw.message":[[3,"module-gssapi.raw.message",false]],"gssapi.raw.misc":[[3,"module-gssapi.raw.misc",false]],"gssapi.raw.named_tuples":[[3,"module-gssapi.raw.named_tuples",false]],"gssapi.raw.names":[[3,"module-gssapi.raw.names",false]],"gssapi.raw.oids":[[3,"module-gssapi.raw.oids",false]],"gssapi.raw.sec_contexts":[[3,"module-gssapi.raw.sec_contexts",false]],"gssapi.raw.types":[[3,"module-gssapi.raw.types",false]],"gssapi.sec_contexts":[[2,"module-gssapi.sec_contexts",false]],"gsserror":[[2,"gssapi.exceptions.GSSError",false],[3,"gssapi.raw.exceptions.GSSError",false],[3,"gssapi.raw.misc.GSSError",false]],"header (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.header",false]],"hostbased_service (nametype attribute)":[[2,"gssapi.NameType.hostbased_service",false],[3,"gssapi.raw.types.NameType.hostbased_service",false]],"hyperchannel (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.hyperchannel",false]],"ibm_sna (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.ibm_sna",false]],"identify (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.identify",false]],"impersonate() (credentials method)":[[2,"gssapi.creds.Credentials.impersonate",false]],"import_cred() (in module gssapi.raw.ext_cred_imp_exp)":[[3,"gssapi.raw.ext_cred_imp_exp.import_cred",false]],"import_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.import_name",false]],"import_sec_context() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.import_sec_context",false]],"index() (iov method)":[[3,"gssapi.raw.ext_dce.IOV.index",false]],"indicate_mechs() (in module gssapi.raw.misc)":[[3,"gssapi.raw.misc.indicate_mechs",false]],"indicate_mechs_by_attrs() (in module gssapi.raw.ext_rfc5587)":[[3,"gssapi.raw.ext_rfc5587.indicate_mechs_by_attrs",false]],"init_lifetime (addcredresult attribute)":[[3,"gssapi.raw.named_tuples.AddCredResult.init_lifetime",false]],"init_lifetime (inquirecredbymechresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredByMechResult.init_lifetime",false]],"init_sec_context() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.init_sec_context",false]],"initiator_address (channelbindings attribute)":[[3,"gssapi.raw.chan_bindings.ChannelBindings.initiator_address",false]],"initiator_address_type (channelbindings attribute)":[[3,"gssapi.raw.chan_bindings.ChannelBindings.initiator_address_type",false]],"initiator_name (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.initiator_name",false]],"initiator_name (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.initiator_name",false]],"initiator_name (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.initiator_name",false]],"initseccontextresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InitSecContextResult",false]],"inquire() (credentials method)":[[2,"gssapi.creds.Credentials.inquire",false]],"inquire_attrs_for_mech() (in module gssapi.raw.ext_rfc5587)":[[3,"gssapi.raw.ext_rfc5587.inquire_attrs_for_mech",false]],"inquire_by_mech() (credentials method)":[[2,"gssapi.creds.Credentials.inquire_by_mech",false]],"inquire_context() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.inquire_context",false]],"inquire_cred() (in module gssapi.raw.creds)":[[3,"gssapi.raw.creds.inquire_cred",false]],"inquire_cred_by_mech() (in module gssapi.raw.creds)":[[3,"gssapi.raw.creds.inquire_cred_by_mech",false]],"inquire_cred_by_oid() (in module gssapi.raw.ext_ggf)":[[3,"gssapi.raw.ext_ggf.inquire_cred_by_oid",false]],"inquire_mech_for_saslname() (in module gssapi.raw.ext_rfc5801)":[[3,"gssapi.raw.ext_rfc5801.inquire_mech_for_saslname",false]],"inquire_mechs_for_name() (in module gssapi.raw.misc)":[[3,"gssapi.raw.misc.inquire_mechs_for_name",false]],"inquire_name() (in module gssapi.raw.ext_rfc6680)":[[3,"gssapi.raw.ext_rfc6680.inquire_name",false]],"inquire_names_for_mech() (in module gssapi.raw.misc)":[[3,"gssapi.raw.misc.inquire_names_for_mech",false]],"inquire_saslname_for_mech() (in module gssapi.raw.ext_rfc5801)":[[3,"gssapi.raw.ext_rfc5801.inquire_saslname_for_mech",false]],"inquire_sec_context_by_oid() (in module gssapi.raw.ext_ggf)":[[3,"gssapi.raw.ext_ggf.inquire_sec_context_by_oid",false]],"inquireattrsresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InquireAttrsResult",false]],"inquirecontextresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InquireContextResult",false]],"inquirecredbymechresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InquireCredByMechResult",false]],"inquirecredresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InquireCredResult",false]],"inquirenameresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InquireNameResult",false]],"inquiresaslnameresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.InquireSASLNameResult",false]],"integrity (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.integrity",false]],"intenumflagset (class in gssapi)":[[2,"gssapi.IntEnumFlagSet",false]],"intenumflagset (class in gssapi.raw.types)":[[3,"gssapi.raw.types.IntEnumFlagSet",false]],"invalidcredentialserror":[[2,"gssapi.exceptions.InvalidCredentialsError",false],[3,"gssapi.raw.exceptions.InvalidCredentialsError",false]],"invalidtokenerror":[[2,"gssapi.exceptions.InvalidTokenError",false],[3,"gssapi.raw.exceptions.InvalidTokenError",false]],"iov (class in gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.IOV",false]],"iovbuffer (class in gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.IOVBuffer",false]],"iovbuffertype (class in gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.IOVBufferType",false]],"iovunwrapresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.IOVUnwrapResult",false]],"ip (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.ip",false]],"is_initiator (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.is_initiator",false]],"is_mech_name (inquirenameresult attribute)":[[3,"gssapi.raw.named_tuples.InquireNameResult.is_mech_name",false]],"is_mech_name (name property)":[[2,"gssapi.names.Name.is_mech_name",false]],"kerberos (mechtype attribute)":[[2,"gssapi.MechType.kerberos",false],[3,"gssapi.raw.misc.MechType.kerberos",false],[3,"gssapi.raw.types.MechType.kerberos",false]],"kerberos_principal (nametype attribute)":[[2,"gssapi.NameType.kerberos_principal",false],[3,"gssapi.raw.types.NameType.kerberos_principal",false]],"key (rfc1964keydata attribute)":[[3,"gssapi.raw.named_tuples.Rfc1964KeyData.key",false]],"key_type (rfc1964keydata attribute)":[[3,"gssapi.raw.named_tuples.Rfc1964KeyData.key_type",false]],"known_mech_attrs (inquireattrsresult attribute)":[[3,"gssapi.raw.named_tuples.InquireAttrsResult.known_mech_attrs",false]],"krb5_ccache_name() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_ccache_name",false]],"krb5_export_lucid_sec_context() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_export_lucid_sec_context",false]],"krb5_extract_authtime_from_sec_context() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_extract_authtime_from_sec_context",false]],"krb5_extract_authz_data_from_sec_context() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_extract_authz_data_from_sec_context",false]],"krb5_get_tkt_flags() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_get_tkt_flags",false]],"krb5_import_cred() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_import_cred",false]],"krb5_nt_principal_name (nametype attribute)":[[2,"gssapi.NameType.krb5_nt_principal_name",false],[3,"gssapi.raw.types.NameType.krb5_nt_principal_name",false]],"krb5_set_allowable_enctypes() (in module gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.krb5_set_allowable_enctypes",false]],"krb5lucidcontext (class in gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContext",false]],"krb5lucidcontextv1 (class in gssapi.raw.ext_krb5)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1",false]],"lat (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.lat",false]],"lifetime (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.lifetime",false]],"lifetime (acquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.AcquireCredResult.lifetime",false]],"lifetime (credentials property)":[[2,"gssapi.creds.Credentials.lifetime",false]],"lifetime (initseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.InitSecContextResult.lifetime",false]],"lifetime (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.lifetime",false]],"lifetime (inquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredResult.lifetime",false]],"lifetime (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.lifetime",false]],"local (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.local",false]],"locally_init (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.locally_init",false]],"locally_initiated (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.locally_initiated",false]],"long_desc (displayattrresult attribute)":[[3,"gssapi.raw.named_tuples.DisplayAttrResult.long_desc",false]],"machine_uid (nametype attribute)":[[2,"gssapi.NameType.machine_uid",false],[3,"gssapi.raw.types.NameType.machine_uid",false]],"maj_code (gsserror attribute)":[[3,"gssapi.raw.exceptions.GSSError.maj_code",false],[3,"gssapi.raw.misc.GSSError.maj_code",false]],"major_message (encryptionnotused attribute)":[[2,"gssapi.exceptions.EncryptionNotUsed.MAJOR_MESSAGE",false]],"major_message (generalerror attribute)":[[2,"gssapi.exceptions.GeneralError.MAJOR_MESSAGE",false]],"major_message (unknownusageerror attribute)":[[2,"gssapi.exceptions.UnknownUsageError.MAJOR_MESSAGE",false]],"malformedparametererror":[[2,"gssapi.exceptions.MalformedParameterError",false],[3,"gssapi.raw.exceptions.MalformedParameterError",false]],"max_val (genericflagset attribute)":[[3,"gssapi.raw.types.GenericFlagSet.MAX_VAL",false]],"mech (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.mech",false]],"mech (initseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.InitSecContextResult.mech",false]],"mech (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.mech",false]],"mech (inquirenameresult attribute)":[[3,"gssapi.raw.named_tuples.InquireNameResult.mech",false]],"mech (name property)":[[2,"gssapi.names.Name.mech",false]],"mech (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.mech",false]],"mech_attrs (inquireattrsresult attribute)":[[3,"gssapi.raw.named_tuples.InquireAttrsResult.mech_attrs",false]],"mech_description (inquiresaslnameresult attribute)":[[3,"gssapi.raw.named_tuples.InquireSASLNameResult.mech_description",false]],"mech_name (inquiresaslnameresult attribute)":[[3,"gssapi.raw.named_tuples.InquireSASLNameResult.mech_name",false]],"mech_params (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.mech_params",false]],"mechanismnamerequirederror":[[2,"gssapi.exceptions.MechanismNameRequiredError",false],[3,"gssapi.raw.exceptions.MechanismNameRequiredError",false]],"mechs (acquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.AcquireCredResult.mechs",false]],"mechs (addcredresult attribute)":[[3,"gssapi.raw.named_tuples.AddCredResult.mechs",false]],"mechs (credentials property)":[[2,"gssapi.creds.Credentials.mechs",false]],"mechs (inquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredResult.mechs",false]],"mechs (storecredresult attribute)":[[3,"gssapi.raw.named_tuples.StoreCredResult.mechs",false]],"mechtype (class in gssapi)":[[2,"gssapi.MechType",false]],"mechtype (class in gssapi.raw.misc)":[[3,"gssapi.raw.misc.MechType",false]],"mechtype (class in gssapi.raw.types)":[[3,"gssapi.raw.types.MechType",false]],"message (gsserror attribute)":[[2,"gssapi.exceptions.GSSError.MESSAGE",false]],"message (unwrapresult attribute)":[[3,"gssapi.raw.named_tuples.UnwrapResult.message",false]],"message (wrapresult attribute)":[[3,"gssapi.raw.named_tuples.WrapResult.message",false]],"mic_token (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.mic_token",false]],"min_code (gsserror attribute)":[[3,"gssapi.raw.exceptions.GSSError.min_code",false],[3,"gssapi.raw.misc.GSSError.min_code",false]],"missingcontexterror":[[2,"gssapi.exceptions.MissingContextError",false],[3,"gssapi.raw.exceptions.MissingContextError",false]],"missingcredentialserror":[[2,"gssapi.exceptions.MissingCredentialsError",false],[3,"gssapi.raw.exceptions.MissingCredentialsError",false]],"module":[[2,"module-gssapi",false],[2,"module-gssapi.creds",false],[2,"module-gssapi.exceptions",false],[2,"module-gssapi.names",false],[2,"module-gssapi.sec_contexts",false],[3,"module-gssapi.raw",false],[3,"module-gssapi.raw.chan_bindings",false],[3,"module-gssapi.raw.creds",false],[3,"module-gssapi.raw.exceptions",false],[3,"module-gssapi.raw.ext_cred_imp_exp",false],[3,"module-gssapi.raw.ext_cred_store",false],[3,"module-gssapi.raw.ext_dce",false],[3,"module-gssapi.raw.ext_ggf",false],[3,"module-gssapi.raw.ext_iov_mic",false],[3,"module-gssapi.raw.ext_krb5",false],[3,"module-gssapi.raw.ext_password",false],[3,"module-gssapi.raw.ext_password_add",false],[3,"module-gssapi.raw.ext_rfc4178",false],[3,"module-gssapi.raw.ext_rfc5587",false],[3,"module-gssapi.raw.ext_rfc5588",false],[3,"module-gssapi.raw.ext_rfc5801",false],[3,"module-gssapi.raw.ext_rfc6680",false],[3,"module-gssapi.raw.ext_s4u",false],[3,"module-gssapi.raw.ext_set_cred_opt",false],[3,"module-gssapi.raw.message",false],[3,"module-gssapi.raw.misc",false],[3,"module-gssapi.raw.named_tuples",false],[3,"module-gssapi.raw.names",false],[3,"module-gssapi.raw.oids",false],[3,"module-gssapi.raw.sec_contexts",false],[3,"module-gssapi.raw.types",false]],"more_steps (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.more_steps",false]],"more_steps (initseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.InitSecContextResult.more_steps",false]],"mutual_authentication (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.mutual_authentication",false]],"name (class in gssapi.names)":[[2,"gssapi.names.Name",false]],"name (class in gssapi.raw.misc)":[[3,"gssapi.raw.misc.Name",false]],"name (class in gssapi.raw.names)":[[3,"gssapi.raw.names.Name",false]],"name (credentials property)":[[2,"gssapi.creds.Credentials.name",false]],"name (displayattrresult attribute)":[[3,"gssapi.raw.named_tuples.DisplayAttrResult.name",false]],"name (displaynameresult attribute)":[[3,"gssapi.raw.named_tuples.DisplayNameResult.name",false]],"name (inquirecredbymechresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredByMechResult.name",false]],"name (inquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredResult.name",false]],"name_type (displaynameresult attribute)":[[3,"gssapi.raw.named_tuples.DisplayNameResult.name_type",false]],"name_type (name property)":[[2,"gssapi.names.Name.name_type",false]],"namereaderror":[[2,"gssapi.exceptions.NameReadError",false],[3,"gssapi.raw.exceptions.NameReadError",false]],"nametype (class in gssapi)":[[2,"gssapi.NameType",false]],"nametype (class in gssapi.raw.types)":[[3,"gssapi.raw.types.NameType",false]],"nametypereaderror":[[2,"gssapi.exceptions.NameTypeReadError",false],[3,"gssapi.raw.exceptions.NameTypeReadError",false]],"nbs (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.nbs",false]],"null (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.null",false]],"oid (class in gssapi)":[[2,"gssapi.OID",false]],"oid (class in gssapi.raw.misc)":[[3,"gssapi.raw.misc.OID",false]],"oid (class in gssapi.raw.oids)":[[3,"gssapi.raw.oids.OID",false]],"ok_as_delegate (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.ok_as_delegate",false]],"operationunavailableerror":[[2,"gssapi.exceptions.OperationUnavailableError",false],[3,"gssapi.raw.exceptions.OperationUnavailableError",false]],"osi_tp4 (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.osi_tp4",false]],"out_of_sequence_detection (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.out_of_sequence_detection",false]],"padding (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.padding",false]],"parameterreaderror":[[2,"gssapi.exceptions.ParameterReadError",false],[3,"gssapi.raw.exceptions.ParameterReadError",false]],"parameterwriteerror":[[2,"gssapi.exceptions.ParameterWriteError",false],[3,"gssapi.raw.exceptions.ParameterWriteError",false]],"process_context_token() (in module gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.process_context_token",false]],"process_token() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.process_token",false]],"protection_ready (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.protection_ready",false]],"protocol (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.protocol",false]],"pup (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.pup",false]],"qop (iovunwrapresult attribute)":[[3,"gssapi.raw.named_tuples.IOVUnwrapResult.qop",false]],"qop (unwrapresult attribute)":[[3,"gssapi.raw.named_tuples.UnwrapResult.qop",false]],"recv_seq (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.recv_seq",false]],"release_cred() (in module gssapi.raw.creds)":[[3,"gssapi.raw.creds.release_cred",false]],"release_name() (in module gssapi.raw.names)":[[3,"gssapi.raw.names.release_name",false]],"replay_detection (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.replay_detection",false]],"requirementflag (class in gssapi)":[[2,"gssapi.RequirementFlag",false]],"requirementflag (class in gssapi.raw.types)":[[3,"gssapi.raw.types.RequirementFlag",false]],"rfc":[[2,"index-0",false],[3,"index-0",false],[3,"index-1",false],[3,"index-2",false],[3,"index-3",false],[3,"index-4",false],[3,"index-5",false],[4,"index-0",false]],"rfc 2744":[[3,"index-0",false],[4,"index-0",false]],"rfc 4178":[[3,"index-1",false]],"rfc 5587":[[3,"index-2",false]],"rfc 5588":[[2,"index-0",false],[3,"index-3",false]],"rfc 5801":[[3,"index-4",false]],"rfc 6680":[[3,"index-5",false]],"rfc1964_kd (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.rfc1964_kd",false]],"rfc1964keydata (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.Rfc1964KeyData",false]],"routine_code (badchannelbindingserror attribute)":[[2,"gssapi.exceptions.BadChannelBindingsError.ROUTINE_CODE",false]],"routine_code (badmechanismerror attribute)":[[2,"gssapi.exceptions.BadMechanismError.ROUTINE_CODE",false]],"routine_code (badmicerror attribute)":[[2,"gssapi.exceptions.BadMICError.ROUTINE_CODE",false]],"routine_code (badnameerror attribute)":[[2,"gssapi.exceptions.BadNameError.ROUTINE_CODE",false]],"routine_code (badnametypeerror attribute)":[[2,"gssapi.exceptions.BadNameTypeError.ROUTINE_CODE",false]],"routine_code (badqoperror attribute)":[[2,"gssapi.exceptions.BadQoPError.ROUTINE_CODE",false]],"routine_code (badstatuserror attribute)":[[2,"gssapi.exceptions.BadStatusError.ROUTINE_CODE",false]],"routine_code (duplicatecredentialselementerror attribute)":[[2,"gssapi.exceptions.DuplicateCredentialsElementError.ROUTINE_CODE",false]],"routine_code (expiredcontexterror attribute)":[[2,"gssapi.exceptions.ExpiredContextError.ROUTINE_CODE",false]],"routine_code (expiredcredentialserror attribute)":[[2,"gssapi.exceptions.ExpiredCredentialsError.ROUTINE_CODE",false]],"routine_code (gsserror attribute)":[[3,"gssapi.raw.exceptions.GSSError.routine_code",false],[3,"gssapi.raw.misc.GSSError.routine_code",false]],"routine_code (invalidcredentialserror attribute)":[[2,"gssapi.exceptions.InvalidCredentialsError.ROUTINE_CODE",false]],"routine_code (invalidtokenerror attribute)":[[2,"gssapi.exceptions.InvalidTokenError.ROUTINE_CODE",false]],"routine_code (mechanismnamerequirederror attribute)":[[2,"gssapi.exceptions.MechanismNameRequiredError.ROUTINE_CODE",false]],"routine_code (missingcontexterror attribute)":[[2,"gssapi.exceptions.MissingContextError.ROUTINE_CODE",false]],"routine_code (missingcredentialserror attribute)":[[2,"gssapi.exceptions.MissingCredentialsError.ROUTINE_CODE",false]],"routine_code (operationunavailableerror attribute)":[[2,"gssapi.exceptions.OperationUnavailableError.ROUTINE_CODE",false]],"routine_code (unauthorizederror attribute)":[[2,"gssapi.exceptions.UnauthorizedError.ROUTINE_CODE",false]],"sasl_mech_name (inquiresaslnameresult attribute)":[[3,"gssapi.raw.named_tuples.InquireSASLNameResult.sasl_mech_name",false]],"seal_alg (rfc1964keydata attribute)":[[3,"gssapi.raw.named_tuples.Rfc1964KeyData.seal_alg",false]],"securitycontext (class in gssapi.raw.sec_contexts)":[[3,"gssapi.raw.sec_contexts.SecurityContext",false]],"securitycontext (class in gssapi.sec_contexts)":[[2,"gssapi.sec_contexts.SecurityContext",false]],"send_seq (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.send_seq",false]],"set_cred_option() (in module gssapi.raw.ext_set_cred_opt)":[[3,"gssapi.raw.ext_set_cred_opt.set_cred_option",false]],"set_encoding() (in module gssapi)":[[2,"gssapi.set_encoding",false]],"set_name_attribute() (in module gssapi.raw.ext_rfc6680)":[[3,"gssapi.raw.ext_rfc6680.set_name_attribute",false]],"set_neg_mechs() (in module gssapi.raw.ext_rfc4178)":[[3,"gssapi.raw.ext_rfc4178.set_neg_mechs",false]],"set_sec_context_option() (in module gssapi.raw.ext_ggf)":[[3,"gssapi.raw.ext_ggf.set_sec_context_option",false]],"short_desc (displayattrresult attribute)":[[3,"gssapi.raw.named_tuples.DisplayAttrResult.short_desc",false]],"sign_alg (rfc1964keydata attribute)":[[3,"gssapi.raw.named_tuples.Rfc1964KeyData.sign_alg",false]],"sign_only (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.sign_only",false]],"step() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.step",false]],"store() (credentials method)":[[2,"gssapi.creds.Credentials.store",false]],"store_cred() (in module gssapi.raw.ext_rfc5588)":[[3,"gssapi.raw.ext_rfc5588.store_cred",false]],"store_cred_into() (in module gssapi.raw.ext_cred_store)":[[3,"gssapi.raw.ext_cred_store.store_cred_into",false]],"storecredresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.StoreCredResult",false]],"stream (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.stream",false]],"string_uid (nametype attribute)":[[2,"gssapi.NameType.string_uid",false],[3,"gssapi.raw.types.NameType.string_uid",false]],"supplementary_code (duplicatetokenerror attribute)":[[2,"gssapi.exceptions.DuplicateTokenError.SUPPLEMENTARY_CODE",false]],"supplementary_code (expiredtokenerror attribute)":[[2,"gssapi.exceptions.ExpiredTokenError.SUPPLEMENTARY_CODE",false]],"supplementary_code (gsserror attribute)":[[3,"gssapi.raw.exceptions.GSSError.supplementary_code",false],[3,"gssapi.raw.misc.GSSError.supplementary_code",false]],"supplementary_code (tokentooearlyerror attribute)":[[2,"gssapi.exceptions.TokenTooEarlyError.SUPPLEMENTARY_CODE",false]],"supplementary_code (tokentoolateerror attribute)":[[2,"gssapi.exceptions.TokenTooLateError.SUPPLEMENTARY_CODE",false]],"supplementaryerror":[[2,"gssapi.exceptions.SupplementaryError",false],[3,"gssapi.raw.exceptions.SupplementaryError",false]],"target_name (inquirecontextresult attribute)":[[3,"gssapi.raw.named_tuples.InquireContextResult.target_name",false]],"target_name (securitycontext property)":[[2,"gssapi.sec_contexts.SecurityContext.target_name",false]],"token (acceptseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.AcceptSecContextResult.token",false]],"token (gsserror attribute)":[[3,"gssapi.raw.exceptions.GSSError.token",false],[3,"gssapi.raw.misc.GSSError.token",false]],"token (initseccontextresult attribute)":[[3,"gssapi.raw.named_tuples.InitSecContextResult.token",false]],"tokenoutofsequenceerror":[[2,"gssapi.exceptions.TokenOutOfSequenceError",false],[3,"gssapi.raw.exceptions.TokenOutOfSequenceError",false]],"tokenreaderror":[[2,"gssapi.exceptions.TokenReadError",false],[3,"gssapi.raw.exceptions.TokenReadError",false]],"tokentooearlyerror":[[2,"gssapi.exceptions.TokenTooEarlyError",false],[3,"gssapi.raw.exceptions.TokenTooEarlyError",false]],"tokentoolateerror":[[2,"gssapi.exceptions.TokenTooLateError",false],[3,"gssapi.raw.exceptions.TokenTooLateError",false]],"trailer (iovbuffertype attribute)":[[3,"gssapi.raw.ext_dce.IOVBufferType.trailer",false]],"transferable (requirementflag attribute)":[[3,"gssapi.raw.types.RequirementFlag.transferable",false]],"type (iovbuffer attribute)":[[3,"gssapi.raw.ext_dce.IOVBuffer.type",false]],"unauthorizederror":[[2,"gssapi.exceptions.UnauthorizedError",false],[3,"gssapi.raw.exceptions.UnauthorizedError",false]],"unknownusageerror":[[2,"gssapi.exceptions.UnknownUsageError",false]],"unwrap() (in module gssapi.raw.message)":[[3,"gssapi.raw.message.unwrap",false]],"unwrap() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.unwrap",false]],"unwrap_aead() (in module gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.unwrap_aead",false]],"unwrap_iov() (in module gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.unwrap_iov",false]],"unwrapresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.UnwrapResult",false]],"usage (credentials property)":[[2,"gssapi.creds.Credentials.usage",false]],"usage (inquirecredbymechresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredByMechResult.usage",false]],"usage (inquirecredresult attribute)":[[3,"gssapi.raw.named_tuples.InquireCredResult.usage",false]],"usage (storecredresult attribute)":[[3,"gssapi.raw.named_tuples.StoreCredResult.usage",false]],"user (nametype attribute)":[[2,"gssapi.NameType.user",false],[3,"gssapi.raw.types.NameType.user",false]],"value (iovbuffer attribute)":[[3,"gssapi.raw.ext_dce.IOVBuffer.value",false]],"values (getnameattributeresult attribute)":[[3,"gssapi.raw.named_tuples.GetNameAttributeResult.values",false]],"verify_mic() (in module gssapi.raw.message)":[[3,"gssapi.raw.message.verify_mic",false]],"verify_mic_iov() (in module gssapi.raw.ext_iov_mic)":[[3,"gssapi.raw.ext_iov_mic.verify_mic_iov",false]],"verify_signature() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.verify_signature",false]],"version (krb5lucidcontextv1 property)":[[3,"gssapi.raw.ext_krb5.Krb5LucidContextV1.version",false]],"wrap() (in module gssapi.raw.message)":[[3,"gssapi.raw.message.wrap",false]],"wrap() (securitycontext method)":[[2,"gssapi.sec_contexts.SecurityContext.wrap",false]],"wrap_aead() (in module gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.wrap_aead",false]],"wrap_iov() (in module gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.wrap_iov",false]],"wrap_iov_length() (in module gssapi.raw.ext_dce)":[[3,"gssapi.raw.ext_dce.wrap_iov_length",false]],"wrap_size_limit() (in module gssapi.raw.message)":[[3,"gssapi.raw.message.wrap_size_limit",false]],"wrapresult (class in gssapi.raw.named_tuples)":[[3,"gssapi.raw.named_tuples.WrapResult",false]],"x25 (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.x25",false]],"xerox_ns (addresstype attribute)":[[3,"gssapi.raw.types.AddressType.xerox_ns",false]]},"objects":{"":[[2,0,0,"-","gssapi"]],"gssapi":[[2,1,1,"","AddressType"],[2,1,1,"","IntEnumFlagSet"],[2,1,1,"","MechType"],[2,1,1,"","NameType"],[2,1,1,"","OID"],[2,1,1,"","RequirementFlag"],[2,0,0,"-","creds"],[2,0,0,"-","exceptions"],[2,0,0,"-","names"],[3,0,0,"-","raw"],[2,0,0,"-","sec_contexts"],[2,6,1,"","set_encoding"]],"gssapi.MechType":[[2,2,1,"","kerberos"]],"gssapi.NameType":[[2,2,1,"","anonymous"],[2,2,1,"","composite_export"],[2,2,1,"","export"],[2,2,1,"","hostbased_service"],[2,2,1,"","kerberos_principal"],[2,2,1,"","krb5_nt_principal_name"],[2,2,1,"","machine_uid"],[2,2,1,"","string_uid"],[2,2,1,"","user"]],"gssapi.creds":[[2,1,1,"","Credentials"]],"gssapi.creds.Credentials":[[2,3,1,"","acquire"],[2,3,1,"","add"],[2,3,1,"","export"],[2,3,1,"","impersonate"],[2,3,1,"","inquire"],[2,3,1,"","inquire_by_mech"],[2,4,1,"","lifetime"],[2,4,1,"","mechs"],[2,4,1,"","name"],[2,3,1,"","store"],[2,4,1,"","usage"]],"gssapi.exceptions":[[2,5,1,"","BadChannelBindingsError"],[2,5,1,"","BadMICError"],[2,5,1,"","BadMechanismError"],[2,5,1,"","BadNameError"],[2,5,1,"","BadNameTypeError"],[2,5,1,"","BadQoPError"],[2,5,1,"","BadStatusError"],[2,5,1,"","ContextReadError"],[2,5,1,"","ContextWriteError"],[2,5,1,"","CredentialsReadError"],[2,5,1,"","CredentialsWriteError"],[2,5,1,"","DuplicateCredentialsElementError"],[2,5,1,"","DuplicateTokenError"],[2,5,1,"","EncryptionNotUsed"],[2,5,1,"","ExpiredContextError"],[2,5,1,"","ExpiredCredentialsError"],[2,5,1,"","ExpiredTokenError"],[2,5,1,"","GSSError"],[2,5,1,"","GeneralError"],[2,5,1,"","InvalidCredentialsError"],[2,5,1,"","InvalidTokenError"],[2,5,1,"","MalformedParameterError"],[2,5,1,"","MechanismNameRequiredError"],[2,5,1,"","MissingContextError"],[2,5,1,"","MissingCredentialsError"],[2,5,1,"","NameReadError"],[2,5,1,"","NameTypeReadError"],[2,5,1,"","OperationUnavailableError"],[2,5,1,"","ParameterReadError"],[2,5,1,"","ParameterWriteError"],[2,5,1,"","SupplementaryError"],[2,5,1,"","TokenOutOfSequenceError"],[2,5,1,"","TokenReadError"],[2,5,1,"","TokenTooEarlyError"],[2,5,1,"","TokenTooLateError"],[2,5,1,"","UnauthorizedError"],[2,5,1,"","UnknownUsageError"]],"gssapi.exceptions.BadChannelBindingsError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.BadMICError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.BadMechanismError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.BadNameError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.BadNameTypeError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.BadQoPError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.BadStatusError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.DuplicateCredentialsElementError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.DuplicateTokenError":[[2,2,1,"","SUPPLEMENTARY_CODE"]],"gssapi.exceptions.EncryptionNotUsed":[[2,2,1,"","MAJOR_MESSAGE"]],"gssapi.exceptions.ExpiredContextError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.ExpiredCredentialsError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.ExpiredTokenError":[[2,2,1,"","SUPPLEMENTARY_CODE"]],"gssapi.exceptions.GSSError":[[2,2,1,"","MESSAGE"],[2,3,1,"","gen_message"],[2,3,1,"","get_all_statuses"]],"gssapi.exceptions.GeneralError":[[2,2,1,"","FMT_STR"],[2,2,1,"","MAJOR_MESSAGE"]],"gssapi.exceptions.InvalidCredentialsError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.InvalidTokenError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.MalformedParameterError":[[2,2,1,"","CALLING_CODE"]],"gssapi.exceptions.MechanismNameRequiredError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.MissingContextError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.MissingCredentialsError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.OperationUnavailableError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.ParameterReadError":[[2,2,1,"","CALLING_CODE"]],"gssapi.exceptions.ParameterWriteError":[[2,2,1,"","CALLING_CODE"]],"gssapi.exceptions.TokenTooEarlyError":[[2,2,1,"","SUPPLEMENTARY_CODE"]],"gssapi.exceptions.TokenTooLateError":[[2,2,1,"","SUPPLEMENTARY_CODE"]],"gssapi.exceptions.UnauthorizedError":[[2,2,1,"","ROUTINE_CODE"]],"gssapi.exceptions.UnknownUsageError":[[2,2,1,"","MAJOR_MESSAGE"]],"gssapi.names":[[2,1,1,"","Name"]],"gssapi.names.Name":[[2,4,1,"","attributes"],[2,3,1,"","canonicalize"],[2,3,1,"","display_as"],[2,3,1,"","export"],[2,4,1,"","is_mech_name"],[2,4,1,"","mech"],[2,4,1,"","name_type"]],"gssapi.raw":[[3,0,0,"-","chan_bindings"],[3,0,0,"-","creds"],[3,0,0,"-","exceptions"],[3,0,0,"-","ext_cred_imp_exp"],[3,0,0,"-","ext_cred_store"],[3,0,0,"-","ext_dce"],[3,0,0,"-","ext_ggf"],[3,0,0,"-","ext_iov_mic"],[3,0,0,"-","ext_krb5"],[3,0,0,"-","ext_password"],[3,0,0,"-","ext_password_add"],[3,0,0,"-","ext_rfc4178"],[3,0,0,"-","ext_rfc5587"],[3,0,0,"-","ext_rfc5588"],[3,0,0,"-","ext_rfc5801"],[3,0,0,"-","ext_rfc6680"],[3,0,0,"-","ext_s4u"],[3,0,0,"-","ext_set_cred_opt"],[3,0,0,"-","message"],[3,0,0,"-","misc"],[3,0,0,"-","named_tuples"],[3,0,0,"-","names"],[3,0,0,"-","oids"],[3,0,0,"-","sec_contexts"],[3,0,0,"-","types"]],"gssapi.raw.chan_bindings":[[3,1,1,"","ChannelBindings"]],"gssapi.raw.chan_bindings.ChannelBindings":[[3,2,1,"","acceptor_address"],[3,2,1,"","acceptor_address_type"],[3,2,1,"","application_data"],[3,2,1,"","initiator_address"],[3,2,1,"","initiator_address_type"]],"gssapi.raw.creds":[[3,1,1,"","Creds"],[3,6,1,"","acquire_cred"],[3,6,1,"","add_cred"],[3,6,1,"","inquire_cred"],[3,6,1,"","inquire_cred_by_mech"],[3,6,1,"","release_cred"]],"gssapi.raw.exceptions":[[3,5,1,"","BadChannelBindingsError"],[3,5,1,"","BadMICError"],[3,5,1,"","BadMechanismError"],[3,5,1,"","BadNameError"],[3,5,1,"","BadNameTypeError"],[3,5,1,"","BadQoPError"],[3,5,1,"","BadStatusError"],[3,5,1,"","ContextReadError"],[3,5,1,"","ContextWriteError"],[3,5,1,"","CredentialsReadError"],[3,5,1,"","CredentialsWriteError"],[3,5,1,"","DuplicateCredentialsElementError"],[3,5,1,"","DuplicateTokenError"],[3,5,1,"","ExpiredContextError"],[3,5,1,"","ExpiredCredentialsError"],[3,5,1,"","ExpiredTokenError"],[3,5,1,"","GSSError"],[3,5,1,"","InvalidCredentialsError"],[3,5,1,"","InvalidTokenError"],[3,5,1,"","MalformedParameterError"],[3,5,1,"","MechanismNameRequiredError"],[3,5,1,"","MissingContextError"],[3,5,1,"","MissingCredentialsError"],[3,5,1,"","NameReadError"],[3,5,1,"","NameTypeReadError"],[3,5,1,"","OperationUnavailableError"],[3,5,1,"","ParameterReadError"],[3,5,1,"","ParameterWriteError"],[3,5,1,"","SupplementaryError"],[3,5,1,"","TokenOutOfSequenceError"],[3,5,1,"","TokenReadError"],[3,5,1,"","TokenTooEarlyError"],[3,5,1,"","TokenTooLateError"],[3,5,1,"","UnauthorizedError"]],"gssapi.raw.exceptions.GSSError":[[3,2,1,"","calling_code"],[3,3,1,"","gen_message"],[3,3,1,"","get_all_statuses"],[3,2,1,"","maj_code"],[3,2,1,"","min_code"],[3,2,1,"","routine_code"],[3,2,1,"","supplementary_code"],[3,2,1,"","token"]],"gssapi.raw.ext_cred_imp_exp":[[3,6,1,"","export_cred"],[3,6,1,"","import_cred"]],"gssapi.raw.ext_cred_store":[[3,6,1,"","acquire_cred_from"],[3,6,1,"","add_cred_from"],[3,6,1,"","store_cred_into"]],"gssapi.raw.ext_dce":[[3,1,1,"","IOV"],[3,1,1,"","IOVBuffer"],[3,1,1,"","IOVBufferType"],[3,6,1,"","unwrap_aead"],[3,6,1,"","unwrap_iov"],[3,6,1,"","wrap_aead"],[3,6,1,"","wrap_iov"],[3,6,1,"","wrap_iov_length"]],"gssapi.raw.ext_dce.IOV":[[3,3,1,"","count"],[3,3,1,"","index"]],"gssapi.raw.ext_dce.IOVBuffer":[[3,2,1,"","allocate"],[3,2,1,"","type"],[3,2,1,"","value"]],"gssapi.raw.ext_dce.IOVBufferType":[[3,2,1,"","data"],[3,2,1,"","empty"],[3,2,1,"","header"],[3,2,1,"","mech_params"],[3,2,1,"","mic_token"],[3,2,1,"","padding"],[3,2,1,"","sign_only"],[3,2,1,"","stream"],[3,2,1,"","trailer"]],"gssapi.raw.ext_ggf":[[3,6,1,"","inquire_cred_by_oid"],[3,6,1,"","inquire_sec_context_by_oid"],[3,6,1,"","set_sec_context_option"]],"gssapi.raw.ext_iov_mic":[[3,6,1,"","get_mic_iov"],[3,6,1,"","get_mic_iov_length"],[3,6,1,"","verify_mic_iov"]],"gssapi.raw.ext_krb5":[[3,1,1,"","Krb5LucidContext"],[3,1,1,"","Krb5LucidContextV1"],[3,6,1,"","krb5_ccache_name"],[3,6,1,"","krb5_export_lucid_sec_context"],[3,6,1,"","krb5_extract_authtime_from_sec_context"],[3,6,1,"","krb5_extract_authz_data_from_sec_context"],[3,6,1,"","krb5_get_tkt_flags"],[3,6,1,"","krb5_import_cred"],[3,6,1,"","krb5_set_allowable_enctypes"]],"gssapi.raw.ext_krb5.Krb5LucidContextV1":[[3,4,1,"","cfx_kd"],[3,4,1,"","endtime"],[3,4,1,"","is_initiator"],[3,4,1,"","protocol"],[3,4,1,"","recv_seq"],[3,4,1,"","rfc1964_kd"],[3,4,1,"","send_seq"],[3,4,1,"","version"]],"gssapi.raw.ext_password":[[3,6,1,"","acquire_cred_with_password"]],"gssapi.raw.ext_password_add":[[3,6,1,"","add_cred_with_password"]],"gssapi.raw.ext_rfc4178":[[3,6,1,"","set_neg_mechs"]],"gssapi.raw.ext_rfc5587":[[3,6,1,"","display_mech_attr"],[3,6,1,"","indicate_mechs_by_attrs"],[3,6,1,"","inquire_attrs_for_mech"]],"gssapi.raw.ext_rfc5588":[[3,6,1,"","store_cred"]],"gssapi.raw.ext_rfc5801":[[3,6,1,"","inquire_mech_for_saslname"],[3,6,1,"","inquire_saslname_for_mech"]],"gssapi.raw.ext_rfc6680":[[3,6,1,"","delete_name_attribute"],[3,6,1,"","display_name_ext"],[3,6,1,"","export_name_composite"],[3,6,1,"","get_name_attribute"],[3,6,1,"","inquire_name"],[3,6,1,"","set_name_attribute"]],"gssapi.raw.ext_s4u":[[3,6,1,"","acquire_cred_impersonate_name"],[3,6,1,"","add_cred_impersonate_name"]],"gssapi.raw.ext_set_cred_opt":[[3,6,1,"","set_cred_option"]],"gssapi.raw.message":[[3,6,1,"","get_mic"],[3,6,1,"","unwrap"],[3,6,1,"","verify_mic"],[3,6,1,"","wrap"],[3,6,1,"","wrap_size_limit"]],"gssapi.raw.misc":[[3,5,1,"","GSSError"],[3,1,1,"","MechType"],[3,1,1,"","Name"],[3,1,1,"","OID"],[3,6,1,"","indicate_mechs"],[3,6,1,"","inquire_mechs_for_name"],[3,6,1,"","inquire_names_for_mech"]],"gssapi.raw.misc.GSSError":[[3,2,1,"","calling_code"],[3,3,1,"","gen_message"],[3,3,1,"","get_all_statuses"],[3,2,1,"","maj_code"],[3,2,1,"","min_code"],[3,2,1,"","routine_code"],[3,2,1,"","supplementary_code"],[3,2,1,"","token"]],"gssapi.raw.misc.MechType":[[3,2,1,"","kerberos"]],"gssapi.raw.misc.OID":[[3,4,1,"","dotted_form"],[3,3,1,"","from_int_seq"]],"gssapi.raw.named_tuples":[[3,1,1,"","AcceptSecContextResult"],[3,1,1,"","AcquireCredResult"],[3,1,1,"","AddCredResult"],[3,1,1,"","CfxKeyData"],[3,1,1,"","DisplayAttrResult"],[3,1,1,"","DisplayNameResult"],[3,1,1,"","GetNameAttributeResult"],[3,1,1,"","IOVUnwrapResult"],[3,1,1,"","InitSecContextResult"],[3,1,1,"","InquireAttrsResult"],[3,1,1,"","InquireContextResult"],[3,1,1,"","InquireCredByMechResult"],[3,1,1,"","InquireCredResult"],[3,1,1,"","InquireNameResult"],[3,1,1,"","InquireSASLNameResult"],[3,1,1,"","Rfc1964KeyData"],[3,1,1,"","StoreCredResult"],[3,1,1,"","UnwrapResult"],[3,1,1,"","WrapResult"]],"gssapi.raw.named_tuples.AcceptSecContextResult":[[3,2,1,"","context"],[3,2,1,"","delegated_creds"],[3,2,1,"","flags"],[3,2,1,"","initiator_name"],[3,2,1,"","lifetime"],[3,2,1,"","mech"],[3,2,1,"","more_steps"],[3,2,1,"","token"]],"gssapi.raw.named_tuples.AcquireCredResult":[[3,2,1,"","creds"],[3,2,1,"","lifetime"],[3,2,1,"","mechs"]],"gssapi.raw.named_tuples.AddCredResult":[[3,2,1,"","accept_lifetime"],[3,2,1,"","creds"],[3,2,1,"","init_lifetime"],[3,2,1,"","mechs"]],"gssapi.raw.named_tuples.CfxKeyData":[[3,2,1,"","acceptor_subkey"],[3,2,1,"","acceptor_subkey_type"],[3,2,1,"","ctx_key"],[3,2,1,"","ctx_key_type"]],"gssapi.raw.named_tuples.DisplayAttrResult":[[3,2,1,"","long_desc"],[3,2,1,"","name"],[3,2,1,"","short_desc"]],"gssapi.raw.named_tuples.DisplayNameResult":[[3,2,1,"","name"],[3,2,1,"","name_type"]],"gssapi.raw.named_tuples.GetNameAttributeResult":[[3,2,1,"","authenticated"],[3,2,1,"","complete"],[3,2,1,"","display_values"],[3,2,1,"","values"]],"gssapi.raw.named_tuples.IOVUnwrapResult":[[3,2,1,"","encrypted"],[3,2,1,"","qop"]],"gssapi.raw.named_tuples.InitSecContextResult":[[3,2,1,"","context"],[3,2,1,"","flags"],[3,2,1,"","lifetime"],[3,2,1,"","mech"],[3,2,1,"","more_steps"],[3,2,1,"","token"]],"gssapi.raw.named_tuples.InquireAttrsResult":[[3,2,1,"","known_mech_attrs"],[3,2,1,"","mech_attrs"]],"gssapi.raw.named_tuples.InquireContextResult":[[3,2,1,"","complete"],[3,2,1,"","flags"],[3,2,1,"","initiator_name"],[3,2,1,"","lifetime"],[3,2,1,"","locally_init"],[3,2,1,"","mech"],[3,2,1,"","target_name"]],"gssapi.raw.named_tuples.InquireCredByMechResult":[[3,2,1,"","accept_lifetime"],[3,2,1,"","init_lifetime"],[3,2,1,"","name"],[3,2,1,"","usage"]],"gssapi.raw.named_tuples.InquireCredResult":[[3,2,1,"","lifetime"],[3,2,1,"","mechs"],[3,2,1,"","name"],[3,2,1,"","usage"]],"gssapi.raw.named_tuples.InquireNameResult":[[3,2,1,"","attrs"],[3,2,1,"","is_mech_name"],[3,2,1,"","mech"]],"gssapi.raw.named_tuples.InquireSASLNameResult":[[3,2,1,"","mech_description"],[3,2,1,"","mech_name"],[3,2,1,"","sasl_mech_name"]],"gssapi.raw.named_tuples.Rfc1964KeyData":[[3,2,1,"","key"],[3,2,1,"","key_type"],[3,2,1,"","seal_alg"],[3,2,1,"","sign_alg"]],"gssapi.raw.named_tuples.StoreCredResult":[[3,2,1,"","mechs"],[3,2,1,"","usage"]],"gssapi.raw.named_tuples.UnwrapResult":[[3,2,1,"","encrypted"],[3,2,1,"","message"],[3,2,1,"","qop"]],"gssapi.raw.named_tuples.WrapResult":[[3,2,1,"","encrypted"],[3,2,1,"","message"]],"gssapi.raw.names":[[3,1,1,"","Name"],[3,6,1,"","canonicalize_name"],[3,6,1,"","compare_name"],[3,6,1,"","display_name"],[3,6,1,"","duplicate_name"],[3,6,1,"","export_name"],[3,6,1,"","import_name"],[3,6,1,"","release_name"]],"gssapi.raw.oids":[[3,1,1,"","OID"]],"gssapi.raw.oids.OID":[[3,4,1,"","dotted_form"],[3,3,1,"","from_int_seq"]],"gssapi.raw.sec_contexts":[[3,1,1,"","SecurityContext"],[3,6,1,"","accept_sec_context"],[3,6,1,"","context_time"],[3,6,1,"","delete_sec_context"],[3,6,1,"","export_sec_context"],[3,6,1,"","import_sec_context"],[3,6,1,"","init_sec_context"],[3,6,1,"","inquire_context"],[3,6,1,"","process_context_token"]],"gssapi.raw.types":[[3,1,1,"","AddressType"],[3,1,1,"","GenericFlagSet"],[3,1,1,"","IntEnumFlagSet"],[3,1,1,"","MechType"],[3,1,1,"","NameType"],[3,1,1,"","RequirementFlag"]],"gssapi.raw.types.AddressType":[[3,2,1,"","appletalk"],[3,2,1,"","arpanet"],[3,2,1,"","bisync"],[3,2,1,"","ccitt"],[3,2,1,"","chaos"],[3,2,1,"","datakit"],[3,2,1,"","decnet"],[3,2,1,"","dli"],[3,2,1,"","dss"],[3,2,1,"","ecma"],[3,2,1,"","hyperchannel"],[3,2,1,"","ibm_sna"],[3,2,1,"","ip"],[3,2,1,"","lat"],[3,2,1,"","local"],[3,2,1,"","nbs"],[3,2,1,"","null"],[3,2,1,"","osi_tp4"],[3,2,1,"","pup"],[3,2,1,"","x25"],[3,2,1,"","xerox_ns"]],"gssapi.raw.types.GenericFlagSet":[[3,2,1,"","MAX_VAL"],[3,3,1,"","add"],[3,3,1,"","discard"]],"gssapi.raw.types.MechType":[[3,2,1,"","kerberos"]],"gssapi.raw.types.NameType":[[3,2,1,"","anonymous"],[3,2,1,"","composite_export"],[3,2,1,"","export"],[3,2,1,"","hostbased_service"],[3,2,1,"","kerberos_principal"],[3,2,1,"","krb5_nt_principal_name"],[3,2,1,"","machine_uid"],[3,2,1,"","string_uid"],[3,2,1,"","user"]],"gssapi.raw.types.RequirementFlag":[[3,2,1,"","anonymity"],[3,2,1,"","channel_bound"],[3,2,1,"","confidentiality"],[3,2,1,"","dce_style"],[3,2,1,"","delegate_to_peer"],[3,2,1,"","extended_error"],[3,2,1,"","identify"],[3,2,1,"","integrity"],[3,2,1,"","mutual_authentication"],[3,2,1,"","ok_as_delegate"],[3,2,1,"","out_of_sequence_detection"],[3,2,1,"","protection_ready"],[3,2,1,"","replay_detection"],[3,2,1,"","transferable"]],"gssapi.sec_contexts":[[2,1,1,"","SecurityContext"]],"gssapi.sec_contexts.SecurityContext":[[2,4,1,"","actual_flags"],[2,4,1,"","complete"],[2,3,1,"","decrypt"],[2,4,1,"","delegated_creds"],[2,3,1,"","encrypt"],[2,3,1,"","export"],[2,3,1,"","get_signature"],[2,3,1,"","get_wrap_size_limit"],[2,4,1,"","initiator_name"],[2,4,1,"","lifetime"],[2,4,1,"","locally_initiated"],[2,4,1,"","mech"],[2,3,1,"","process_token"],[2,3,1,"","step"],[2,4,1,"","target_name"],[2,3,1,"","unwrap"],[2,3,1,"","verify_signature"],[2,3,1,"","wrap"]]},"objnames":{"0":["py","module","Python module"],"1":["py","class","Python class"],"2":["py","attribute","Python attribute"],"3":["py","method","Python method"],"4":["py","property","Python property"],"5":["py","exception","Python exception"],"6":["py","function","Python function"]},"objtypes":{"0":"py:module","1":"py:class","2":"py:attribute","3":"py:method","4":"py:property","5":"py:exception","6":"py:function"},"terms":{"":[0,2,3],"0":[0,3],"00":3,"01":3,"1":[0,2,3],"10":3,"1048576":2,"11":3,"1114112":2,"113554":[0,2],"1179648":2,"12":3,"128":3,"13":[2,3],"131072":2,"14":3,"15":3,"16":[2,3],"16384":3,"167":0,"16777216":2,"17":3,"18":3,"19":3,"196608":2,"2":[0,2,3],"2048":3,"21":3,"255":3,"256":3,"262144":2,"2744":4,"29":3,"295":0,"3":[2,3],"32":3,"32768":3,"327680":2,"33554432":2,"393216":2,"4":[0,2,3],"4096":3,"43":3,"458752":2,"5":[0,2,3],"50331648":2,"524288":2,"5588":2,"589824":2,"6":[2,3],"64":3,"655":3,"65536":2,"655360":2,"6680":2,"7":3,"7165":3,"720896":2,"752":3,"786432":2,"8":[2,3],"8192":3,"840":[0,2],"9":3,"917504":2,"983040":2,"A":[2,3,6],"AND":3,"As":[0,3],"By":2,"For":[0,2,3],"If":[0,1,2,3],"In":[0,2,3],"It":[1,2,3],"NOT":3,"No":2,"OR":3,"One":3,"The":[0,2,3,4],"There":[0,3],"These":[0,2,3],"To":[0,3,4,6],"_":0,"__defer_step_errors__":2,"_util":0,"abl":3,"about":[2,3],"abov":[0,2],"absent":3,"abstract":2,"accept":[0,1,2,3],"accept_lifetim":[2,3],"accept_sec_context":3,"acceptor":[2,3],"acceptor_address":3,"acceptor_address_typ":3,"acceptor_cr":3,"acceptor_subkei":3,"acceptor_subkey_typ":3,"acceptseccontextresult":3,"access":[0,4],"accord":2,"account":2,"acquir":[0,2],"acquire_cr":3,"acquire_cred_from":[1,3],"acquire_cred_impersonate_nam":3,"acquire_cred_with_password":3,"acquirecredimpersonatenam":3,"acquirecredresult":[2,3],"across":2,"act":2,"action":0,"activ":0,"actual":[2,3],"actual_flag":2,"ad":[2,3],"ad_typ":3,"add":[2,3],"add_cr":3,"add_cred_from":[1,3],"add_cred_impersonate_nam":3,"add_cred_with_password":3,"addcredresult":3,"addit":2,"addition":[2,3,4],"addprinc":0,"address":3,"addresstyp":[2,3],"after":3,"again":3,"against":3,"algorithm":3,"all":[2,3],"alloc":3,"allow":[0,1,2,3],"along":2,"alreadi":[0,3],"also":[0,2,3],"although":0,"alwai":2,"amount":[2,3],"an":[0,1,2,3,4],"ani":[0,1,2,3],"anonym":[2,3],"anoth":[2,3],"api":[0,4],"appletalk":3,"appli":3,"applic":[0,1,3],"application_data":3,"appropri":[2,3],"ar":[0,1,2,3,4],"arbitrari":3,"arg":[0,2,3],"argument":[2,3],"around":4,"arpanet":3,"aspect":[1,3],"assign":2,"associ":[0,2,3],"assum":0,"asynchron":[2,3],"attach":2,"attempt":[2,3],"attr":3,"attribut":2,"auth":3,"authent":3,"author":3,"authtim":3,"authz":3,"auto_alloc":3,"automat":[2,3],"avail":[0,2,3,4],"b":0,"back":3,"badchannelbindingserror":[2,3],"badmechanismerror":[2,3],"badmicerror":[2,3],"badnameerror":[2,3],"badnametypeerror":[2,3],"badqoperror":[2,3],"badstatuserror":[2,3],"base":[0,2,3],"basic":[3,6],"been":[2,3],"befor":3,"begin":2,"behavior":2,"behaviour":[2,3],"behind":3,"being":[2,3],"below":2,"ber":3,"between":[0,2,3],"bind":3,"bisync":3,"bit":3,"bitwis":3,"bool":[2,3],"both":[0,1,2,3],"bound":3,"break":[0,2],"buffer":3,"bundl":3,"byte":[2,3],"c":[2,3,4],"cach":[0,1,3],"calcul":[2,3],"call":[0,1,2,3],"caller":3,"calling_cod":[2,3],"can":[0,1,2,3],"cannot":[0,2,3],"canon":3,"canonic":[0,2,3],"canonicalize_nam":3,"case":[0,2,3],"caus":3,"ccach":3,"ccitt":3,"certain":[3,4],"cfx_kd":3,"cfxkeydata":3,"chan_bind":3,"chang":3,"channel":3,"channel_bind":[2,3],"channel_bound":3,"channelbind":[2,3],"chao":3,"check":[0,3,4,6],"check_last_err":0,"class":3,"classmethod":[2,3],"clear":3,"client":[1,3],"client_ctx":0,"client_tok":0,"close":3,"closest":3,"code":[2,3],"command":0,"common":[3,5],"commonli":[0,1,3],"commun":0,"compar":[0,3],"compare_nam":3,"comparison":3,"compat":[2,3],"compil":3,"complet":[0,2,3],"compon":3,"compos":3,"composit":[2,3],"composite_export":[2,3],"comput":3,"concept":0,"condit":2,"confidenti":[0,2,3],"config":3,"confirm":2,"connect":0,"consid":2,"consist":3,"consol":0,"constrain":2,"constructor":[0,2,3],"contain":[0,1,2,3,5],"context":1,"context_tim":3,"contextreaderror":[2,3],"contextwriteerror":[2,3],"contig":3,"continu":3,"control":[0,1,2,3],"conveni":[0,2],"convert":[2,3],"copi":[2,3],"correspond":[0,2,3,4],"could":[0,2,3],"count":3,"counterpart":3,"coupl":2,"creat":[0,2,3],"cred":[0,2,3],"cred_hand":3,"cred_handl":3,"cred_imp_exp":2,"cred_stor":2,"credenti":5,"credentialsreaderror":[2,3],"credentialss":3,"credentialswriteerror":[2,3],"criteria":3,"critical_mech_attr":3,"crypto":3,"ctx":2,"ctx_kei":3,"ctx_key_typ":3,"current":[0,2,3,4],"custom":1,"data":3,"datakit":3,"dce_styl":3,"deactiv":3,"dealloc":3,"decnet":3,"decod":2,"decrypt":[0,2,3],"default":[0,1,2,3],"defin":[1,4],"deleg":2,"delegate_to_p":[2,3],"delegated_cr":[2,3],"delet":3,"delete_name_attribut":3,"delete_sec_context":3,"denot":2,"depend":3,"deprec":[2,3],"deriv":3,"descript":3,"design":0,"desir":[2,3],"desired_aspect":3,"desired_mech_attr":3,"desired_output_s":2,"destin":1,"destroi":3,"detail":[1,2],"detect":2,"determin":[2,3],"dict":[2,3],"dict_stor":3,"dictionari":[2,3],"differ":[0,1,2,3],"dir":1,"direct":3,"directli":[2,3,5],"disabl":2,"discard":3,"displai":[2,3],"display_a":2,"display_mech_attr":3,"display_nam":3,"display_name_ext":3,"display_valu":3,"displayattrresult":3,"displaynameresult":3,"dli":3,"do":[2,3],"doc":0,"document":[1,3,4],"doe":[2,3],"domain":2,"dot":3,"dotted_form":3,"draft":3,"dss":3,"duplic":3,"duplicate_nam":3,"duplicatecredentialselementerror":[2,3],"duplicatetokenerror":[2,3],"dure":3,"e":[0,2,3],"each":[0,1],"ecma":3,"effect":0,"either":[0,2,3],"element":3,"ellipsi":3,"empti":3,"enc":[2,3],"encod":[2,3],"encrpyt":3,"encrypt":[0,2,3],"encrypted_messag":0,"encryptionnotus":[0,2],"enctyp":3,"end":2,"endtim":3,"engert":3,"engin":3,"ensur":[0,2],"entir":3,"entiti":[0,3],"enum":3,"enumer":2,"environ":[2,3,5],"equal":3,"equival":3,"error":[2,3],"essenti":3,"establis":3,"establish":[0,1,2,3],"etc":[2,3],"even":[2,3],"exactli":3,"exampl":3,"except":0,"except_mech_attr":3,"exchang":[0,3],"exist":[1,2,3],"expect":[2,3],"expir":3,"expiredcontexterror":[2,3],"expiredcredentialserror":[2,3],"expiredtokenerror":[2,3],"export":2,"export_cr":3,"export_nam":3,"export_name_composit":3,"export_sec_context":3,"express":5,"ext_cred_stor":1,"ext_dc":3,"extend":3,"extended_error":3,"extens":[2,4,5],"extract":3,"extract_keytab":0,"f":0,"fail":3,"failsaf":3,"failur":3,"fals":[0,2,3],"field":3,"file":[0,1,3],"final":3,"finer":1,"finish":[0,3],"first":[0,3],"flag":[2,3],"fmt_str":2,"follow":[2,3,6],"form":[0,1,2,3],"format":[1,2],"former":3,"found":3,"four":2,"fqdn":0,"free":3,"freed":3,"from":[0,1,2,3,4],"from_int_seq":3,"frozenset":2,"full":3,"fulli":[2,3],"func":0,"function":[0,1,2,3,4,5],"further":3,"g":[2,3],"gen_messag":[2,3],"gener":[0,2,3],"generalerror":2,"genericflagset":[2,3],"get":[0,2,3,4,6],"get_all_status":[2,3],"get_mic":3,"get_mic_iov":3,"get_mic_iov_length":3,"get_name_attribut":3,"get_signatur":2,"get_wrap_size_limit":2,"getfqdn":0,"getnameattributeresult":3,"give":3,"given":[2,3],"go":3,"goe":3,"gss_c_af_unspec":3,"gss_c_deleg_policy_flag":2,"gss_c_empty_buff":3,"gss_c_no_credenti":3,"gss_c_no_nam":3,"gss_krb5_cred_no_ci_flags_x":3,"gss_krb5_inq_sspi_session_key_oid":3,"gss_set_cred_opt":3,"gssapi":[1,2,3,6],"gssapi_consol":0,"gsserror":[2,3],"gsssapi":3,"ha":[0,1,2,3],"handl":[0,3],"handle_the_issu":2,"happen":2,"hashabl":3,"have":[0,3],"he":3,"header":3,"heimdal":3,"help":0,"here":[0,2],"high":[3,4],"holder":3,"host":0,"hostbased_servic":[0,2,3],"how":3,"howev":[1,2,3],"html":3,"http":[0,3],"human":[2,3],"hyperchannel":3,"i":[0,1,2,3,4,5],"ibm_sna":3,"ident":0,"identif":0,"identifi":[0,1,3],"ietf":3,"imperson":[2,3],"impersonator_cr":3,"implement":[1,2,3,5],"impli":3,"import":[0,2],"import_cr":3,"import_nam":3,"import_sec_context":3,"includ":[2,3],"incorrect":2,"indefinit":[0,2,3],"index":[3,4],"indic":[0,1,2,3],"indicate_mech":3,"indicate_mechs_by_attr":3,"influenc":5,"info":3,"inform":[0,2,3],"informm":3,"inherit":2,"init_lifetim":[2,3],"init_sec_context":3,"initi":[0,1,2,3],"initial_client_token":0,"initial_server_token":0,"initialis":3,"initiator_address":3,"initiator_address_typ":3,"initiator_nam":[2,3],"initseccontext":3,"initseccontextresult":3,"input":[2,3],"input_cr":3,"input_token":[2,3],"inquir":[2,3],"inquire_attrs_for_mech":3,"inquire_by_mech":2,"inquire_context":3,"inquire_cr":3,"inquire_cred_by_mech":3,"inquire_cred_by_oid":3,"inquire_mech_for_saslnam":3,"inquire_mechs_for_nam":3,"inquire_nam":3,"inquire_names_for_mech":3,"inquire_saslname_for_mech":3,"inquire_sec_context_by_oid":3,"inquireattrsresult":3,"inquirecontextresult":3,"inquirecredbymechresult":[2,3],"inquirecredresult":[2,3],"inquirenameresult":3,"inquiresaslnameresult":3,"inquiri":3,"inspect":[2,3],"instal":0,"instanc":[0,3],"instead":[2,3],"int":[2,3],"int32":3,"integ":3,"integer_sequ":3,"integr":[0,3],"intenum":[2,3],"intenumflagset":[2,3],"interact":[0,2],"interfac":[0,1],"intern":3,"interoper":3,"interpret":0,"intiat":2,"introduc":1,"introduct":6,"invalidcredentialserror":[2,3],"invalidtokenerror":[2,3],"iovbuff":3,"iovbuffertyp":3,"iovunwrapresult":3,"ip":3,"is_initi":3,"is_maj":[2,3],"is_mech_nam":[2,3],"is_name_mech":3,"issu":5,"iter":[2,3],"its":3,"itself":3,"jump":4,"just":[0,3],"kcm":1,"kdc":2,"keep":2,"kei":[1,2,3],"kerbero":[0,2],"kerberos_princip":[2,3],"key_typ":3,"keydata":3,"keyr":1,"keytab":[0,3],"keytab_princip":3,"keyword":1,"kinit":0,"kitten":3,"know":[0,3],"known":3,"known_mech_attr":3,"krb5":[0,2,3],"krb5_ccach":3,"krb5_ccache_nam":3,"krb5_export_lucid_sec_context":3,"krb5_extract_authtime_from_sec_context":3,"krb5_extract_authz_data_from_sec_context":3,"krb5_get_tkt_flag":3,"krb5_import_cr":3,"krb5_keytab":3,"krb5_nt_principal_nam":[2,3],"krb5_princip":3,"krb5_set_allowable_enctyp":3,"krb5lucidcontext":3,"krb5lucidcontextv1":3,"ktype":3,"kwarg":[0,2],"last":[0,3],"lat":3,"later":[0,2,3],"latter":3,"layer":0,"least":0,"length":3,"less":[2,3],"let":[0,3],"level":4,"lib":0,"librari":[0,3],"lifetim":[0,2,3],"like":[0,1,2,3,5],"limit":3,"line":0,"list":[2,3],"lit":0,"ll":0,"local":[2,3],"local_onli":3,"locally_init":3,"locally_initi":2,"locat":1,"long":3,"long_desc":3,"lookup":[2,3],"loop":2,"low":[2,4],"lump":3,"machine_uid":[2,3],"mai":[0,2,3],"maj":2,"maj_cod":[2,3],"maj_stat":2,"maj_str":2,"major":[2,3],"major_messag":2,"make":[3,4],"malformedparametererror":[2,3],"manipul":1,"manual":0,"map":3,"mark":3,"match":3,"max":3,"max_val":3,"maximum":[2,3],"md":0,"mean":[0,3],"mech":[0,2],"mech_attr":3,"mech_descript":3,"mech_nam":3,"mech_param":3,"mech_set":3,"mechan":[0,2],"mechanim":3,"mechanismnamerequirederror":[2,3],"mechansim":3,"mechtyp":[0,2,3],"member":3,"memori":1,"messag":[0,2,3],"method":[0,2,3],"mic":2,"mic_token":3,"microsoft":[2,3],"min":2,"min_cod":[2,3],"min_stat":2,"min_str":2,"minor":[2,3],"minor_messag":2,"miovessag":3,"missingcontexterror":[2,3],"missingcredentialserror":[2,3],"mit":[2,3],"mivehind":0,"modifi":3,"modul":[0,2,4],"more":[0,1,2,3],"more_step":3,"most":0,"msg_encrypt":0,"multipl":[0,2,3],"must":[0,2,3],"mutablemap":2,"mutat":3,"mutate_input":3,"mutual_authent":3,"name1":3,"name2":3,"name_typ":[0,2,3],"named_tupl":3,"namereaderror":[2,3],"namespac":3,"nametyp":[0,2,3],"nametypereaderror":[2,3],"nb":3,"necessari":2,"need":[0,3],"negot":2,"negoti":2,"neither":2,"net":0,"never":2,"new":[2,3],"newli":2,"next":2,"non":[2,3],"none":[0,2,3],"normal":[0,2,3],"note":[0,2,3],"noth":3,"notic":0,"notifi":3,"now":0,"ntlm":3,"ntlmssp":3,"null":3,"number":[1,3],"obj":2,"object":[0,2,3,4],"obtain":3,"occur":[2,3],"offer":3,"often":2,"oid":[0,2,3],"ok_as_deleg":[2,3],"old":3,"onc":3,"one":3,"ones":2,"onli":[1,2,3,4],"opaqu":3,"open":3,"oper":[1,2,3,5],"operationunavailableerror":[2,3],"opposit":3,"option":[0,2,3],"order":[0,3],"org":3,"organ":4,"orient":4,"origin":[2,3],"osi_tp4":3,"other":[0,1,2,4],"otherwis":[0,2,3],"out":[0,4,6],"out_of_sequence_detect":3,"output":[2,3],"output_s":3,"output_token":2,"outsid":0,"overwrit":[2,3],"own":[2,3],"packag":[0,4],"pad":3,"page":4,"paramet":[0,2,3],"parameterreaderror":[2,3],"parameterwriteerror":[2,3],"part":[0,3,4],"parti":0,"particip":2,"particular":[0,3],"particularli":3,"pass":[0,2,3],"path":1,"per":2,"perform":[0,2],"permiss":3,"pickl":2,"piec":3,"place":3,"point":[2,3],"pointer":3,"polici":2,"possibl":[2,3],"potenti":3,"prefer":3,"present":[1,2,3,4],"preserv":[2,3],"previous":3,"primari":2,"princip":[2,3],"probabl":3,"process":[0,2,3],"process_context_token":3,"process_token":2,"produc":3,"properti":[2,3],"protect":3,"protection_readi":3,"protocol":3,"provid":[0,2,3,4],"proxi":3,"pseudo":3,"pup":3,"py":0,"python":[0,2,3,6],"python3":0,"qop":[0,2,3],"qualiti":3,"queri":3,"question":3,"quirk":5,"rais":[0,2,3],"rare":2,"raw":[1,2,3,4],"re":0,"read":[0,3],"readabl":[2,3],"readi":3,"realm":0,"receiv":3,"recent":[0,1],"recv_seq":3,"refer":[0,1,3],"regardless":2,"regist":3,"rel":3,"relat":3,"releas":[1,3],"release_cr":3,"release_nam":3,"relev":0,"remain":[2,3],"remot":3,"remov":3,"replai":1,"replay_detect":3,"repres":[0,2,3],"represent":[2,3],"request":[0,2,3],"requir":[2,3],"requirementflag":[2,3],"reset":3,"resid":4,"residu":1,"respect":[0,2],"restrict":3,"result":2,"retriev":[1,2,3],"return":[0,2,3],"revert":3,"rfc":[2,4],"rfc1964":3,"rfc1964_kd":3,"rfc1964keydata":3,"rfc4121":3,"routine_cod":[2,3],"run":0,"runnabl":0,"s4u":2,"s4u2self":3,"safe":3,"samba":3,"same":[0,1,2,3],"sasl_mech_nam":3,"sasl_nam":3,"satisfi":3,"save":0,"seal":3,"seal_alg":3,"search":4,"sec":3,"sec_context":[0,3],"second":[0,2,3],"section":[3,5],"securitycontext":[0,2,3],"securti":3,"see":[0,3],"segfault":2,"self":0,"send":[2,3],"send_and_rec":2,"send_seq":3,"sender":3,"sent":3,"separ":[0,2,3],"sequenc":3,"server":0,"server_canon_nam":0,"server_cr":0,"server_ctx":0,"server_hostbased_canon_nam":0,"server_hostbased_nam":0,"server_nam":0,"server_tok":0,"servic":[0,1,2,3],"service4us":3,"session":[0,3],"set":[0,2,3],"set_cred_opt":3,"set_default":[2,3],"set_encod":2,"set_name_attribut":3,"set_neg_mech":3,"set_sec_context_opt":3,"setabl":0,"seton":0,"sever":[2,3,4],"share":3,"short":[0,3],"short_desc":3,"should":[0,2,3],"sign":[0,2,3],"sign_alg":3,"sign_onli":3,"signatur":2,"signed_messag":0,"similar":[0,2,5],"similarli":[2,3],"simpli":[0,2,3],"sinc":[0,3],"singl":[2,3],"singular":3,"site":0,"size":[2,3],"skip":3,"smb":3,"so":[0,3],"socket":0,"solari":3,"some":[0,2,3,6],"someth":1,"sourc":[1,2,3],"space":3,"special":3,"specif":[1,2,5],"specifi":[0,2,3],"sspi":[2,3],"stand":0,"standard":0,"start":[0,4,6],"state":3,"statu":[2,3],"std_layout":3,"stdin":0,"step":[0,2],"storag":1,"store":[2,5],"store_cr":3,"store_cred_into":[1,3],"storecredresult":[2,3],"str":[2,3],"straight":4,"stream":3,"string":[0,1,2,3],"string_uid":[2,3],"struct":3,"structur":3,"sub":3,"succesfulli":2,"success":2,"suffici":0,"suggest":0,"suitabl":3,"supplementary_cod":[2,3],"supplementaryerror":[2,3],"support":[0,1,2,3],"suppos":0,"sure":2,"syntax":[0,2,3],"system":0,"t":3,"take":3,"taken":2,"target":[0,2,3],"target_nam":[2,3],"tediou":0,"term":3,"text":[2,3],"textual":3,"tgt":0,"than":3,"thei":[0,2,3],"them":[0,2,3],"thi":[0,2,3,5],"thin":4,"those":[0,3],"thread":3,"three":2,"through":[0,3],"throw":[2,3],"thrown":2,"thu":[2,3],"ticket":3,"time":[2,3],"tip":5,"tkt":3,"togeth":3,"token":[2,3],"tokenoutofsequenceerror":[2,3],"tokenreaderror":[2,3],"tokentooearlyerror":[2,3],"tokentoolateerror":[2,3],"tool":3,"total":3,"traceback":0,"tradit":3,"trailer":3,"transfer":[2,3],"transmit":[2,3],"trasmit":3,"true":[0,2,3],"trust":2,"try":[0,2],"ttl":3,"tupl":3,"turn":3,"tutori":[0,4],"two":[0,3,4],"type":[0,1,2,3],"typic":2,"unabl":[2,3],"unauthorizederror":[2,3],"unconstrain":2,"underli":[3,4],"understand":3,"understood":1,"unencrypt":[2,3],"unicod":2,"unknown":[2,3],"unknownusageerror":2,"unless":[0,2],"unlik":[2,3],"unpickl":2,"unset":3,"unus":3,"unwrap":[0,2,3],"unwrap_aead":3,"unwrap_iov":3,"unwrapped_messag":[0,2],"unwrapresult":[0,2,3],"up":0,"updat":[2,3],"us":[0,1,2,3,4,6],"usabl":0,"usag":[0,2,3],"user":[0,2,3],"usr":0,"usual":1,"utf":2,"uwrap":3,"v":3,"valid":[2,3],"valu":[2,3,5],"valueerror":3,"variabl":3,"varieti":3,"variou":[1,3],"verifi":[0,2,3],"verify_m":3,"verify_mic_iov":3,"verify_signatur":2,"version":[1,2,3],"via":2,"wa":[0,2,3],"wai":[0,2,3],"want":0,"warn":[2,3],"we":[0,3],"well":[0,1,2,3,4],"were":3,"what":2,"when":[0,1,2,3],"where":[1,3],"wheter":2,"whether":[0,2,3],"which":[0,2,3,4],"while":[0,2,3],"william":3,"window":2,"wish":[0,2,3],"within":[1,3],"without":0,"won":3,"work":[2,3],"would":[0,2,3],"wrap":[0,2,3],"wrap_aead":3,"wrap_iov":3,"wrap_iov_length":3,"wrap_size_limit":3,"wrapped_messag":0,"wrapper":[0,3,4],"wrapresult":[2,3],"write":0,"x25":3,"xerox_n":3,"xor":3,"yalpt":0,"yet":1,"you":[0,2,3],"your":[2,3],"zero":3},"titles":["A Basic Introduction to GSSAPI","Common Values for Credentials Store Extensions","High-Level API","Low-Level API","Python-GSSAPI: Python bindings for GSSAPI","Other Documentation","Tutorials"],"titleterms":{"2744":3,"4178":3,"5587":3,"5588":3,"5801":3,"6680":3,"A":0,"The":1,"With":3,"acquir":3,"addit":3,"aead":3,"api":[2,3],"attribut":3,"basic":0,"bind":4,"ccach":1,"class":2,"client_keytab":1,"common":1,"context":[0,2,3],"core":3,"credenti":[0,1,2,3],"dce":3,"deleg":3,"document":5,"enum":2,"except":[2,3],"export":3,"extens":[1,3],"forum":3,"ggf":3,"global":3,"grid":3,"gss":3,"gssapi":[0,4],"heimdal":1,"helper":2,"high":2,"import":3,"indic":4,"introduct":0,"iov":3,"kerbero":3,"keytab":1,"krb5":1,"level":[2,3],"librari":1,"low":3,"main":2,"mech":3,"mechan":[1,3],"mic":3,"misc":3,"mit":1,"name":[0,2,3],"negoti":3,"other":[3,5],"password":3,"python":4,"rcach":1,"result":3,"rfc":3,"sasl":3,"secur":[0,2,3],"services4us":3,"specif":3,"store":[1,3],"tabl":4,"tutori":6,"util":2,"valu":1}})
\ No newline at end of file
diff --git a/latest/tutorials.html b/latest/tutorials.html
new file mode 100644
index 00000000..78643aa5
--- /dev/null
+++ b/latest/tutorials.html
@@ -0,0 +1,121 @@
+
+
+
+
+
+  
+
+  
+  Tutorials — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Tutorials

+
To get started with using Python-GSSAPI, check out some of the following tutorials:

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/objects.inv b/objects.inv
new file mode 100644
index 00000000..863659ed
Binary files /dev/null and b/objects.inv differ
diff --git a/otherdoc.html b/otherdoc.html
new file mode 100644
index 00000000..bc4799c5
--- /dev/null
+++ b/otherdoc.html
@@ -0,0 +1,123 @@
+
+
+
+  
+
+  
+  Other Documentation — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Other Documentation

+
This section contain documentation that is not expressed directly in functions
+documentation, like implementation specific quirks or issues, implementation
+tips, environment influence on operations and similar.

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/py-modindex.html b/py-modindex.html
new file mode 100644
index 00000000..b3663e6d
--- /dev/null
+++ b/py-modindex.html
@@ -0,0 +1,273 @@
+
+
+
+  
+  
+  Python Module Index — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+ 
+
+
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Python Module Index
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+
+   
Python Module Index

+
+   

+   g
+   

+
+   
+     
+     
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+   
 

+       g

+       gssapi
+       
   
+       gssapi.creds
+       
   
+       gssapi.exceptions
+       
   
+       gssapi.names
+       
   
+       gssapi.raw
+       
   
+       gssapi.raw.chan_bindings
+       
   
+       gssapi.raw.creds
+       
   
+       gssapi.raw.exceptions
+       
   
+       gssapi.raw.ext_cred_imp_exp
+       
   
+       gssapi.raw.ext_cred_store
+       
   
+       gssapi.raw.ext_dce
+       
   
+       gssapi.raw.ext_ggf
+       
   
+       gssapi.raw.ext_iov_mic
+       
   
+       gssapi.raw.ext_krb5
+       
   
+       gssapi.raw.ext_password
+       
   
+       gssapi.raw.ext_password_add
+       
   
+       gssapi.raw.ext_rfc4178
+       
   
+       gssapi.raw.ext_rfc5587
+       
   
+       gssapi.raw.ext_rfc5588
+       
   
+       gssapi.raw.ext_rfc5801
+       
   
+       gssapi.raw.ext_rfc6680
+       
   
+       gssapi.raw.ext_s4u
+       
   
+       gssapi.raw.ext_set_cred_opt
+       
   
+       gssapi.raw.message
+       
   
+       gssapi.raw.misc
+       
   
+       gssapi.raw.named_tuples
+       
   
+       gssapi.raw.names
+       
   
+       gssapi.raw.oids
+       
   
+       gssapi.raw.sec_contexts
+       
   
+       gssapi.raw.types
+       
   
+       gssapi.sec_contexts
+       

+
+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/pyproject.toml b/pyproject.toml
deleted file mode 100644
index 41c0bcf8..00000000
--- a/pyproject.toml
+++ /dev/null
@@ -1,58 +0,0 @@
-[build-system]
-requires = [
-    "Cython >= 3.0.3, < 4.0.0",
-    "setuptools >= 40.6.0",  # Start of PEP 517 support for setuptools
-]
-build-backend = "setuptools.build_meta"
-
-[tool.mypy]
-exclude = """
-(?x)(
-  setup.py
-  | docs/
-  | build/
-)
-"""
-show_error_codes = true
-show_column_numbers = true
-disallow_any_unimported = true
-disallow_untyped_calls = true
-disallow_untyped_defs = true
-disallow_incomplete_defs = true
-check_untyped_defs = true
-disallow_untyped_decorators = true
-warn_redundant_casts = true
-warn_unused_ignores = true
-
-[[tool.mypy.overrides]]
-module = "gssapi.tests.*"
-disallow_any_unimported = false
-disallow_untyped_calls = false
-disallow_untyped_defs = false
-check_untyped_defs = false
-
-[[tool.mypy.overrides]]
-module = "k5test"
-ignore_missing_imports = true
-
-[[tool.mypy.overrides]]
-module = "k5test.unit"
-ignore_missing_imports = true
-
-[[tool.mypy.overrides]]
-module = "parameterized"
-ignore_missing_imports = true
-
-[tool.tox]
-legacy_tox_ini = """
-[tox]
-envlist = py36,py37,py38
-
-[testenv]
-whitelist_externals=bash
-commands =
-    bash -c "source ./.travis/lib-verify.sh && verify::flake8"
-    python -m unittest
-
-deps = -r{toxinidir}/test-requirements.txt
-"""
diff --git a/search.html b/search.html
new file mode 100644
index 00000000..7a88eb23
--- /dev/null
+++ b/search.html
@@ -0,0 +1,123 @@
+
+
+
+  
+  
+  Search — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+    
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Search
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+  
+
+  
+  

+  
+  

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+  
+  
+  
+  
+   
+
+
+
+
\ No newline at end of file
diff --git a/searchindex.js b/searchindex.js
new file mode 100644
index 00000000..f527ee3a
--- /dev/null
+++ b/searchindex.js
@@ -0,0 +1 @@
+Search.setIndex({"docnames": ["basic-tutorial", "credstore", "gssapi", "gssapi.raw", "index", "otherdoc", "tutorials"], "filenames": ["basic-tutorial.md", "credstore.rst", "gssapi.rst", "gssapi.raw.rst", "index.rst", "otherdoc.rst", "tutorials.rst"], "titles": ["A Basic Introduction to GSSAPI", "Common Values for Credentials Store Extensions", "High-Level API", "Low-Level API", "Python-GSSAPI: Python bindings for GSSAPI", "Other Documentation", "Tutorials"], "terms": {"which": [0, 2, 3, 4], "stand": 0, "gener": [0, 2, 3], "servic": [0, 1, 2, 3], "api": [0, 4], "i": [0, 1, 2, 3, 4, 5], "an": [0, 1, 2, 3, 4], "standard": 0, "layer": 0, "interfac": [0, 1], "while": [0, 2, 3], "support": [0, 1, 2, 3], "multipl": [0, 2, 3], "differ": [0, 1, 2, 3], "mechan": [0, 2], "most": 0, "commonli": [0, 1, 3], "us": [0, 1, 2, 3, 4, 6], "kerbero": [0, 2], "5": [0, 2, 3], "krb5": [0, 2, 3], "short": [0, 3], "thi": [0, 2, 3, 5], "tutori": [0, 4], "provid": [0, 2, 3, 4], "interact": [0, 2], "through": [0, 3], "python": [0, 2, 3, 6], "note": [0, 2, 3], "file": [0, 1, 3], "design": 0, "runnabl": 0, "yalpt": 0, "http": [0, 3], "github": 0, "com": 0, "directxman12": 0, "you": [0, 2, 3], "can": [0, 1, 2, 3], "also": [0, 2, 3], "just": [0, 3], "read": [0, 3], "normal": [0, 2, 3], "To": [0, 3, 4, 6], "start": [0, 4, 6], "out": [0, 4, 6], "we": [0, 3], "ll": 0, "import": [0, 2], "save": 0, "current": [0, 2, 3, 4], "fqdn": 0, "later": [0, 2, 3], "socket": 0, "getfqdn": 0, "assum": 0, "have": [0, 3], "realm": 0, "set": [0, 2, 3], "up": 0, "some": [0, 2, 3, 6], "relev": 0, "function": [0, 1, 2, 3, 4, 5], "avail": [0, 2, 3, 4], "object": [0, 2, 3, 4], "see": [0, 3], "consol": 0, "py": 0, "gssapi_consol": 0, "pypi": 0, "org": [0, 3], "try": [0, 2], "run": 0, "lit": 0, "e": [0, 2, 3], "md": 0, "when": [0, 1, 2, 3], "both": [0, 1, 2, 3], "instal": 0, "ani": [0, 1, 2, 3], "action": 0, "perform": [0, 2], "ar": [0, 1, 2, 3, 4], "part": [0, 3, 4], "librari": [0, 3], "simpli": [0, 2, 3], "contain": [0, 1, 2, 3, 5], "wrapper": [0, 3, 4], "command": 0, "separ": [0, 2, 3], "from": [0, 1, 2, 3, 4], "applic": [0, 1, 3], "two": [0, 3, 4], "concept": 0, "suggest": 0, "identifi": [0, 1, 3], "entiti": [0, 3], "thei": [0, 2, 3], "user": [0, 2, 3], "ha": [0, 1, 2, 3], "type": [0, 1, 2, 3], "These": [0, 2, 3], "repres": [0, 2, 3], "correspond": [0, 2, 3, 4], "syntax": [0, 2, 3], "string": [0, 1, 2, 3], "suppos": 0, "want": 0, "refer": [0, 1, 3], "server": 0, "host": 0, "could": [0, 2, 3], "base": [0, 2, 3], "default": [0, 1, 2, 3], "form": [0, 1, 2, 3], "case": [0, 2, 3], "server_hostbased_nam": 0, "f": 0, "name_typ": [0, 2, 3], "nametyp": [0, 2, 3], "hostbased_servic": [0, 2, 3], "b": 0, "seton": 0, "mivehind": 0, "net": 0, "oid": [0, 2, 3], "1": [0, 2, 3], "2": [0, 2, 3], "840": [0, 2], "113554": [0, 2], "4": [0, 2, 3], "server_nam": 0, "none": [0, 2, 3], "effect": 0, "same": [0, 1, 2, 3], "canonic": [0, 2, 3], "respect": [0, 2], "know": [0, 3], "re": 0, "fals": [0, 2, 3], "server_canon_nam": 0, "mechtyp": [0, 2, 3], "server_hostbased_canon_nam": 0, "true": [0, 2, 3], "compar": [0, 3], "should": [0, 2, 3], "them": [0, 2, 3], "first": [0, 3], "identif": 0, "In": [0, 2, 3], "order": [0, 3], "establish": [0, 1, 2, 3], "commun": 0, "other": [0, 1, 2, 4], "need": [0, 3], "For": [0, 2, 3], "handl": [0, 3], "tgt": 0, "mai": [0, 2, 3], "acquir": [0, 2], "particular": [0, 3], "instanc": [0, 3], "write": 0, "wish": [0, 2, 3], "accept": [0, 1, 2, 3], "connect": 0, "would": [0, 2, 3], "addprinc": 0, "": [0, 2, 3], "extract_keytab": 0, "keytab": [0, 3], "server_cr": 0, "usag": [0, 2, 3], "system": 0, "must": [0, 2, 3], "alreadi": [0, 3], "wai": [0, 2, 3], "access": [0, 4], "those": [0, 3], "mean": [0, 3], "kinit": 0, "cach": [0, 1, 3], "like": [0, 1, 2, 3, 5], "abov": [0, 2], "suffici": 0, "process": [0, 2, 3], "outsid": 0, "initi": [0, 1, 2, 3], "associ": [0, 2, 3], "lifetim": [0, 2, 3], "indefinit": [0, 2, 3], "usabl": 0, "mech": [0, 2], "each": [0, 1], "setabl": 0, "constructor": [0, 2, 3], "activ": 0, "session": [0, 3], "between": [0, 2, 3], "verifi": [0, 2, 3], "ident": 0, "well": [0, 1, 2, 3, 4], "ensur": [0, 2], "integr": [0, 3], "messag": [0, 2, 3], "sign": [0, 2, 3], "confidenti": [0, 2, 3], "encrypt": [0, 2, 3], "exchang": [0, 3], "parti": 0, "unless": [0, 2], "otherwis": [0, 2, 3], "specifi": [0, 2, 3], "allow": [0, 1, 2, 3], "client_ctx": 0, "securitycontext": [0, 2, 3], "initial_client_token": 0, "step": [0, 2], "complet": [0, 2, 3], "either": [0, 2, 3], "cannot": [0, 2, 3], "least": 0, "target": [0, 2, 3], "indic": [0, 1, 2, 3], "The": [0, 2, 3, 4], "server_ctx": 0, "cred": [0, 2, 3], "initial_server_token": 0, "As": [0, 3], "creat": [0, 2, 3], "similar": [0, 2, 5], "here": [0, 2], "although": 0, "option": [0, 2, 3], "let": [0, 3], "finish": [0, 3], "server_tok": 0, "client_tok": 0, "break": [0, 2], "now": 0, "wrap": [0, 2, 3], "unwrap": [0, 2, 3], "method": [0, 2, 3], "wrapped_messag": 0, "msg_encrypt": 0, "unwrapresult": [0, 2, 3], "qop": [0, 2, 3], "0": [0, 3], "second": [0, 2, 3], "paramet": [0, 2, 3], "control": [0, 1, 2, 3], "whether": [0, 2, 3], "signed_messag": 0, "manual": 0, "pass": [0, 2, 3], "check": [0, 3, 4, 6], "wa": [0, 2, 3], "get": [0, 2, 3, 4, 6], "tediou": 0, "so": [0, 3], "conveni": [0, 2], "help": 0, "decrypt": [0, 2, 3], "If": [0, 1, 2, 3], "call": [0, 1, 2, 3], "without": 0, "encrypted_messag": 0, "notic": 0, "except": 0, "rais": [0, 2, 3], "sinc": [0, 3], "_": 0, "traceback": 0, "recent": [0, 1], "last": [0, 3], "stdin": 0, "line": 0, "modul": [0, 2, 4], "usr": 0, "lib": 0, "python3": 0, "site": 0, "packag": [0, 4], "_util": 0, "167": 0, "check_last_err": 0, "return": [0, 2, 3], "func": 0, "self": 0, "arg": [0, 2, 3], "kwarg": [0, 2], "sec_context": [0, 3], "295": 0, "unwrapped_messag": [0, 2], "encryptionnotus": [0, 2], "request": [0, 2, 3], "There": [0, 3], "interpret": 0, "doc": 0, "pythonhost": 0, "more": [0, 1, 2, 3], "inform": [0, 2, 3], "introduc": 1, "implement": [1, 2, 3, 5], "gssapi": [1, 2, 3, 6], "It": [1, 2, 3], "finer": 1, "within": [1, 3], "defin": [1, 4], "keyword": 1, "manipul": 1, "variou": [1, 3], "aspect": [1, 3], "storag": 1, "retriev": [1, 2, 3], "oper": [1, 2, 3, 5], "number": [1, 3], "raw": [1, 2, 3, 4], "ext_cred_stor": 1, "acquire_cred_from": [1, 3], "add_cred_from": [1, 3], "custom": 1, "locat": 1, "client": [1, 3], "kei": [1, 2, 3], "context": 1, "residu": 1, "where": [1, 3], "understood": 1, "usual": 1, "someth": 1, "path": 1, "specif": [1, 2, 5], "sourc": [1, 2, 3], "exist": [1, 2, 3], "destin": 1, "store_cred_into": [1, 3], "dir": 1, "keyr": 1, "kcm": 1, "memori": 1, "format": [1, 2], "document": [1, 3, 4], "detail": [1, 2], "replai": 1, "onli": [1, 2, 3, 4], "howev": [1, 2, 3], "yet": 1, "present": [1, 2, 3, 4], "releas": [1, 3], "version": [1, 2, 3], "three": 2, "primari": 2, "abstract": 2, "inherit": 2, "low": [2, 4], "thu": [2, 3], "all": [2, 3], "throw": [2, 3], "gsserror": [2, 3], "union": [2, 3], "byte": [2, 3], "str": [2, 3], "token": [2, 3], "composit": [2, 3], "bool": [2, 3], "A": [2, 3, 6], "pickl": 2, "unpickl": 2, "copi": [2, 3], "text": [2, 3], "automat": [2, 3], "convert": [2, 3], "unicod": 2, "appropri": [2, 3], "list": [2, 3], "encod": [2, 3], "utf": 2, "8": [2, 3], "human": [2, 3], "readabl": [2, 3], "represent": [2, 3], "argument": [2, 3], "export": 2, "new": [2, 3], "denot": 2, "badnametypeerror": [2, 3], "badnameerror": [2, 3], "badmechanismerror": [2, 3], "display_a": 2, "displai": [2, 3], "given": [2, 3], "attempt": [2, 3], "possibl": [2, 3], "mit": [2, 3], "below": 2, "13": [2, 3], "3": [2, 3], "segfault": 2, "origin": [2, 3], "even": [2, 3], "ad": [2, 3], "via": 2, "do": [2, 3], "sure": 2, "condit": 2, "never": 2, "happen": 2, "your": [2, 3], "code": [2, 3], "addit": 2, "warn": [2, 3], "actual": [2, 3], "fulli": [2, 3], "incorrect": 2, "result": 2, "requir": [2, 3], "rfc": [2, 4], "6680": 2, "extens": [2, 4, 5], "operationunavailableerror": [2, 3], "properti": [2, 3], "mechanismnamerequirederror": [2, 3], "accord": 2, "is_mech_nam": [2, 3], "attribut": 2, "mutablemap": 2, "dict": [2, 3], "valu": [2, 3, 5], "alwai": 2, "frozenset": 2, "assign": 2, "iter": [2, 3], "consid": 2, "non": [2, 3], "singl": [2, 3], "includ": [2, 3], "int": [2, 3], "store": [2, 5], "cred_imp_exp": 2, "per": 2, "expiredcredentialserror": [2, 3], "missingcredentialserror": [2, 3], "remain": [2, 3], "classmethod": [2, 3], "acquirecredresult": [2, 3], "dictionari": [2, 3], "point": [2, 3], "desir": [2, 3], "cred_stor": 2, "about": [2, 3], "overwrit": [2, 3], "set_default": [2, 3], "storecredresult": [2, 3], "5588": 2, "etc": [2, 3], "duplicatecredentialselementerror": [2, 3], "imperson": [2, 3], "anoth": [2, 3], "s4u": 2, "inquir": [2, 3], "inquirecredresult": [2, 3], "inspect": [2, 3], "invalidcredentialserror": [2, 3], "inquire_by_mech": 2, "init_lifetim": [2, 3], "accept_lifetim": [2, 3], "inquirecredbymechresult": [2, 3], "add": [2, 3], "work": [2, 3], "instead": [2, 3], "unlik": [2, 3], "compat": [2, 3], "newli": 2, "ones": 2, "often": 2, "flag": [2, 3], "channel_bind": [2, 3], "channelbind": [2, 3], "attach": 2, "deleg": 2, "preserv": [2, 3], "doe": [2, 3], "begin": 2, "detect": 2, "what": 2, "get_signatur": 2, "calcul": [2, 3], "signatur": 2, "mic": 2, "verify_signatur": 2, "confirm": 2, "valid": [2, 3], "transmit": [2, 3], "own": [2, 3], "input": [2, 3], "expiredcontexterror": [2, 3], "missingcontexterror": [2, 3], "badqoperror": [2, 3], "error": [2, 3], "badmicerror": [2, 3], "invalidtokenerror": [2, 3], "duplicatetokenerror": [2, 3], "expiredtokenerror": [2, 3], "tokentoolateerror": [2, 3], "tokentooearlyerror": [2, 3], "wrapresult": [2, 3], "g": [2, 3], "succesfulli": 2, "unencrypt": [2, 3], "along": 2, "wheter": 2, "similarli": [2, 3], "addition": [2, 3, 4], "directli": [2, 3, 5], "expect": [2, 3], "get_wrap_size_limit": 2, "desired_output_s": 2, "maximum": [2, 3], "size": [2, 3], "output": [2, 3], "taken": 2, "account": 2, "process_token": 2, "asynchron": [2, 3], "deprec": [2, 3], "amount": [2, 3], "time": [2, 3], "delegated_cr": [2, 3], "acceptor": [2, 3], "across": 2, "transfer": [2, 3], "initiator_nam": [2, 3], "target_nam": [2, 3], "actual_flag": 2, "locally_initi": 2, "local": [2, 3], "intiat": 2, "negoti": 2, "been": [2, 3], "negot": 2, "__defer_step_errors__": 2, "thrown": 2, "next": 2, "lookup": [2, 3], "behavior": 2, "loop": 2, "input_token": [2, 3], "ctx": 2, "output_token": 2, "send_and_rec": 2, "handle_the_issu": 2, "disabl": 2, "rare": 2, "necessari": 2, "send": [2, 3], "keep": 2, "end": 2, "updat": [2, 3], "statu": [2, 3], "particip": 2, "badchannelbindingserror": [2, 3], "follow": [2, 3, 6], "enumer": 2, "anonym": [2, 3], "6": [2, 3], "composite_export": [2, 3], "kerberos_princip": [2, 3], "krb5_nt_principal_nam": [2, 3], "machine_uid": [2, 3], "string_uid": [2, 3], "requirementflag": [2, 3], "intenum": [2, 3], "ok_as_deleg": [2, 3], "c": [2, 3, 4], "gss_c_deleg_policy_flag": 2, "delegate_to_p": [2, 3], "kdc": 2, "polici": 2, "princip": [2, 3], "typic": 2, "microsoft": [2, 3], "domain": 2, "environ": [2, 3, 5], "constrain": 2, "unconstrain": 2, "By": 2, "behaviour": [2, 3], "sspi": [2, 3], "window": 2, "four": 2, "neither": 2, "No": 2, "occur": [2, 3], "regardless": 2, "success": 2, "trust": 2, "act": 2, "being": [2, 3], "addresstyp": [2, 3], "coupl": 2, "less": [2, 3], "sever": [2, 3, 4], "intenumflagset": [2, 3], "genericflagset": [2, 3], "maj_cod": [2, 3], "min_cod": [2, 3], "major": [2, 3], "maj_stat": 2, "maj_str": 2, "minor": [2, 3], "min_stat": 2, "min_str": 2, "gen_messag": [2, 3], "get_all_status": [2, 3], "is_maj": [2, 3], "generalerror": 2, "minor_messag": 2, "major_messag": 2, "fmt_str": 2, "maj": 2, "min": 2, "unknownusageerror": 2, "unknown": [2, 3], "unabl": [2, 3], "determin": [2, 3], "obj": 2, "routine_cod": [2, 3], "262144": 2, "393216": 2, "65536": 2, "131072": 2, "196608": 2, "917504": 2, "badstatuserror": [2, 3], "327680": 2, "contextreaderror": [2, 3], "parameterreaderror": [2, 3], "contextwriteerror": [2, 3], "parameterwriteerror": [2, 3], "credentialsreaderror": [2, 3], "credentialswriteerror": [2, 3], "1114112": 2, "supplementaryerror": [2, 3], "supplementary_cod": [2, 3], "786432": 2, "720896": 2, "655360": 2, "589824": 2, "malformedparametererror": [2, 3], "calling_cod": [2, 3], "50331648": 2, "1179648": 2, "524288": 2, "458752": 2, "namereaderror": [2, 3], "nametypereaderror": [2, 3], "1048576": 2, "16777216": 2, "33554432": 2, "tokenoutofsequenceerror": [2, 3], "tokenreaderror": [2, 3], "16": [2, 3], "unauthorizederror": [2, 3], "983040": 2, "set_encod": 2, "enc": [2, 3], "decod": 2, "varieti": 3, "map": 3, "basic": [3, 6], "class": 3, "underli": [3, 4], "struct": 3, "dealloc": 3, "itself": 3, "high": [3, 4], "section": [3, 5], "special": 3, "canonicalize_nam": 3, "arbitrari": 3, "turn": 3, "full": 3, "compare_nam": 3, "name1": 3, "name2": 3, "equival": 3, "equal": 3, "display_nam": 3, "its": 3, "compon": 3, "back": 3, "question": 3, "displaynameresult": 3, "duplicate_nam": 3, "duplic": 3, "export_nam": 3, "produc": 3, "canon": 3, "contig": 3, "suitabl": 3, "direct": 3, "comparison": 3, "author": 3, "accept_sec_context": 3, "import_nam": 3, "take": 3, "release_nam": 3, "free": 3, "probabl": 3, "won": 3, "t": 3, "freed": 3, "acquire_cr": 3, "mechanim": 3, "ttl": 3, "add_cr": 3, "input_cr": 3, "mutate_input": 3, "element": 3, "compos": 3, "failsaf": 3, "mutat": 3, "addcredresult": 3, "inquire_cr": 3, "unus": 3, "field": 3, "inquire_cred_by_mech": 3, "release_cr": 3, "acceptor_cr": 3, "chan_bind": 3, "sent": 3, "chang": 3, "channel": 3, "bind": 3, "further": 3, "final": 3, "acceptseccontextresult": 3, "context_tim": 3, "expir": 3, "give": 3, "delete_sec_context": 3, "local_onli": 3, "delet": 3, "holder": 3, "notifi": 3, "remot": 3, "export_sec_context": 3, "deactiv": 3, "import_sec_context": 3, "modifi": 3, "init_sec_context": 3, "receiv": 3, "mutual_authent": 3, "out_of_sequence_detect": 3, "initseccontextresult": 3, "inquire_context": 3, "locally_init": 3, "obtain": 3, "state": 3, "open": 3, "v": 3, "close": 3, "gss_c_no_nam": 3, "inquirecontextresult": 3, "process_context_token": 3, "one": 3, "exampl": 3, "initseccontext": 3, "essenti": 3, "against": 3, "get_mic": 3, "trasmit": 3, "bundl": 3, "togeth": 3, "qualiti": 3, "protect": 3, "depend": 3, "sender": 3, "verify_m": 3, "match": 3, "wrap_size_limit": 3, "output_s": 3, "max": 3, "consist": 3, "ber": 3, "hashabl": 3, "dotted_form": 3, "from_int_seq": 3, "integer_sequ": 3, "sequenc": 3, "integ": 3, "dot": 3, "valueerror": 3, "than": 3, "long": 3, "caus": 3, "enum": 3, "regist": 3, "indicate_mech": 3, "found": 3, "skip": 3, "inquire_mechs_for_nam": 3, "abl": 3, "inquire_names_for_mech": 3, "address": 3, "structur": 3, "behind": 3, "counterpart": 3, "gss_c_af_unspec": 3, "appletalk": 3, "arpanet": 3, "bisync": 3, "17": 3, "ccitt": 3, "10": 3, "chao": 3, "datakit": 3, "9": 3, "decnet": 3, "12": 3, "dli": 3, "dss": 3, "18": 3, "ecma": 3, "hyperchannel": 3, "15": 3, "ibm_sna": 3, "11": 3, "ip": 3, "lat": 3, "14": 3, "nb": 3, "7": 3, "null": 3, "255": 3, "osi_tp4": 3, "19": 3, "pup": 3, "x25": 3, "21": 3, "xerox_n": 3, "32": 3, "bit": 3, "member": 3, "tradit": 3, "bitwis": 3, "AND": 3, "OR": 3, "xor": 3, "max_val": 3, "discard": 3, "remov": 3, "absent": 3, "exactli": 3, "ellipsi": 3, "relat": 3, "64": 3, "channel_bound": 3, "2048": 3, "dce_styl": 3, "4096": 3, "extended_error": 3, "16384": 3, "8192": 3, "32768": 3, "protection_readi": 3, "128": 3, "replay_detect": 3, "256": 3, "initiator_address_typ": 3, "initiator_address": 3, "acceptor_address_typ": 3, "acceptor_address": 3, "application_data": 3, "data": 3, "particularli": 3, "compil": 3, "namespac": 3, "set_neg_mech": 3, "cred_handl": 3, "mech_set": 3, "impli": 3, "rel": 3, "prefer": 3, "display_mech_attr": 3, "attr": 3, "descript": 3, "displayattrresult": 3, "indicate_mechs_by_attr": 3, "desired_mech_attr": 3, "except_mech_attr": 3, "critical_mech_attr": 3, "offer": 3, "NOT": 3, "understand": 3, "satisfi": 3, "criteria": 3, "inquire_attrs_for_mech": 3, "known": 3, "inquiri": 3, "inquireattrsresult": 3, "store_cr": 3, "mechansim": 3, "inquire_mech_for_saslnam": 3, "sasl_nam": 3, "failur": 3, "inquire_saslname_for_mech": 3, "inquiresaslnameresult": 3, "dict_stor": 3, "common": [3, 5], "delete_name_attribut": 3, "befor": 3, "set_name_attribut": 3, "clear": 3, "make": [3, 4], "latter": 3, "certain": [3, 4], "display_name_ext": 3, "export_name_composit": 3, "onc": 3, "get_name_attribut": 3, "pseudo": 3, "variabl": 3, "authent": 3, "mark": 3, "getnameattributeresult": 3, "unset": 3, "inquire_nam": 3, "mech_nam": 3, "potenti": 3, "inquirenameresult": 3, "continu": 3, "export_cr": 3, "gsssapi": 3, "import_cr": 3, "previous": 3, "iovbuff": 3, "tupl": 3, "iovbuffertyp": 3, "std_layout": 3, "auto_alloc": 3, "count": 3, "index": [3, 4], "alloc": 3, "buffer": 3, "empti": 3, "header": 3, "mech_param": 3, "mic_token": 3, "pad": 3, "sign_onli": 3, "stream": 3, "trailer": 3, "unwrap_aead": 3, "encrpyt": 3, "goe": 3, "unwrap_iov": 3, "uwrap": 3, "entir": 3, "former": 3, "iovunwrapresult": 3, "wrap_aead": 3, "go": 3, "total": 3, "wrap_iov": 3, "miovessag": 3, "wrap_iov_length": 3, "length": 3, "comput": 3, "term": 3, "zero": 3, "get_mic_iov": 3, "ext_dc": 3, "place": 3, "noth": 3, "get_mic_iov_length": 3, "space": 3, "verify_mic_iov": 3, "extend": 3, "One": 3, "inquire_sec_context_by_oid": 3, "smb": 3, "protocol": 3, "draft": 3, "ietf": 3, "tool": 3, "html": 3, "engert": 3, "00": 3, "inquire_cred_by_oid": 3, "desired_aspect": 3, "queri": 3, "piec": 3, "gss_krb5_inq_sspi_session_key_oid": 3, "deriv": 3, "samba": 3, "set_sec_context_opt": 3, "how": 3, "reset": 3, "ntlm": 3, "crypto": 3, "engin": 3, "ntlmssp": 3, "7165": 3, "655": 3, "int32": 3, "gss_c_empty_buff": 3, "service4us": 3, "acquire_cred_impersonate_nam": 3, "impersonator_cr": 3, "s4u2self": 3, "proxi": 3, "permiss": 3, "add_cred_impersonate_nam": 3, "singular": 3, "acquirecredimpersonatenam": 3, "acquire_cred_with_password": 3, "solari": 3, "heimdal": 3, "credentialss": 3, "add_cred_with_password": 3, "krb5lucidcontext": 3, "krb5_export_lucid_sec_context": 3, "krb5lucidcontextv1": 3, "cfx_kd": 3, "rfc4121": 3, "cfxkeydata": 3, "endtim": 3, "is_initi": 3, "rfc1964_kd": 3, "opposit": 3, "rfc1964": 3, "recv_seq": 3, "keydata": 3, "rfc1964keydata": 3, "send_seq": 3, "krb5_ccache_nam": 3, "he": 3, "gss_c_no_credenti": 3, "old": 3, "ccach": 3, "thread": 3, "safe": 3, "revert": 3, "config": 3, "opaqu": 3, "intern": 3, "info": 3, "again": 3, "caller": 3, "after": 3, "krb5_extract_authtime_from_sec_context": 3, "auth": 3, "authtim": 3, "krb5_extract_authz_data_from_sec_context": 3, "ad_typ": 3, "extract": 3, "authz": 3, "sec": 3, "krb5_get_tkt_flag": 3, "ticket": 3, "tkt": 3, "krb5_import_cr": 3, "keytab_princip": 3, "share": 3, "destroi": 3, "fail": 3, "krb5_ccach": 3, "pointer": 3, "krb5_princip": 3, "krb5_keytab": 3, "krb5_set_allowable_enctyp": 3, "ktype": 3, "limit": 3, "restrict": 3, "enctyp": 3, "dure": 3, "establis": 3, "cred_hand": 3, "gss_set_cred_opt": 3, "gss_krb5_cred_no_ci_flags_x": 3, "interoper": 3, "lump": 3, "closest": 3, "william": 3, "kitten": 3, "bound": 3, "01": 3, "set_cred_opt": 3, "were": 3, "752": 3, "43": 3, "29": 3, "initialis": 3, "textual": 3, "appli": 3, "more_step": 3, "readi": 3, "is_name_mech": 3, "display_valu": 3, "mech_attr": 3, "known_mech_attr": 3, "short_desc": 3, "long_desc": 3, "sasl_mech_nam": 3, "mech_descript": 3, "informm": 3, "sign_alg": 3, "seal_alg": 3, "key_typ": 3, "algorithm": 3, "seal": 3, "ctx_key_typ": 3, "ctx_kei": 3, "acceptor_subkey_typ": 3, "acceptor_subkei": 3, "securti": 3, "sub": 3, "2744": 4, "organ": 4, "level": 4, "resid": 4, "orient": 4, "around": 4, "thin": 4, "page": 4, "jump": 4, "straight": 4, "search": 4, "express": 5, "quirk": 5, "issu": 5, "tip": 5, "influenc": 5, "credenti": 5, "introduct": 6}, "objects": {"": [[2, 0, 0, "-", "gssapi"]], "gssapi": [[2, 1, 1, "", "AddressType"], [2, 1, 1, "", "IntEnumFlagSet"], [2, 1, 1, "", "MechType"], [2, 1, 1, "", "NameType"], [2, 1, 1, "", "OID"], [2, 1, 1, "", "RequirementFlag"], [2, 0, 0, "-", "creds"], [2, 0, 0, "-", "exceptions"], [2, 0, 0, "-", "names"], [3, 0, 0, "-", "raw"], [2, 0, 0, "-", "sec_contexts"], [2, 6, 1, "", "set_encoding"]], "gssapi.MechType": [[2, 2, 1, "", "kerberos"]], "gssapi.NameType": [[2, 2, 1, "", "anonymous"], [2, 2, 1, "", "composite_export"], [2, 2, 1, "", "export"], [2, 2, 1, "", "hostbased_service"], [2, 2, 1, "", "kerberos_principal"], [2, 2, 1, "", "krb5_nt_principal_name"], [2, 2, 1, "", "machine_uid"], [2, 2, 1, "", "string_uid"], [2, 2, 1, "", "user"]], "gssapi.creds": [[2, 1, 1, "", "Credentials"]], "gssapi.creds.Credentials": [[2, 3, 1, "", "acquire"], [2, 3, 1, "", "add"], [2, 3, 1, "", "export"], [2, 3, 1, "", "impersonate"], [2, 3, 1, "", "inquire"], [2, 3, 1, "", "inquire_by_mech"], [2, 4, 1, "", "lifetime"], [2, 4, 1, "", "mechs"], [2, 4, 1, "", "name"], [2, 3, 1, "", "store"], [2, 4, 1, "", "usage"]], "gssapi.exceptions": [[2, 5, 1, "", "BadChannelBindingsError"], [2, 5, 1, "", "BadMICError"], [2, 5, 1, "", "BadMechanismError"], [2, 5, 1, "", "BadNameError"], [2, 5, 1, "", "BadNameTypeError"], [2, 5, 1, "", "BadQoPError"], [2, 5, 1, "", "BadStatusError"], [2, 5, 1, "", "ContextReadError"], [2, 5, 1, "", "ContextWriteError"], [2, 5, 1, "", "CredentialsReadError"], [2, 5, 1, "", "CredentialsWriteError"], [2, 5, 1, "", "DuplicateCredentialsElementError"], [2, 5, 1, "", "DuplicateTokenError"], [2, 5, 1, "", "EncryptionNotUsed"], [2, 5, 1, "", "ExpiredContextError"], [2, 5, 1, "", "ExpiredCredentialsError"], [2, 5, 1, "", "ExpiredTokenError"], [2, 5, 1, "", "GSSError"], [2, 5, 1, "", "GeneralError"], [2, 5, 1, "", "InvalidCredentialsError"], [2, 5, 1, "", "InvalidTokenError"], [2, 5, 1, "", "MalformedParameterError"], [2, 5, 1, "", "MechanismNameRequiredError"], [2, 5, 1, "", "MissingContextError"], [2, 5, 1, "", "MissingCredentialsError"], [2, 5, 1, "", "NameReadError"], [2, 5, 1, "", "NameTypeReadError"], [2, 5, 1, "", "OperationUnavailableError"], [2, 5, 1, "", "ParameterReadError"], [2, 5, 1, "", "ParameterWriteError"], [2, 5, 1, "", "SupplementaryError"], [2, 5, 1, "", "TokenOutOfSequenceError"], [2, 5, 1, "", "TokenReadError"], [2, 5, 1, "", "TokenTooEarlyError"], [2, 5, 1, "", "TokenTooLateError"], [2, 5, 1, "", "UnauthorizedError"], [2, 5, 1, "", "UnknownUsageError"]], "gssapi.exceptions.BadChannelBindingsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadMICError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadMechanismError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadNameError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadNameTypeError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadQoPError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadStatusError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.DuplicateCredentialsElementError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.DuplicateTokenError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.EncryptionNotUsed": [[2, 2, 1, "", "MAJOR_MESSAGE"]], "gssapi.exceptions.ExpiredContextError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.ExpiredCredentialsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.ExpiredTokenError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.GSSError": [[2, 2, 1, "", "MESSAGE"], [2, 3, 1, "", "gen_message"], [2, 3, 1, "", "get_all_statuses"]], "gssapi.exceptions.GeneralError": [[2, 2, 1, "", "FMT_STR"], [2, 2, 1, "", "MAJOR_MESSAGE"]], "gssapi.exceptions.InvalidCredentialsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.InvalidTokenError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.MalformedParameterError": [[2, 2, 1, "", "CALLING_CODE"]], "gssapi.exceptions.MechanismNameRequiredError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.MissingContextError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.MissingCredentialsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.OperationUnavailableError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.ParameterReadError": [[2, 2, 1, "", "CALLING_CODE"]], "gssapi.exceptions.ParameterWriteError": [[2, 2, 1, "", "CALLING_CODE"]], "gssapi.exceptions.TokenTooEarlyError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.TokenTooLateError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.UnauthorizedError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.UnknownUsageError": [[2, 2, 1, "", "MAJOR_MESSAGE"]], "gssapi.names": [[2, 1, 1, "", "Name"]], "gssapi.names.Name": [[2, 4, 1, "", "attributes"], [2, 3, 1, "", "canonicalize"], [2, 3, 1, "", "display_as"], [2, 3, 1, "", "export"], [2, 4, 1, "", "is_mech_name"], [2, 4, 1, "", "mech"], [2, 4, 1, "", "name_type"]], "gssapi.raw": [[3, 0, 0, "-", "chan_bindings"], [3, 0, 0, "-", "creds"], [3, 0, 0, "-", "exceptions"], [3, 0, 0, "-", "ext_cred_imp_exp"], [3, 0, 0, "-", "ext_cred_store"], [3, 0, 0, "-", "ext_dce"], [3, 0, 0, "-", "ext_ggf"], [3, 0, 0, "-", "ext_iov_mic"], [3, 0, 0, "-", "ext_krb5"], [3, 0, 0, "-", "ext_password"], [3, 0, 0, "-", "ext_password_add"], [3, 0, 0, "-", "ext_rfc4178"], [3, 0, 0, "-", "ext_rfc5587"], [3, 0, 0, "-", "ext_rfc5588"], [3, 0, 0, "-", "ext_rfc5801"], [3, 0, 0, "-", "ext_rfc6680"], [3, 0, 0, "-", "ext_s4u"], [3, 0, 0, "-", "ext_set_cred_opt"], [3, 0, 0, "-", "message"], [3, 0, 0, "-", "misc"], [3, 0, 0, "-", "named_tuples"], [3, 0, 0, "-", "names"], [3, 0, 0, "-", "oids"], [3, 0, 0, "-", "sec_contexts"], [3, 0, 0, "-", "types"]], "gssapi.raw.chan_bindings": [[3, 1, 1, "", "ChannelBindings"]], "gssapi.raw.chan_bindings.ChannelBindings": [[3, 2, 1, "", "acceptor_address"], [3, 2, 1, "", "acceptor_address_type"], [3, 2, 1, "", "application_data"], [3, 2, 1, "", "initiator_address"], [3, 2, 1, "", "initiator_address_type"]], "gssapi.raw.creds": [[3, 1, 1, "", "Creds"], [3, 6, 1, "", "acquire_cred"], [3, 6, 1, "", "add_cred"], [3, 6, 1, "", "inquire_cred"], [3, 6, 1, "", "inquire_cred_by_mech"], [3, 6, 1, "", "release_cred"]], "gssapi.raw.exceptions": [[3, 5, 1, "", "BadChannelBindingsError"], [3, 5, 1, "", "BadMICError"], [3, 5, 1, "", "BadMechanismError"], [3, 5, 1, "", "BadNameError"], [3, 5, 1, "", "BadNameTypeError"], [3, 5, 1, "", "BadQoPError"], [3, 5, 1, "", "BadStatusError"], [3, 5, 1, "", "ContextReadError"], [3, 5, 1, "", "ContextWriteError"], [3, 5, 1, "", "CredentialsReadError"], [3, 5, 1, "", "CredentialsWriteError"], [3, 5, 1, "", "DuplicateCredentialsElementError"], [3, 5, 1, "", "DuplicateTokenError"], [3, 5, 1, "", "ExpiredContextError"], [3, 5, 1, "", "ExpiredCredentialsError"], [3, 5, 1, "", "ExpiredTokenError"], [3, 5, 1, "", "GSSError"], [3, 5, 1, "", "InvalidCredentialsError"], [3, 5, 1, "", "InvalidTokenError"], [3, 5, 1, "", "MalformedParameterError"], [3, 5, 1, "", "MechanismNameRequiredError"], [3, 5, 1, "", "MissingContextError"], [3, 5, 1, "", "MissingCredentialsError"], [3, 5, 1, "", "NameReadError"], [3, 5, 1, "", "NameTypeReadError"], [3, 5, 1, "", "OperationUnavailableError"], [3, 5, 1, "", "ParameterReadError"], [3, 5, 1, "", "ParameterWriteError"], [3, 5, 1, "", "SupplementaryError"], [3, 5, 1, "", "TokenOutOfSequenceError"], [3, 5, 1, "", "TokenReadError"], [3, 5, 1, "", "TokenTooEarlyError"], [3, 5, 1, "", "TokenTooLateError"], [3, 5, 1, "", "UnauthorizedError"]], "gssapi.raw.exceptions.GSSError": [[3, 2, 1, "", "calling_code"], [3, 3, 1, "", "gen_message"], [3, 3, 1, "", "get_all_statuses"], [3, 2, 1, "", "maj_code"], [3, 2, 1, "", "min_code"], [3, 2, 1, "", "routine_code"], [3, 2, 1, "", "supplementary_code"], [3, 2, 1, "", "token"]], "gssapi.raw.ext_cred_imp_exp": [[3, 6, 1, "", "export_cred"], [3, 6, 1, "", "import_cred"]], "gssapi.raw.ext_cred_store": [[3, 6, 1, "", "acquire_cred_from"], [3, 6, 1, "", "add_cred_from"], [3, 6, 1, "", "store_cred_into"]], "gssapi.raw.ext_dce": [[3, 1, 1, "", "IOV"], [3, 1, 1, "", "IOVBuffer"], [3, 1, 1, "", "IOVBufferType"], [3, 6, 1, "", "unwrap_aead"], [3, 6, 1, "", "unwrap_iov"], [3, 6, 1, "", "wrap_aead"], [3, 6, 1, "", "wrap_iov"], [3, 6, 1, "", "wrap_iov_length"]], "gssapi.raw.ext_dce.IOV": [[3, 3, 1, "", "count"], [3, 3, 1, "", "index"]], "gssapi.raw.ext_dce.IOVBuffer": [[3, 2, 1, "", "allocate"], [3, 2, 1, "", "type"], [3, 2, 1, "", "value"]], "gssapi.raw.ext_dce.IOVBufferType": [[3, 2, 1, "", "data"], [3, 2, 1, "", "empty"], [3, 2, 1, "", "header"], [3, 2, 1, "", "mech_params"], [3, 2, 1, "", "mic_token"], [3, 2, 1, "", "padding"], [3, 2, 1, "", "sign_only"], [3, 2, 1, "", "stream"], [3, 2, 1, "", "trailer"]], "gssapi.raw.ext_ggf": [[3, 6, 1, "", "inquire_cred_by_oid"], [3, 6, 1, "", "inquire_sec_context_by_oid"], [3, 6, 1, "", "set_sec_context_option"]], "gssapi.raw.ext_iov_mic": [[3, 6, 1, "", "get_mic_iov"], [3, 6, 1, "", "get_mic_iov_length"], [3, 6, 1, "", "verify_mic_iov"]], "gssapi.raw.ext_krb5": [[3, 1, 1, "", "Krb5LucidContext"], [3, 1, 1, "", "Krb5LucidContextV1"], [3, 6, 1, "", "krb5_ccache_name"], [3, 6, 1, "", "krb5_export_lucid_sec_context"], [3, 6, 1, "", "krb5_extract_authtime_from_sec_context"], [3, 6, 1, "", "krb5_extract_authz_data_from_sec_context"], [3, 6, 1, "", "krb5_get_tkt_flags"], [3, 6, 1, "", "krb5_import_cred"], [3, 6, 1, "", "krb5_set_allowable_enctypes"]], "gssapi.raw.ext_krb5.Krb5LucidContextV1": [[3, 4, 1, "", "cfx_kd"], [3, 4, 1, "", "endtime"], [3, 4, 1, "", "is_initiator"], [3, 4, 1, "", "protocol"], [3, 4, 1, "", "recv_seq"], [3, 4, 1, "", "rfc1964_kd"], [3, 4, 1, "", "send_seq"], [3, 4, 1, "", "version"]], "gssapi.raw.ext_password": [[3, 6, 1, "", "acquire_cred_with_password"]], "gssapi.raw.ext_password_add": [[3, 6, 1, "", "add_cred_with_password"]], "gssapi.raw.ext_rfc4178": [[3, 6, 1, "", "set_neg_mechs"]], "gssapi.raw.ext_rfc5587": [[3, 6, 1, "", "display_mech_attr"], [3, 6, 1, "", "indicate_mechs_by_attrs"], [3, 6, 1, "", "inquire_attrs_for_mech"]], "gssapi.raw.ext_rfc5588": [[3, 6, 1, "", "store_cred"]], "gssapi.raw.ext_rfc5801": [[3, 6, 1, "", "inquire_mech_for_saslname"], [3, 6, 1, "", "inquire_saslname_for_mech"]], "gssapi.raw.ext_rfc6680": [[3, 6, 1, "", "delete_name_attribute"], [3, 6, 1, "", "display_name_ext"], [3, 6, 1, "", "export_name_composite"], [3, 6, 1, "", "get_name_attribute"], [3, 6, 1, "", "inquire_name"], [3, 6, 1, "", "set_name_attribute"]], "gssapi.raw.ext_s4u": [[3, 6, 1, "", "acquire_cred_impersonate_name"], [3, 6, 1, "", "add_cred_impersonate_name"]], "gssapi.raw.ext_set_cred_opt": [[3, 6, 1, "", "set_cred_option"]], "gssapi.raw.message": [[3, 6, 1, "", "get_mic"], [3, 6, 1, "", "unwrap"], [3, 6, 1, "", "verify_mic"], [3, 6, 1, "", "wrap"], [3, 6, 1, "", "wrap_size_limit"]], "gssapi.raw.misc": [[3, 5, 1, "", "GSSError"], [3, 1, 1, "", "MechType"], [3, 1, 1, "", "Name"], [3, 1, 1, "", "OID"], [3, 6, 1, "", "indicate_mechs"], [3, 6, 1, "", "inquire_mechs_for_name"], [3, 6, 1, "", "inquire_names_for_mech"]], "gssapi.raw.misc.GSSError": [[3, 2, 1, "", "calling_code"], [3, 3, 1, "", "gen_message"], [3, 3, 1, "", "get_all_statuses"], [3, 2, 1, "", "maj_code"], [3, 2, 1, "", "min_code"], [3, 2, 1, "", "routine_code"], [3, 2, 1, "", "supplementary_code"], [3, 2, 1, "", "token"]], "gssapi.raw.misc.MechType": [[3, 2, 1, "", "kerberos"]], "gssapi.raw.misc.OID": [[3, 4, 1, "", "dotted_form"], [3, 3, 1, "", "from_int_seq"]], "gssapi.raw.named_tuples": [[3, 1, 1, "", "AcceptSecContextResult"], [3, 1, 1, "", "AcquireCredResult"], [3, 1, 1, "", "AddCredResult"], [3, 1, 1, "", "CfxKeyData"], [3, 1, 1, "", "DisplayAttrResult"], [3, 1, 1, "", "DisplayNameResult"], [3, 1, 1, "", "GetNameAttributeResult"], [3, 1, 1, "", "IOVUnwrapResult"], [3, 1, 1, "", "InitSecContextResult"], [3, 1, 1, "", "InquireAttrsResult"], [3, 1, 1, "", "InquireContextResult"], [3, 1, 1, "", "InquireCredByMechResult"], [3, 1, 1, "", "InquireCredResult"], [3, 1, 1, "", "InquireNameResult"], [3, 1, 1, "", "InquireSASLNameResult"], [3, 1, 1, "", "Rfc1964KeyData"], [3, 1, 1, "", "StoreCredResult"], [3, 1, 1, "", "UnwrapResult"], [3, 1, 1, "", "WrapResult"]], "gssapi.raw.named_tuples.AcceptSecContextResult": [[3, 2, 1, "", "context"], [3, 2, 1, "", "delegated_creds"], [3, 2, 1, "", "flags"], [3, 2, 1, "", "initiator_name"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mech"], [3, 2, 1, "", "more_steps"], [3, 2, 1, "", "token"]], "gssapi.raw.named_tuples.AcquireCredResult": [[3, 2, 1, "", "creds"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mechs"]], "gssapi.raw.named_tuples.AddCredResult": [[3, 2, 1, "", "accept_lifetime"], [3, 2, 1, "", "creds"], [3, 2, 1, "", "init_lifetime"], [3, 2, 1, "", "mechs"]], "gssapi.raw.named_tuples.CfxKeyData": [[3, 2, 1, "", "acceptor_subkey"], [3, 2, 1, "", "acceptor_subkey_type"], [3, 2, 1, "", "ctx_key"], [3, 2, 1, "", "ctx_key_type"]], "gssapi.raw.named_tuples.DisplayAttrResult": [[3, 2, 1, "", "long_desc"], [3, 2, 1, "", "name"], [3, 2, 1, "", "short_desc"]], "gssapi.raw.named_tuples.DisplayNameResult": [[3, 2, 1, "", "name"], [3, 2, 1, "", "name_type"]], "gssapi.raw.named_tuples.GetNameAttributeResult": [[3, 2, 1, "", "authenticated"], [3, 2, 1, "", "complete"], [3, 2, 1, "", "display_values"], [3, 2, 1, "", "values"]], "gssapi.raw.named_tuples.IOVUnwrapResult": [[3, 2, 1, "", "encrypted"], [3, 2, 1, "", "qop"]], "gssapi.raw.named_tuples.InitSecContextResult": [[3, 2, 1, "", "context"], [3, 2, 1, "", "flags"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mech"], [3, 2, 1, "", "more_steps"], [3, 2, 1, "", "token"]], "gssapi.raw.named_tuples.InquireAttrsResult": [[3, 2, 1, "", "known_mech_attrs"], [3, 2, 1, "", "mech_attrs"]], "gssapi.raw.named_tuples.InquireContextResult": [[3, 2, 1, "", "complete"], [3, 2, 1, "", "flags"], [3, 2, 1, "", "initiator_name"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "locally_init"], [3, 2, 1, "", "mech"], [3, 2, 1, "", "target_name"]], "gssapi.raw.named_tuples.InquireCredByMechResult": [[3, 2, 1, "", "accept_lifetime"], [3, 2, 1, "", "init_lifetime"], [3, 2, 1, "", "name"], [3, 2, 1, "", "usage"]], "gssapi.raw.named_tuples.InquireCredResult": [[3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mechs"], [3, 2, 1, "", "name"], [3, 2, 1, "", "usage"]], "gssapi.raw.named_tuples.InquireNameResult": [[3, 2, 1, "", "attrs"], [3, 2, 1, "", "is_mech_name"], [3, 2, 1, "", "mech"]], "gssapi.raw.named_tuples.InquireSASLNameResult": [[3, 2, 1, "", "mech_description"], [3, 2, 1, "", "mech_name"], [3, 2, 1, "", "sasl_mech_name"]], "gssapi.raw.named_tuples.Rfc1964KeyData": [[3, 2, 1, "", "key"], [3, 2, 1, "", "key_type"], [3, 2, 1, "", "seal_alg"], [3, 2, 1, "", "sign_alg"]], "gssapi.raw.named_tuples.StoreCredResult": [[3, 2, 1, "", "mechs"], [3, 2, 1, "", "usage"]], "gssapi.raw.named_tuples.UnwrapResult": [[3, 2, 1, "", "encrypted"], [3, 2, 1, "", "message"], [3, 2, 1, "", "qop"]], "gssapi.raw.named_tuples.WrapResult": [[3, 2, 1, "", "encrypted"], [3, 2, 1, "", "message"]], "gssapi.raw.names": [[3, 1, 1, "", "Name"], [3, 6, 1, "", "canonicalize_name"], [3, 6, 1, "", "compare_name"], [3, 6, 1, "", "display_name"], [3, 6, 1, "", "duplicate_name"], [3, 6, 1, "", "export_name"], [3, 6, 1, "", "import_name"], [3, 6, 1, "", "release_name"]], "gssapi.raw.oids": [[3, 1, 1, "", "OID"]], "gssapi.raw.oids.OID": [[3, 4, 1, "", "dotted_form"], [3, 3, 1, "", "from_int_seq"]], "gssapi.raw.sec_contexts": [[3, 1, 1, "", "SecurityContext"], [3, 6, 1, "", "accept_sec_context"], [3, 6, 1, "", "context_time"], [3, 6, 1, "", "delete_sec_context"], [3, 6, 1, "", "export_sec_context"], [3, 6, 1, "", "import_sec_context"], [3, 6, 1, "", "init_sec_context"], [3, 6, 1, "", "inquire_context"], [3, 6, 1, "", "process_context_token"]], "gssapi.raw.types": [[3, 1, 1, "", "AddressType"], [3, 1, 1, "", "GenericFlagSet"], [3, 1, 1, "", "IntEnumFlagSet"], [3, 1, 1, "", "MechType"], [3, 1, 1, "", "NameType"], [3, 1, 1, "", "RequirementFlag"]], "gssapi.raw.types.AddressType": [[3, 2, 1, "", "appletalk"], [3, 2, 1, "", "arpanet"], [3, 2, 1, "", "bisync"], [3, 2, 1, "", "ccitt"], [3, 2, 1, "", "chaos"], [3, 2, 1, "", "datakit"], [3, 2, 1, "", "decnet"], [3, 2, 1, "", "dli"], [3, 2, 1, "", "dss"], [3, 2, 1, "", "ecma"], [3, 2, 1, "", "hyperchannel"], [3, 2, 1, "", "ibm_sna"], [3, 2, 1, "", "ip"], [3, 2, 1, "", "lat"], [3, 2, 1, "", "local"], [3, 2, 1, "", "nbs"], [3, 2, 1, "", "null"], [3, 2, 1, "", "osi_tp4"], [3, 2, 1, "", "pup"], [3, 2, 1, "", "x25"], [3, 2, 1, "", "xerox_ns"]], "gssapi.raw.types.GenericFlagSet": [[3, 2, 1, "", "MAX_VAL"], [3, 3, 1, "", "add"], [3, 3, 1, "", "discard"]], "gssapi.raw.types.MechType": [[3, 2, 1, "", "kerberos"]], "gssapi.raw.types.NameType": [[3, 2, 1, "", "anonymous"], [3, 2, 1, "", "composite_export"], [3, 2, 1, "", "export"], [3, 2, 1, "", "hostbased_service"], [3, 2, 1, "", "kerberos_principal"], [3, 2, 1, "", "krb5_nt_principal_name"], [3, 2, 1, "", "machine_uid"], [3, 2, 1, "", "string_uid"], [3, 2, 1, "", "user"]], "gssapi.raw.types.RequirementFlag": [[3, 2, 1, "", "anonymity"], [3, 2, 1, "", "channel_bound"], [3, 2, 1, "", "confidentiality"], [3, 2, 1, "", "dce_style"], [3, 2, 1, "", "delegate_to_peer"], [3, 2, 1, "", "extended_error"], [3, 2, 1, "", "identify"], [3, 2, 1, "", "integrity"], [3, 2, 1, "", "mutual_authentication"], [3, 2, 1, "", "ok_as_delegate"], [3, 2, 1, "", "out_of_sequence_detection"], [3, 2, 1, "", "protection_ready"], [3, 2, 1, "", "replay_detection"], [3, 2, 1, "", "transferable"]], "gssapi.sec_contexts": [[2, 1, 1, "", "SecurityContext"]], "gssapi.sec_contexts.SecurityContext": [[2, 4, 1, "", "actual_flags"], [2, 4, 1, "", "complete"], [2, 3, 1, "", "decrypt"], [2, 4, 1, "", "delegated_creds"], [2, 3, 1, "", "encrypt"], [2, 3, 1, "", "export"], [2, 3, 1, "", "get_signature"], [2, 3, 1, "", "get_wrap_size_limit"], [2, 4, 1, "", "initiator_name"], [2, 4, 1, "", "lifetime"], [2, 4, 1, "", "locally_initiated"], [2, 4, 1, "", "mech"], [2, 3, 1, "", "process_token"], [2, 3, 1, "", "step"], [2, 4, 1, "", "target_name"], [2, 3, 1, "", "unwrap"], [2, 3, 1, "", "verify_signature"], [2, 3, 1, "", "wrap"]]}, "objtypes": {"0": "py:module", "1": "py:class", "2": "py:attribute", "3": "py:method", "4": "py:property", "5": "py:exception", "6": "py:function"}, "objnames": {"0": ["py", "module", "Python module"], "1": ["py", "class", "Python class"], "2": ["py", "attribute", "Python attribute"], "3": ["py", "method", "Python method"], "4": ["py", "property", "Python property"], "5": ["py", "exception", "Python exception"], "6": ["py", "function", "Python function"]}, "titleterms": {"A": 0, "basic": 0, "introduct": 0, "gssapi": [0, 4], "name": [0, 2, 3], "credenti": [0, 1, 2, 3], "secur": [0, 2, 3], "context": [0, 2, 3], "common": 1, "valu": 1, "store": [1, 3], "extens": [1, 3], "The": 1, "krb5": 1, "mechan": [1, 3], "mit": 1, "librari": 1, "client_keytab": 1, "keytab": 1, "ccach": 1, "rcach": 1, "heimdal": 1, "high": 2, "level": [2, 3], "api": [2, 3], "main": 2, "class": 2, "enum": 2, "helper": 2, "except": [2, 3], "util": 2, "low": 3, "core": 3, "rfc": 3, "2744": 3, "misc": 3, "addit": 3, "4178": 3, "gss": 3, "negoti": 3, "5587": 3, "mech": 3, "attribut": 3, "5588": 3, "deleg": 3, "5801": 3, "sasl": 3, "6680": 3, "import": 3, "export": 3, "dce": 3, "iov": 3, "aead": 3, "mic": 3, "global": 3, "grid": 3, "forum": 3, "ggf": 3, "services4us": 3, "acquir": 3, "With": 3, "password": 3, "kerbero": 3, "specif": 3, "other": [3, 5], "result": 3, "python": 4, "bind": 4, "indic": 4, "tabl": 4, "document": 5, "tutori": 6}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx.ext.viewcode": 1, "sphinx": 57}, "alltitles": {"A Basic Introduction to GSSAPI": [[0, "a-basic-introduction-to-gssapi"]], "Names and Credentials": [[0, "names-and-credentials"]], "Security Contexts": [[0, "security-contexts"], [2, "module-gssapi.sec_contexts"], [3, "module-gssapi.raw.sec_contexts"]], "Common Values for Credentials Store Extensions": [[1, "common-values-for-credentials-store-extensions"]], "The krb5 mechanism in MIT libraries": [[1, "the-krb5-mechanism-in-mit-libraries"]], "client_keytab": [[1, "client-keytab"]], "keytab": [[1, "keytab"]], "ccache": [[1, "ccache"]], "rcache": [[1, "rcache"]], "The krb5 mechanism in Heimdal": [[1, "the-krb5-mechanism-in-heimdal"]], "High-Level API": [[2, "module-gssapi"]], "Main Classes": [[2, "main-classes"]], "Names": [[2, "module-gssapi.names"], [3, "names"]], "Credentials": [[2, "module-gssapi.creds"], [3, "module-gssapi.raw.creds"]], "Enums and Helper Classes": [[2, "enums-and-helper-classes"]], "Exceptions": [[2, "exceptions"], [3, "module-gssapi.raw.exceptions"]], "Utilities": [[2, "utilities"]], "Low-Level API": [[3, "module-gssapi.raw"]], "Core RFC 2744": [[3, "core-rfc-2744"]], "Misc": [[3, "module-gssapi.raw.oids"]], "Additional RFCs and Extensions": [[3, "additional-rfcs-and-extensions"]], "RFC 4178 (GSS-API Negotiation Mechanism)": [[3, "module-gssapi.raw.ext_rfc4178"]], "RFC 5587 (GSS-API Extension for Mech Attributes)": [[3, "module-gssapi.raw.ext_rfc5587"]], "RFC 5588 (GSS-API Extension for Storing Delegated Credentials)": [[3, "module-gssapi.raw.ext_rfc5588"]], "RFC 5801 (GSS-API SASL Extensions)": [[3, "module-gssapi.raw.ext_rfc5801"]], "Credential Store Extensions": [[3, "module-gssapi.raw.ext_cred_store"]], "RFC 6680 (GSS-API Naming Extensions)": [[3, "module-gssapi.raw.ext_rfc6680"]], "Credentials Import-Export Extensions": [[3, "module-gssapi.raw.ext_cred_imp_exp"]], "DCE (IOV/AEAD) Extensions": [[3, "module-gssapi.raw.ext_dce"]], "IOV MIC Extensions": [[3, "module-gssapi.raw.ext_iov_mic"]], "Global Grid Forum (GGF) Extensions": [[3, "module-gssapi.raw.ext_ggf"]], "Services4User Extensions": [[3, "module-gssapi.raw.ext_s4u"]], "Acquiring Credentials With a Password Extensions": [[3, "module-gssapi.raw.ext_password"]], "Kerberos Specific Extensions": [[3, "module-gssapi.raw.ext_krb5"]], "Other Extensions": [[3, "module-gssapi.raw.ext_set_cred_opt"]], "Results": [[3, "results"]], "Python-GSSAPI: Python bindings for GSSAPI": [[4, "python-gssapi-python-bindings-for-gssapi"]], "Indices and tables": [[4, "indices-and-tables"]], "Other Documentation": [[5, "other-documentation"]], "Tutorials": [[6, "tutorials"]]}, "indexentries": {"addresstype (class in gssapi)": [[2, "gssapi.AddressType"]], "badchannelbindingserror": [[2, "gssapi.exceptions.BadChannelBindingsError"], [3, "gssapi.raw.exceptions.BadChannelBindingsError"]], "badmicerror": [[2, "gssapi.exceptions.BadMICError"], [3, "gssapi.raw.exceptions.BadMICError"]], "badmechanismerror": [[2, "gssapi.exceptions.BadMechanismError"], [3, "gssapi.raw.exceptions.BadMechanismError"]], "badnameerror": [[2, "gssapi.exceptions.BadNameError"], [3, "gssapi.raw.exceptions.BadNameError"]], "badnametypeerror": [[2, "gssapi.exceptions.BadNameTypeError"], [3, "gssapi.raw.exceptions.BadNameTypeError"]], "badqoperror": [[2, "gssapi.exceptions.BadQoPError"], [3, "gssapi.raw.exceptions.BadQoPError"]], "badstatuserror": [[2, "gssapi.exceptions.BadStatusError"], [3, "gssapi.raw.exceptions.BadStatusError"]], "calling_code (malformedparametererror attribute)": [[2, "gssapi.exceptions.MalformedParameterError.CALLING_CODE"]], "calling_code (parameterreaderror attribute)": [[2, "gssapi.exceptions.ParameterReadError.CALLING_CODE"]], "calling_code (parameterwriteerror attribute)": [[2, "gssapi.exceptions.ParameterWriteError.CALLING_CODE"]], "contextreaderror": [[2, "gssapi.exceptions.ContextReadError"], [3, "gssapi.raw.exceptions.ContextReadError"]], "contextwriteerror": [[2, "gssapi.exceptions.ContextWriteError"], [3, "gssapi.raw.exceptions.ContextWriteError"]], "credentials (class in gssapi.creds)": [[2, "gssapi.creds.Credentials"]], "credentialsreaderror": [[2, "gssapi.exceptions.CredentialsReadError"], [3, "gssapi.raw.exceptions.CredentialsReadError"]], "credentialswriteerror": [[2, "gssapi.exceptions.CredentialsWriteError"], [3, "gssapi.raw.exceptions.CredentialsWriteError"]], "duplicatecredentialselementerror": [[2, "gssapi.exceptions.DuplicateCredentialsElementError"], [3, "gssapi.raw.exceptions.DuplicateCredentialsElementError"]], "duplicatetokenerror": [[2, "gssapi.exceptions.DuplicateTokenError"], [3, "gssapi.raw.exceptions.DuplicateTokenError"]], "encryptionnotused": [[2, "gssapi.exceptions.EncryptionNotUsed"]], "expiredcontexterror": [[2, "gssapi.exceptions.ExpiredContextError"], [3, "gssapi.raw.exceptions.ExpiredContextError"]], "expiredcredentialserror": [[2, "gssapi.exceptions.ExpiredCredentialsError"], [3, "gssapi.raw.exceptions.ExpiredCredentialsError"]], "expiredtokenerror": [[2, "gssapi.exceptions.ExpiredTokenError"], [3, "gssapi.raw.exceptions.ExpiredTokenError"]], "fmt_str (generalerror attribute)": [[2, "gssapi.exceptions.GeneralError.FMT_STR"]], "gsserror": [[2, "gssapi.exceptions.GSSError"], [3, "gssapi.raw.exceptions.GSSError"], [3, "gssapi.raw.misc.GSSError"]], "generalerror": [[2, "gssapi.exceptions.GeneralError"]], "intenumflagset (class in gssapi)": [[2, "gssapi.IntEnumFlagSet"]], "invalidcredentialserror": [[2, "gssapi.exceptions.InvalidCredentialsError"], [3, "gssapi.raw.exceptions.InvalidCredentialsError"]], "invalidtokenerror": [[2, "gssapi.exceptions.InvalidTokenError"], [3, "gssapi.raw.exceptions.InvalidTokenError"]], "major_message (encryptionnotused attribute)": [[2, "gssapi.exceptions.EncryptionNotUsed.MAJOR_MESSAGE"]], "major_message (generalerror attribute)": [[2, "gssapi.exceptions.GeneralError.MAJOR_MESSAGE"]], "major_message (unknownusageerror attribute)": [[2, "gssapi.exceptions.UnknownUsageError.MAJOR_MESSAGE"]], "message (gsserror attribute)": [[2, "gssapi.exceptions.GSSError.MESSAGE"]], "malformedparametererror": [[2, "gssapi.exceptions.MalformedParameterError"], [3, "gssapi.raw.exceptions.MalformedParameterError"]], "mechtype (class in gssapi)": [[2, "gssapi.MechType"]], "mechanismnamerequirederror": [[2, "gssapi.exceptions.MechanismNameRequiredError"], [3, "gssapi.raw.exceptions.MechanismNameRequiredError"]], "missingcontexterror": [[2, "gssapi.exceptions.MissingContextError"], [3, "gssapi.raw.exceptions.MissingContextError"]], "missingcredentialserror": [[2, "gssapi.exceptions.MissingCredentialsError"], [3, "gssapi.raw.exceptions.MissingCredentialsError"]], "name (class in gssapi.names)": [[2, "gssapi.names.Name"]], "namereaderror": [[2, "gssapi.exceptions.NameReadError"], [3, "gssapi.raw.exceptions.NameReadError"]], "nametype (class in gssapi)": [[2, "gssapi.NameType"]], "nametypereaderror": [[2, "gssapi.exceptions.NameTypeReadError"], [3, "gssapi.raw.exceptions.NameTypeReadError"]], "oid (class in gssapi)": [[2, "gssapi.OID"]], "operationunavailableerror": [[2, "gssapi.exceptions.OperationUnavailableError"], [3, "gssapi.raw.exceptions.OperationUnavailableError"]], "parameterreaderror": [[2, "gssapi.exceptions.ParameterReadError"], [3, "gssapi.raw.exceptions.ParameterReadError"]], "parameterwriteerror": [[2, "gssapi.exceptions.ParameterWriteError"], [3, "gssapi.raw.exceptions.ParameterWriteError"]], "rfc": [[2, "index-0"], [3, "index-0"], [3, "index-1"], [3, "index-2"], [3, "index-3"], [3, "index-4"], [3, "index-5"], [4, "index-0"]], "rfc 5588": [[2, "index-0"], [3, "index-3"]], "routine_code (badchannelbindingserror attribute)": [[2, "gssapi.exceptions.BadChannelBindingsError.ROUTINE_CODE"]], "routine_code (badmicerror attribute)": [[2, "gssapi.exceptions.BadMICError.ROUTINE_CODE"]], "routine_code (badmechanismerror attribute)": [[2, "gssapi.exceptions.BadMechanismError.ROUTINE_CODE"]], "routine_code (badnameerror attribute)": [[2, "gssapi.exceptions.BadNameError.ROUTINE_CODE"]], "routine_code (badnametypeerror attribute)": [[2, "gssapi.exceptions.BadNameTypeError.ROUTINE_CODE"]], "routine_code (badqoperror attribute)": [[2, "gssapi.exceptions.BadQoPError.ROUTINE_CODE"]], "routine_code (badstatuserror attribute)": [[2, "gssapi.exceptions.BadStatusError.ROUTINE_CODE"]], "routine_code (duplicatecredentialselementerror attribute)": [[2, "gssapi.exceptions.DuplicateCredentialsElementError.ROUTINE_CODE"]], "routine_code (expiredcontexterror attribute)": [[2, "gssapi.exceptions.ExpiredContextError.ROUTINE_CODE"]], "routine_code (expiredcredentialserror attribute)": [[2, "gssapi.exceptions.ExpiredCredentialsError.ROUTINE_CODE"]], "routine_code (invalidcredentialserror attribute)": [[2, "gssapi.exceptions.InvalidCredentialsError.ROUTINE_CODE"]], "routine_code (invalidtokenerror attribute)": [[2, "gssapi.exceptions.InvalidTokenError.ROUTINE_CODE"]], "routine_code (mechanismnamerequirederror attribute)": [[2, "gssapi.exceptions.MechanismNameRequiredError.ROUTINE_CODE"]], "routine_code (missingcontexterror attribute)": [[2, "gssapi.exceptions.MissingContextError.ROUTINE_CODE"]], "routine_code (missingcredentialserror attribute)": [[2, "gssapi.exceptions.MissingCredentialsError.ROUTINE_CODE"]], "routine_code (operationunavailableerror attribute)": [[2, "gssapi.exceptions.OperationUnavailableError.ROUTINE_CODE"]], "routine_code (unauthorizederror attribute)": [[2, "gssapi.exceptions.UnauthorizedError.ROUTINE_CODE"]], "requirementflag (class in gssapi)": [[2, "gssapi.RequirementFlag"]], "supplementary_code (duplicatetokenerror attribute)": [[2, "gssapi.exceptions.DuplicateTokenError.SUPPLEMENTARY_CODE"]], "supplementary_code (expiredtokenerror attribute)": [[2, "gssapi.exceptions.ExpiredTokenError.SUPPLEMENTARY_CODE"]], "supplementary_code (tokentooearlyerror attribute)": [[2, "gssapi.exceptions.TokenTooEarlyError.SUPPLEMENTARY_CODE"]], "supplementary_code (tokentoolateerror attribute)": [[2, "gssapi.exceptions.TokenTooLateError.SUPPLEMENTARY_CODE"]], "securitycontext (class in gssapi.sec_contexts)": [[2, "gssapi.sec_contexts.SecurityContext"]], "supplementaryerror": [[2, "gssapi.exceptions.SupplementaryError"], [3, "gssapi.raw.exceptions.SupplementaryError"]], "tokenoutofsequenceerror": [[2, "gssapi.exceptions.TokenOutOfSequenceError"], [3, "gssapi.raw.exceptions.TokenOutOfSequenceError"]], "tokenreaderror": [[2, "gssapi.exceptions.TokenReadError"], [3, "gssapi.raw.exceptions.TokenReadError"]], "tokentooearlyerror": [[2, "gssapi.exceptions.TokenTooEarlyError"], [3, "gssapi.raw.exceptions.TokenTooEarlyError"]], "tokentoolateerror": [[2, "gssapi.exceptions.TokenTooLateError"], [3, "gssapi.raw.exceptions.TokenTooLateError"]], "unauthorizederror": [[2, "gssapi.exceptions.UnauthorizedError"], [3, "gssapi.raw.exceptions.UnauthorizedError"]], "unknownusageerror": [[2, "gssapi.exceptions.UnknownUsageError"]], "acquire() (credentials class method)": [[2, "gssapi.creds.Credentials.acquire"]], "actual_flags (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.actual_flags"]], "add() (credentials method)": [[2, "gssapi.creds.Credentials.add"]], "anonymous (nametype attribute)": [[2, "gssapi.NameType.anonymous"], [3, "gssapi.raw.types.NameType.anonymous"]], "attributes (name property)": [[2, "gssapi.names.Name.attributes"]], "canonicalize() (name method)": [[2, "gssapi.names.Name.canonicalize"]], "complete (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.complete"]], "composite_export (nametype attribute)": [[2, "gssapi.NameType.composite_export"], [3, "gssapi.raw.types.NameType.composite_export"]], "decrypt() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.decrypt"]], "delegated_creds (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.delegated_creds"]], "display_as() (name method)": [[2, "gssapi.names.Name.display_as"]], "encrypt() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.encrypt"]], "export (nametype attribute)": [[2, "gssapi.NameType.export"], [3, "gssapi.raw.types.NameType.export"]], "export() (credentials method)": [[2, "gssapi.creds.Credentials.export"]], "export() (name method)": [[2, "gssapi.names.Name.export"]], "export() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.export"]], "gen_message() (gsserror method)": [[2, "gssapi.exceptions.GSSError.gen_message"], [3, "gssapi.raw.exceptions.GSSError.gen_message"], [3, "gssapi.raw.misc.GSSError.gen_message"]], "get_all_statuses() (gsserror method)": [[2, "gssapi.exceptions.GSSError.get_all_statuses"], [3, "gssapi.raw.exceptions.GSSError.get_all_statuses"], [3, "gssapi.raw.misc.GSSError.get_all_statuses"]], "get_signature() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.get_signature"]], "get_wrap_size_limit() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.get_wrap_size_limit"]], "gssapi": [[2, "module-gssapi"]], "gssapi.creds": [[2, "module-gssapi.creds"]], "gssapi.exceptions": [[2, "module-gssapi.exceptions"]], "gssapi.names": [[2, "module-gssapi.names"]], "gssapi.sec_contexts": [[2, "module-gssapi.sec_contexts"]], "hostbased_service (nametype attribute)": [[2, "gssapi.NameType.hostbased_service"], [3, "gssapi.raw.types.NameType.hostbased_service"]], "impersonate() (credentials method)": [[2, "gssapi.creds.Credentials.impersonate"]], "initiator_name (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.initiator_name"]], "inquire() (credentials method)": [[2, "gssapi.creds.Credentials.inquire"]], "inquire_by_mech() (credentials method)": [[2, "gssapi.creds.Credentials.inquire_by_mech"]], "is_mech_name (name property)": [[2, "gssapi.names.Name.is_mech_name"]], "kerberos (mechtype attribute)": [[2, "gssapi.MechType.kerberos"], [3, "gssapi.raw.misc.MechType.kerberos"], [3, "gssapi.raw.types.MechType.kerberos"]], "kerberos_principal (nametype attribute)": [[2, "gssapi.NameType.kerberos_principal"], [3, "gssapi.raw.types.NameType.kerberos_principal"]], "krb5_nt_principal_name (nametype attribute)": [[2, "gssapi.NameType.krb5_nt_principal_name"], [3, "gssapi.raw.types.NameType.krb5_nt_principal_name"]], "lifetime (credentials property)": [[2, "gssapi.creds.Credentials.lifetime"]], "lifetime (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.lifetime"]], "locally_initiated (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.locally_initiated"]], "machine_uid (nametype attribute)": [[2, "gssapi.NameType.machine_uid"], [3, "gssapi.raw.types.NameType.machine_uid"]], "mech (name property)": [[2, "gssapi.names.Name.mech"]], "mech (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.mech"]], "mechs (credentials property)": [[2, "gssapi.creds.Credentials.mechs"]], "module": [[2, "module-gssapi"], [2, "module-gssapi.creds"], [2, "module-gssapi.exceptions"], [2, "module-gssapi.names"], [2, "module-gssapi.sec_contexts"], [3, "module-gssapi.raw"], [3, "module-gssapi.raw.chan_bindings"], [3, "module-gssapi.raw.creds"], [3, "module-gssapi.raw.exceptions"], [3, "module-gssapi.raw.ext_cred_imp_exp"], [3, "module-gssapi.raw.ext_cred_store"], [3, "module-gssapi.raw.ext_dce"], [3, "module-gssapi.raw.ext_ggf"], [3, "module-gssapi.raw.ext_iov_mic"], [3, "module-gssapi.raw.ext_krb5"], [3, "module-gssapi.raw.ext_password"], [3, "module-gssapi.raw.ext_password_add"], [3, "module-gssapi.raw.ext_rfc4178"], [3, "module-gssapi.raw.ext_rfc5587"], [3, "module-gssapi.raw.ext_rfc5588"], [3, "module-gssapi.raw.ext_rfc5801"], [3, "module-gssapi.raw.ext_rfc6680"], [3, "module-gssapi.raw.ext_s4u"], [3, "module-gssapi.raw.ext_set_cred_opt"], [3, "module-gssapi.raw.message"], [3, "module-gssapi.raw.misc"], [3, "module-gssapi.raw.named_tuples"], [3, "module-gssapi.raw.names"], [3, "module-gssapi.raw.oids"], [3, "module-gssapi.raw.sec_contexts"], [3, "module-gssapi.raw.types"]], "name (credentials property)": [[2, "gssapi.creds.Credentials.name"]], "name_type (name property)": [[2, "gssapi.names.Name.name_type"]], "process_token() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.process_token"]], "set_encoding() (in module gssapi)": [[2, "gssapi.set_encoding"]], "step() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.step"]], "store() (credentials method)": [[2, "gssapi.creds.Credentials.store"]], "string_uid (nametype attribute)": [[2, "gssapi.NameType.string_uid"], [3, "gssapi.raw.types.NameType.string_uid"]], "target_name (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.target_name"]], "unwrap() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.unwrap"]], "usage (credentials property)": [[2, "gssapi.creds.Credentials.usage"]], "user (nametype attribute)": [[2, "gssapi.NameType.user"], [3, "gssapi.raw.types.NameType.user"]], "verify_signature() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.verify_signature"]], "wrap() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.wrap"]], "acceptseccontextresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult"]], "acquirecredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.AcquireCredResult"]], "addcredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.AddCredResult"]], "addresstype (class in gssapi.raw.types)": [[3, "gssapi.raw.types.AddressType"]], "cfxkeydata (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.CfxKeyData"]], "channelbindings (class in gssapi.raw.chan_bindings)": [[3, "gssapi.raw.chan_bindings.ChannelBindings"]], "creds (class in gssapi.raw.creds)": [[3, "gssapi.raw.creds.Creds"]], "displayattrresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult"]], "displaynameresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.DisplayNameResult"]], "genericflagset (class in gssapi.raw.types)": [[3, "gssapi.raw.types.GenericFlagSet"]], "getnameattributeresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult"]], "iov (class in gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.IOV"]], "iovbuffer (class in gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.IOVBuffer"]], "iovbuffertype (class in gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.IOVBufferType"]], "iovunwrapresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.IOVUnwrapResult"]], "initseccontextresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InitSecContextResult"]], "inquireattrsresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireAttrsResult"]], "inquirecontextresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireContextResult"]], "inquirecredbymechresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult"]], "inquirecredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireCredResult"]], "inquirenameresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireNameResult"]], "inquiresaslnameresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult"]], "intenumflagset (class in gssapi.raw.types)": [[3, "gssapi.raw.types.IntEnumFlagSet"]], "krb5lucidcontext (class in gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContext"]], "krb5lucidcontextv1 (class in gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1"]], "max_val (genericflagset attribute)": [[3, "gssapi.raw.types.GenericFlagSet.MAX_VAL"]], "mechtype (class in gssapi.raw.misc)": [[3, "gssapi.raw.misc.MechType"]], "mechtype (class in gssapi.raw.types)": [[3, "gssapi.raw.types.MechType"]], "name (class in gssapi.raw.misc)": [[3, "gssapi.raw.misc.Name"]], "name (class in gssapi.raw.names)": [[3, "gssapi.raw.names.Name"]], "nametype (class in gssapi.raw.types)": [[3, "gssapi.raw.types.NameType"]], "oid (class in gssapi.raw.misc)": [[3, "gssapi.raw.misc.OID"]], "oid (class in gssapi.raw.oids)": [[3, "gssapi.raw.oids.OID"]], "rfc 2744": [[3, "index-0"], [4, "index-0"]], "rfc 4178": [[3, "index-1"]], "rfc 5587": [[3, "index-2"]], "rfc 5801": [[3, "index-4"]], "rfc 6680": [[3, "index-5"]], "requirementflag (class in gssapi.raw.types)": [[3, "gssapi.raw.types.RequirementFlag"]], "rfc1964keydata (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData"]], "securitycontext (class in gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.SecurityContext"]], "storecredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.StoreCredResult"]], "unwrapresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.UnwrapResult"]], "wrapresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.WrapResult"]], "accept_lifetime (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.accept_lifetime"]], "accept_lifetime (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.accept_lifetime"]], "accept_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.accept_sec_context"]], "acceptor_address (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.acceptor_address"]], "acceptor_address_type (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.acceptor_address_type"]], "acceptor_subkey (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.acceptor_subkey"]], "acceptor_subkey_type (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.acceptor_subkey_type"]], "acquire_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.acquire_cred"]], "acquire_cred_from() (in module gssapi.raw.ext_cred_store)": [[3, "gssapi.raw.ext_cred_store.acquire_cred_from"]], "acquire_cred_impersonate_name() (in module gssapi.raw.ext_s4u)": [[3, "gssapi.raw.ext_s4u.acquire_cred_impersonate_name"]], "acquire_cred_with_password() (in module gssapi.raw.ext_password)": [[3, "gssapi.raw.ext_password.acquire_cred_with_password"]], "add() (genericflagset method)": [[3, "gssapi.raw.types.GenericFlagSet.add"]], "add_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.add_cred"]], "add_cred_from() (in module gssapi.raw.ext_cred_store)": [[3, "gssapi.raw.ext_cred_store.add_cred_from"]], "add_cred_impersonate_name() (in module gssapi.raw.ext_s4u)": [[3, "gssapi.raw.ext_s4u.add_cred_impersonate_name"]], "add_cred_with_password() (in module gssapi.raw.ext_password_add)": [[3, "gssapi.raw.ext_password_add.add_cred_with_password"]], "allocate (iovbuffer attribute)": [[3, "gssapi.raw.ext_dce.IOVBuffer.allocate"]], "anonymity (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.anonymity"]], "appletalk (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.appletalk"]], "application_data (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.application_data"]], "arpanet (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.arpanet"]], "attrs (inquirenameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireNameResult.attrs"]], "authenticated (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.authenticated"]], "bisync (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.bisync"]], "calling_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.calling_code"], [3, "gssapi.raw.misc.GSSError.calling_code"]], "canonicalize_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.canonicalize_name"]], "ccitt (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ccitt"]], "cfx_kd (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.cfx_kd"]], "channel_bound (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.channel_bound"]], "chaos (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.chaos"]], "compare_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.compare_name"]], "complete (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.complete"]], "complete (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.complete"]], "confidentiality (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.confidentiality"]], "context (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.context"]], "context (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.context"]], "context_time() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.context_time"]], "count() (iov method)": [[3, "gssapi.raw.ext_dce.IOV.count"]], "creds (acquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.AcquireCredResult.creds"]], "creds (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.creds"]], "ctx_key (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.ctx_key"]], "ctx_key_type (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.ctx_key_type"]], "data (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.data"]], "datakit (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.datakit"]], "dce_style (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.dce_style"]], "decnet (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.decnet"]], "delegate_to_peer (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.delegate_to_peer"]], "delegated_creds (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.delegated_creds"]], "delete_name_attribute() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.delete_name_attribute"]], "delete_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.delete_sec_context"]], "discard() (genericflagset method)": [[3, "gssapi.raw.types.GenericFlagSet.discard"]], "display_mech_attr() (in module gssapi.raw.ext_rfc5587)": [[3, "gssapi.raw.ext_rfc5587.display_mech_attr"]], "display_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.display_name"]], "display_name_ext() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.display_name_ext"]], "display_values (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.display_values"]], "dli (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.dli"]], "dotted_form (oid property)": [[3, "gssapi.raw.misc.OID.dotted_form"], [3, "gssapi.raw.oids.OID.dotted_form"]], "dss (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.dss"]], "duplicate_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.duplicate_name"]], "ecma (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ecma"]], "empty (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.empty"]], "encrypted (iovunwrapresult attribute)": [[3, "gssapi.raw.named_tuples.IOVUnwrapResult.encrypted"]], "encrypted (unwrapresult attribute)": [[3, "gssapi.raw.named_tuples.UnwrapResult.encrypted"]], "encrypted (wrapresult attribute)": [[3, "gssapi.raw.named_tuples.WrapResult.encrypted"]], "endtime (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.endtime"]], "export_cred() (in module gssapi.raw.ext_cred_imp_exp)": [[3, "gssapi.raw.ext_cred_imp_exp.export_cred"]], "export_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.export_name"]], "export_name_composite() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.export_name_composite"]], "export_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.export_sec_context"]], "extended_error (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.extended_error"]], "flags (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.flags"]], "flags (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.flags"]], "flags (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.flags"]], "from_int_seq() (oid class method)": [[3, "gssapi.raw.misc.OID.from_int_seq"], [3, "gssapi.raw.oids.OID.from_int_seq"]], "get_mic() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.get_mic"]], "get_mic_iov() (in module gssapi.raw.ext_iov_mic)": [[3, "gssapi.raw.ext_iov_mic.get_mic_iov"]], "get_mic_iov_length() (in module gssapi.raw.ext_iov_mic)": [[3, "gssapi.raw.ext_iov_mic.get_mic_iov_length"]], "get_name_attribute() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.get_name_attribute"]], "gssapi.raw": [[3, "module-gssapi.raw"]], "gssapi.raw.chan_bindings": [[3, "module-gssapi.raw.chan_bindings"]], "gssapi.raw.creds": [[3, "module-gssapi.raw.creds"]], "gssapi.raw.exceptions": [[3, "module-gssapi.raw.exceptions"]], "gssapi.raw.ext_cred_imp_exp": [[3, "module-gssapi.raw.ext_cred_imp_exp"]], "gssapi.raw.ext_cred_store": [[3, "module-gssapi.raw.ext_cred_store"]], "gssapi.raw.ext_dce": [[3, "module-gssapi.raw.ext_dce"]], "gssapi.raw.ext_ggf": [[3, "module-gssapi.raw.ext_ggf"]], "gssapi.raw.ext_iov_mic": [[3, "module-gssapi.raw.ext_iov_mic"]], "gssapi.raw.ext_krb5": [[3, "module-gssapi.raw.ext_krb5"]], "gssapi.raw.ext_password": [[3, "module-gssapi.raw.ext_password"]], "gssapi.raw.ext_password_add": [[3, "module-gssapi.raw.ext_password_add"]], "gssapi.raw.ext_rfc4178": [[3, "module-gssapi.raw.ext_rfc4178"]], "gssapi.raw.ext_rfc5587": [[3, "module-gssapi.raw.ext_rfc5587"]], "gssapi.raw.ext_rfc5588": [[3, "module-gssapi.raw.ext_rfc5588"]], "gssapi.raw.ext_rfc5801": [[3, "module-gssapi.raw.ext_rfc5801"]], "gssapi.raw.ext_rfc6680": [[3, "module-gssapi.raw.ext_rfc6680"]], "gssapi.raw.ext_s4u": [[3, "module-gssapi.raw.ext_s4u"]], "gssapi.raw.ext_set_cred_opt": [[3, "module-gssapi.raw.ext_set_cred_opt"]], "gssapi.raw.message": [[3, "module-gssapi.raw.message"]], "gssapi.raw.misc": [[3, "module-gssapi.raw.misc"]], "gssapi.raw.named_tuples": [[3, "module-gssapi.raw.named_tuples"]], "gssapi.raw.names": [[3, "module-gssapi.raw.names"]], "gssapi.raw.oids": [[3, "module-gssapi.raw.oids"]], "gssapi.raw.sec_contexts": [[3, "module-gssapi.raw.sec_contexts"]], "gssapi.raw.types": [[3, "module-gssapi.raw.types"]], "header (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.header"]], "hyperchannel (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.hyperchannel"]], "ibm_sna (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ibm_sna"]], "identify (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.identify"]], "import_cred() (in module gssapi.raw.ext_cred_imp_exp)": [[3, "gssapi.raw.ext_cred_imp_exp.import_cred"]], "import_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.import_name"]], "import_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.import_sec_context"]], "index() (iov method)": [[3, "gssapi.raw.ext_dce.IOV.index"]], "indicate_mechs() (in module gssapi.raw.misc)": [[3, "gssapi.raw.misc.indicate_mechs"]], "indicate_mechs_by_attrs() (in module gssapi.raw.ext_rfc5587)": [[3, "gssapi.raw.ext_rfc5587.indicate_mechs_by_attrs"]], "init_lifetime (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.init_lifetime"]], "init_lifetime (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.init_lifetime"]], "init_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.init_sec_context"]], "initiator_address (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.initiator_address"]], "initiator_address_type (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.initiator_address_type"]], "initiator_name (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.initiator_name"]], "initiator_name (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.initiator_name"]], "inquire_attrs_for_mech() (in module gssapi.raw.ext_rfc5587)": [[3, "gssapi.raw.ext_rfc5587.inquire_attrs_for_mech"]], "inquire_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.inquire_context"]], "inquire_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.inquire_cred"]], "inquire_cred_by_mech() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.inquire_cred_by_mech"]], "inquire_cred_by_oid() (in module gssapi.raw.ext_ggf)": [[3, "gssapi.raw.ext_ggf.inquire_cred_by_oid"]], "inquire_mech_for_saslname() (in module gssapi.raw.ext_rfc5801)": [[3, "gssapi.raw.ext_rfc5801.inquire_mech_for_saslname"]], "inquire_mechs_for_name() (in module gssapi.raw.misc)": [[3, "gssapi.raw.misc.inquire_mechs_for_name"]], "inquire_name() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.inquire_name"]], "inquire_names_for_mech() (in module gssapi.raw.misc)": [[3, "gssapi.raw.misc.inquire_names_for_mech"]], "inquire_saslname_for_mech() (in module gssapi.raw.ext_rfc5801)": [[3, "gssapi.raw.ext_rfc5801.inquire_saslname_for_mech"]], "inquire_sec_context_by_oid() (in module gssapi.raw.ext_ggf)": [[3, "gssapi.raw.ext_ggf.inquire_sec_context_by_oid"]], "integrity (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.integrity"]], "ip (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ip"]], "is_initiator (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.is_initiator"]], "is_mech_name (inquirenameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireNameResult.is_mech_name"]], "key (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.key"]], "key_type (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.key_type"]], "known_mech_attrs (inquireattrsresult attribute)": [[3, "gssapi.raw.named_tuples.InquireAttrsResult.known_mech_attrs"]], "krb5_ccache_name() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_ccache_name"]], "krb5_export_lucid_sec_context() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_export_lucid_sec_context"]], "krb5_extract_authtime_from_sec_context() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_extract_authtime_from_sec_context"]], "krb5_extract_authz_data_from_sec_context() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_extract_authz_data_from_sec_context"]], "krb5_get_tkt_flags() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_get_tkt_flags"]], "krb5_import_cred() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_import_cred"]], "krb5_set_allowable_enctypes() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_set_allowable_enctypes"]], "lat (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.lat"]], "lifetime (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.lifetime"]], "lifetime (acquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.AcquireCredResult.lifetime"]], "lifetime (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.lifetime"]], "lifetime (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.lifetime"]], "lifetime (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.lifetime"]], "local (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.local"]], "locally_init (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.locally_init"]], "long_desc (displayattrresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult.long_desc"]], "maj_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.maj_code"], [3, "gssapi.raw.misc.GSSError.maj_code"]], "mech (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.mech"]], "mech (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.mech"]], "mech (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.mech"]], "mech (inquirenameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireNameResult.mech"]], "mech_attrs (inquireattrsresult attribute)": [[3, "gssapi.raw.named_tuples.InquireAttrsResult.mech_attrs"]], "mech_description (inquiresaslnameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult.mech_description"]], "mech_name (inquiresaslnameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult.mech_name"]], "mech_params (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.mech_params"]], "mechs (acquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.AcquireCredResult.mechs"]], "mechs (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.mechs"]], "mechs (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.mechs"]], "mechs (storecredresult attribute)": [[3, "gssapi.raw.named_tuples.StoreCredResult.mechs"]], "message (unwrapresult attribute)": [[3, "gssapi.raw.named_tuples.UnwrapResult.message"]], "message (wrapresult attribute)": [[3, "gssapi.raw.named_tuples.WrapResult.message"]], "mic_token (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.mic_token"]], "min_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.min_code"], [3, "gssapi.raw.misc.GSSError.min_code"]], "more_steps (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.more_steps"]], "more_steps (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.more_steps"]], "mutual_authentication (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.mutual_authentication"]], "name (displayattrresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult.name"]], "name (displaynameresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayNameResult.name"]], "name (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.name"]], "name (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.name"]], "name_type (displaynameresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayNameResult.name_type"]], "nbs (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.nbs"]], "null (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.null"]], "ok_as_delegate (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.ok_as_delegate"]], "osi_tp4 (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.osi_tp4"]], "out_of_sequence_detection (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.out_of_sequence_detection"]], "padding (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.padding"]], "process_context_token() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.process_context_token"]], "protection_ready (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.protection_ready"]], "protocol (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.protocol"]], "pup (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.pup"]], "qop (iovunwrapresult attribute)": [[3, "gssapi.raw.named_tuples.IOVUnwrapResult.qop"]], "qop (unwrapresult attribute)": [[3, "gssapi.raw.named_tuples.UnwrapResult.qop"]], "recv_seq (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.recv_seq"]], "release_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.release_cred"]], "release_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.release_name"]], "replay_detection (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.replay_detection"]], "rfc1964_kd (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.rfc1964_kd"]], "routine_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.routine_code"], [3, "gssapi.raw.misc.GSSError.routine_code"]], "sasl_mech_name (inquiresaslnameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult.sasl_mech_name"]], "seal_alg (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.seal_alg"]], "send_seq (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.send_seq"]], "set_cred_option() (in module gssapi.raw.ext_set_cred_opt)": [[3, "gssapi.raw.ext_set_cred_opt.set_cred_option"]], "set_name_attribute() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.set_name_attribute"]], "set_neg_mechs() (in module gssapi.raw.ext_rfc4178)": [[3, "gssapi.raw.ext_rfc4178.set_neg_mechs"]], "set_sec_context_option() (in module gssapi.raw.ext_ggf)": [[3, "gssapi.raw.ext_ggf.set_sec_context_option"]], "short_desc (displayattrresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult.short_desc"]], "sign_alg (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.sign_alg"]], "sign_only (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.sign_only"]], "store_cred() (in module gssapi.raw.ext_rfc5588)": [[3, "gssapi.raw.ext_rfc5588.store_cred"]], "store_cred_into() (in module gssapi.raw.ext_cred_store)": [[3, "gssapi.raw.ext_cred_store.store_cred_into"]], "stream (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.stream"]], "supplementary_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.supplementary_code"], [3, "gssapi.raw.misc.GSSError.supplementary_code"]], "target_name (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.target_name"]], "token (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.token"]], "token (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.token"], [3, "gssapi.raw.misc.GSSError.token"]], "token (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.token"]], "trailer (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.trailer"]], "transferable (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.transferable"]], "type (iovbuffer attribute)": [[3, "gssapi.raw.ext_dce.IOVBuffer.type"]], "unwrap() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.unwrap"]], "unwrap_aead() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.unwrap_aead"]], "unwrap_iov() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.unwrap_iov"]], "usage (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.usage"]], "usage (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.usage"]], "usage (storecredresult attribute)": [[3, "gssapi.raw.named_tuples.StoreCredResult.usage"]], "value (iovbuffer attribute)": [[3, "gssapi.raw.ext_dce.IOVBuffer.value"]], "values (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.values"]], "verify_mic() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.verify_mic"]], "verify_mic_iov() (in module gssapi.raw.ext_iov_mic)": [[3, "gssapi.raw.ext_iov_mic.verify_mic_iov"]], "version (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.version"]], "wrap() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.wrap"]], "wrap_aead() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.wrap_aead"]], "wrap_iov() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.wrap_iov"]], "wrap_iov_length() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.wrap_iov_length"]], "wrap_size_limit() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.wrap_size_limit"]], "x25 (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.x25"]], "xerox_ns (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.xerox_ns"]]}})
\ No newline at end of file
diff --git a/setup.py b/setup.py
deleted file mode 100755
index e636c506..00000000
--- a/setup.py
+++ /dev/null
@@ -1,347 +0,0 @@
-#!/usr/bin/env python
-import subprocess
-import platform
-import re
-import sys
-import os
-import shutil
-import shlex
-
-# Enables the vendored distutils in setuptools over the stdlib one to avoid
-# the deprecation warning. Must be done before importing setuptools,
-# setuptools also must be imported before distutils.
-# https://github.com/pypa/setuptools/blob/main/docs/deprecated/distutils-legacy.rst
-os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'
-
-from setuptools import setup  # noqa: E402
-from setuptools.extension import Extension  # noqa: E402
-from Cython.Build import cythonize  # noqa: E402
-
-
-def get_output(*args, **kwargs):
-    res = subprocess.check_output(*args, shell=True, **kwargs)
-    decoded = res.decode('utf-8')
-    return decoded.strip()
-
-
-# get the compile and link args
-kc = "krb5-config"
-autodetect_kc = True
-posix = os.name != 'nt'
-
-# Per https://docs.python.org/3/library/platform.html#platform.architecture
-# this is the preferred way of determining "64-bitness".
-is64bit = sys.maxsize > 2**32
-
-kc_env = 'GSSAPI_KRB5CONFIG'
-if kc_env in os.environ:
-    kc = os.environ[kc_env]
-    autodetect_kc = False
-    print(f"Using {kc} from env")
-
-link_args, compile_args = [
-    shlex.split(os.environ[e], posix=posix) if e in os.environ else None
-    for e in ['GSSAPI_LINKER_ARGS', 'GSSAPI_COMPILER_ARGS']
-]
-
-osx_has_gss_framework = False
-if sys.platform == 'darwin':
-    mac_ver = [int(v) for v in platform.mac_ver()[0].split('.')]
-    osx_has_gss_framework = (mac_ver >= [10, 7, 0])
-
-winkrb_path = None
-if os.name == 'nt':
-    # Try to find location of MIT kerberos
-    # First check program files of the appropriate architecture
-    _pf_path = os.path.join(os.environ['ProgramFiles'], 'MIT', 'Kerberos')
-    if os.path.exists(_pf_path):
-        winkrb_path = _pf_path
-    else:
-        # Try to detect kinit in PATH
-        _kinit_path = shutil.which('kinit')
-        if _kinit_path is None:
-            print("Failed find MIT kerberos!")
-        else:
-            winkrb_path = os.path.dirname(os.path.dirname(_kinit_path))
-
-    # Monkey patch distutils if it throws errors getting msvcr.
-    # For MinGW it won't need it.
-    from distutils import cygwinccompiler
-    try:
-        cygwinccompiler.get_msvcr()
-    except ValueError:
-        cygwinccompiler.get_msvcr = lambda *a, **kw: []
-
-if sys.platform.startswith("freebsd") and autodetect_kc:
-    # FreeBSD does $PATH backward, for our purposes.  That is, the package
-    # manager's version of the software is in /usr/local, which is in PATH
-    # *after* the version in /usr.  We prefer the package manager's version
-    # because the Heimdal in base is truly ancient, but this can be overridden
-    # - either in the "normal" fashion by putting something in PATH in front
-    # of it, or by removing /usr/local from PATH.
-
-    bins = []
-    for b in os.environ["PATH"].split(":"):
-        p = f"{b}/krb5-config"
-        if not os.path.exists(p):
-            continue
-        bins.append(p)
-
-    if len(bins) > 1 and bins[0] == "/usr/bin/krb5-config" and \
-       "/usr/local/bin/krb5-config" in bins:
-        kc = "/usr/local/bin/krb5-config"
-    print(f"Detected: {kc}")
-
-if link_args is None:
-    if osx_has_gss_framework:
-        link_args = ['-framework', 'GSS']
-    elif winkrb_path:
-        _libs = os.path.join(
-            winkrb_path, 'lib', 'amd64' if is64bit else 'i386'
-        )
-        link_args = (
-            ['-L%s' % _libs]
-            + ['-l%s' % os.path.splitext(lib)[0] for lib in os.listdir(_libs)]
-        )
-    elif os.environ.get('MINGW_PREFIX'):
-        link_args = ['-lgss']
-    else:
-        link_args = shlex.split(get_output(f"{kc} --libs gssapi"))
-
-if compile_args is None:
-    if osx_has_gss_framework:
-        compile_args = ['-DOSX_HAS_GSS_FRAMEWORK']
-    elif winkrb_path:
-        compile_args = [
-            '-I%s' % os.path.join(winkrb_path, 'include'),
-        ]
-        if is64bit:
-            compile_args.append('-DMS_WIN64')
-    elif os.environ.get('MINGW_PREFIX'):
-        compile_args = ['-fPIC']
-    else:
-        compile_args = shlex.split(get_output(f"{kc} --cflags gssapi"))
-
-# add in the extra workarounds for different include structures
-if winkrb_path:
-    prefix = winkrb_path
-else:
-    try:
-        prefix = get_output(f"{kc} gssapi --prefix")
-    except Exception:
-        print("WARNING: couldn't find krb5-config; assuming prefix of %s"
-              % str(sys.prefix))
-        prefix = sys.prefix
-gssapi_ext_h = os.path.join(prefix, 'include/gssapi/gssapi_ext.h')
-if os.path.exists(gssapi_ext_h):
-    compile_args.append("-DHAS_GSSAPI_EXT_H")
-
-# Create a define to detect msys in the headers
-if sys.platform == 'msys':
-    compile_args.append('-D__MSYS__')
-
-# ensure that any specific directories are listed before any generic system
-# directories inserted by setuptools
-# Also separate out specified libraries as MSBuild requires different args
-_link_args = link_args
-library_dirs, libraries, link_args = [], [], []
-for arg in _link_args:
-    if arg.startswith('-L'):
-        library_dirs.append(arg[2:])
-    elif arg.startswith('-l'):
-        libraries.append(arg[2:])
-    else:
-        link_args.append(arg)
-
-ENABLE_SUPPORT_DETECTION = \
-    (os.environ.get('GSSAPI_SUPPORT_DETECT', 'true').lower() == 'true')
-
-wrap_iov_symbol_name = 'gss_wrap_iov'
-if ENABLE_SUPPORT_DETECTION:
-    import ctypes.util
-
-    main_lib = os.environ.get('GSSAPI_MAIN_LIB', None)
-    main_path = ""
-    if main_lib is None and osx_has_gss_framework:
-        main_lib = ctypes.util.find_library('GSS')
-        if not main_lib:
-            # https://github.com/pythongssapi/python-gssapi/issues/235
-            # CPython has a bug on Big Sur where find_library will fail to
-            # find the library path of shared frameworks.  This has been fixed
-            # in newer versions but we have this fallback in case an older
-            # version is still in use.  This fix is expected to be included in
-            # 3.8.8 and 3.9.2.
-            main_lib = '/System/Library/Frameworks/GSS.framework/GSS'
-    elif os.environ.get('MINGW_PREFIX'):
-        main_lib = os.environ.get('MINGW_PREFIX')+'/bin/libgss-3.dll'
-    elif sys.platform == 'msys':
-        # Plain msys, not running in MINGW_PREFIX. Try to get the lib from one
-        _main_lib = f'/mingw{64 if is64bit else 32}/bin/libgss-3.dll'
-        if os.path.exists(_main_lib):
-            main_lib = _main_lib
-            os.environ['PATH'] += os.pathsep + os.path.dirname(main_lib)
-    elif main_lib is None:
-        for opt in libraries:
-            if opt.startswith('gssapi'):
-                if os.name == 'nt':
-                    main_lib = '%s.dll' % opt
-                    if winkrb_path:
-                        main_path = os.path.join(winkrb_path, 'bin')
-                else:
-                    main_lib = 'lib%s.so' % opt
-        for opt in link_args:
-            # To support Heimdal on Debian, read the linker path.
-            if opt.startswith('-Wl,/'):
-                main_path = opt[4:] + "/"
-        if main_path == "":
-            for d in library_dirs:
-                if os.path.exists(os.path.join(d, main_lib)):
-                    main_path = d
-                    break
-
-    if main_lib is None:
-        raise Exception("Could not find main GSSAPI shared library.  Please "
-                        "try setting GSSAPI_MAIN_LIB yourself or setting "
-                        "GSSAPI_SUPPORT_DETECT to 'false'")
-
-    GSSAPI_LIB = ctypes.CDLL(os.path.join(main_path, main_lib))
-
-    if hasattr(GSSAPI_LIB, '__ApplePrivate_gss_wrap_iov'):
-        wrap_iov_symbol_name = '__ApplePrivate_gss_wrap_iov'
-
-
-def make_extension(name_fmt, module, **kwargs):
-    """Helper method to remove the repetition in extension declarations."""
-    source = name_fmt.replace('.', '/') % module + '.pyx'
-    if not os.path.exists(source):
-        raise OSError(source)
-    return Extension(
-        name_fmt % module,
-        extra_link_args=link_args,
-        extra_compile_args=compile_args,
-        library_dirs=library_dirs,
-        libraries=libraries,
-        sources=[source],
-        **kwargs
-    )
-
-
-# detect support
-def main_file(module):
-    return make_extension('gssapi.raw.%s', module)
-
-
-ENUM_EXTS = []
-
-
-def extension_file(module, canary):
-    if ENABLE_SUPPORT_DETECTION and not hasattr(GSSAPI_LIB, canary):
-        print('Skipping the %s extension because it '
-              'is not supported by your GSSAPI implementation...' % module)
-        return
-
-    try:
-        ENUM_EXTS.append(
-            make_extension('gssapi.raw._enum_extensions.ext_%s', module,
-                           include_dirs=['gssapi/raw/'])
-        )
-    except OSError:
-        pass
-
-    return make_extension('gssapi.raw.ext_%s', module)
-
-
-def gssapi_modules(lst):
-    # filter out missing files
-    res = [mod for mod in lst if mod is not None]
-
-    # add in supported mech files
-    res.extend(
-        make_extension('gssapi.raw.mech_%s', mech)
-        for mech in os.environ.get('GSSAPI_MECHS', 'krb5').split(',')
-    )
-
-    # add in any present enum extension files
-    res.extend(ENUM_EXTS)
-
-    return cythonize(res, language_level=2)
-
-
-long_desc = re.sub(r'\.\. role:: \w+\(code\)\s*\n\s*.+', '',
-                   re.sub(r':(python|bash|code):', '',
-                          re.sub(r'\.\. code-block:: \w+', '::',
-                                 open('README.txt').read())))
-
-install_requires = [
-    'decorator',
-]
-
-setup(
-    name='gssapi',
-    version='1.9.0',
-    author='The Python GSSAPI Team',
-    author_email='jborean93@gmail.com',
-    packages=['gssapi', 'gssapi.raw', 'gssapi.raw._enum_extensions',
-              'gssapi.tests'],
-    package_data={
-        "gssapi": ["py.typed"],
-        "gssapi.raw": ["*.pyi"],
-    },
-    description='Python GSSAPI Wrapper',
-    long_description=long_desc,
-    license='LICENSE.txt',
-    url="https://github.com/pythongssapi/python-gssapi",
-    python_requires=">=3.8",
-    classifiers=[
-        'Development Status :: 5 - Production/Stable',
-        'Programming Language :: Python',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.8',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'Programming Language :: Python :: 3.12',
-        'Programming Language :: Python :: 3.13',
-        'Intended Audience :: Developers',
-        'Programming Language :: Python :: Implementation :: CPython',
-        'Programming Language :: Cython',
-        'Topic :: Security',
-        'Topic :: Software Development :: Libraries :: Python Modules'
-    ],
-    ext_modules=gssapi_modules([
-        main_file('misc'),
-        main_file('exceptions'),
-        main_file('creds'),
-        main_file('names'),
-        main_file('sec_contexts'),
-        main_file('types'),
-        main_file('message'),
-        main_file('oids'),
-        main_file('cython_converters'),
-        main_file('chan_bindings'),
-        extension_file('s4u', 'gss_acquire_cred_impersonate_name'),
-        extension_file('cred_store', 'gss_store_cred_into'),
-        extension_file('rfc4178', 'gss_set_neg_mechs'),
-        extension_file('rfc5587', 'gss_indicate_mechs_by_attrs'),
-        extension_file('rfc5588', 'gss_store_cred'),
-        extension_file('rfc5801', 'gss_inquire_saslname_for_mech'),
-        extension_file('cred_imp_exp', 'gss_import_cred'),
-        extension_file('dce', wrap_iov_symbol_name),
-        extension_file('dce_aead', 'gss_wrap_aead'),
-        extension_file('iov_mic', 'gss_get_mic_iov'),
-        extension_file('ggf', 'gss_inquire_sec_context_by_oid'),
-        extension_file('set_cred_opt', 'gss_set_cred_option'),
-
-        # see ext_rfc6680_comp_oid for more information on this split
-        extension_file('rfc6680', 'gss_display_name_ext'),
-        extension_file('rfc6680_comp_oid', 'GSS_C_NT_COMPOSITE_EXPORT'),
-
-        # see ext_password{,_add}.pyx for more information on this split
-        extension_file('password', 'gss_acquire_cred_with_password'),
-        extension_file('password_add', 'gss_add_cred_with_password'),
-
-        extension_file('krb5', 'gss_krb5_ccache_name'),
-    ]),
-    keywords=['gssapi', 'security'],
-    install_requires=install_requires
-)
diff --git a/stable/.buildinfo b/stable/.buildinfo
new file mode 100644
index 00000000..2d27bcf3
--- /dev/null
+++ b/stable/.buildinfo
@@ -0,0 +1,4 @@
+# Sphinx build info version 1
+# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: 8e7062634f2bec63f7f837e156b50dab
+tags: 645f666f9bcd5a90fca523b33c5a78b7
diff --git a/stable/.doctrees/basic-tutorial.doctree b/stable/.doctrees/basic-tutorial.doctree
new file mode 100644
index 00000000..769bd20f
Binary files /dev/null and b/stable/.doctrees/basic-tutorial.doctree differ
diff --git a/stable/.doctrees/credstore.doctree b/stable/.doctrees/credstore.doctree
new file mode 100644
index 00000000..7b7b1063
Binary files /dev/null and b/stable/.doctrees/credstore.doctree differ
diff --git a/stable/.doctrees/environment.pickle b/stable/.doctrees/environment.pickle
new file mode 100644
index 00000000..eaed6e1a
Binary files /dev/null and b/stable/.doctrees/environment.pickle differ
diff --git a/stable/.doctrees/gssapi.doctree b/stable/.doctrees/gssapi.doctree
new file mode 100644
index 00000000..a06228f0
Binary files /dev/null and b/stable/.doctrees/gssapi.doctree differ
diff --git a/stable/.doctrees/gssapi.raw.doctree b/stable/.doctrees/gssapi.raw.doctree
new file mode 100644
index 00000000..e630aa0f
Binary files /dev/null and b/stable/.doctrees/gssapi.raw.doctree differ
diff --git a/stable/.doctrees/index.doctree b/stable/.doctrees/index.doctree
new file mode 100644
index 00000000..c2fad955
Binary files /dev/null and b/stable/.doctrees/index.doctree differ
diff --git a/stable/.doctrees/otherdoc.doctree b/stable/.doctrees/otherdoc.doctree
new file mode 100644
index 00000000..59891235
Binary files /dev/null and b/stable/.doctrees/otherdoc.doctree differ
diff --git a/stable/.doctrees/tutorials.doctree b/stable/.doctrees/tutorials.doctree
new file mode 100644
index 00000000..30462dbd
Binary files /dev/null and b/stable/.doctrees/tutorials.doctree differ
diff --git a/stable/_modules/gssapi/_utils.html b/stable/_modules/gssapi/_utils.html
new file mode 100644
index 00000000..71bb4be2
--- /dev/null
+++ b/stable/_modules/gssapi/_utils.html
@@ -0,0 +1,302 @@
+
+
+
+
+
+  
+  
+  gssapi._utils — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi._utils
+import sys
+import types
+import typing as t
+
+import decorator as deco
+
+from gssapi.raw.misc import GSSError
+
+if t.TYPE_CHECKING:
+    from gssapi.sec_contexts import SecurityContext
+
+
+def import_gssapi_extension(
+    name: str,
+) -> t.Optional[types.ModuleType]:
+    """Import a GSSAPI extension module
+
+    This method imports a GSSAPI extension module based
+    on the name of the extension (not including the
+    'ext_' prefix).  If the extension is not available,
+    the method retuns None.
+
+    Args:
+        name (str): the name of the extension
+
+    Returns:
+        module: Either the extension module or None
+    """
+
+    try:
+        path = 'gssapi.raw.ext_{0}'.format(name)
+        __import__(path)
+        return sys.modules[path]
+    except ImportError:
+        return None
+
+
+def inquire_property(
+    name: str,
+    doc: t.Optional[str] = None
+) -> property:
+    """Creates a property based on an inquire result
+
+    This method creates a property that calls the
+    :python:`_inquire` method, and return the value of the
+    requested information.
+
+    Args:
+        name (str): the name of the 'inquire' result information
+
+    Returns:
+        property: the created property
+    """
+
+    def inquire_property(self: "SecurityContext") -> t.Any:
+        if not self._started:
+            msg = (f"Cannot read {name} from a security context whose "
+                   "establishment has not yet been started.")
+            raise AttributeError(msg)
+
+        return getattr(self._inquire(**{name: True}), name)
+
+    return property(inquire_property, doc=doc)
+
+
+# use UTF-8 as the default encoding, like Python 3
+_ENCODING = 'UTF-8'
+
+
+def _get_encoding() -> str:
+    """Gets the current encoding used for strings.
+
+    This value is used to encode and decode string
+    values like names.
+
+    Returns:
+        str: the current encoding
+    """
+    return _ENCODING
+
+
+

+[docs]
+def set_encoding(
+    enc: str,
+) -> None:
+    """Sets the current encoding used for strings
+
+    This value is used to encode and decode string
+    values like names.
+
+    Args:
+        enc: the encoding to use
+    """
+
+    global _ENCODING
+    _ENCODING = enc

+
+
+
+def _encode_dict(
+    d: t.Dict[t.Union[bytes, str], t.Union[bytes, str]],
+) -> t.Dict[bytes, bytes]:
+    """Encodes any relevant strings in a dict"""
+    def enc(x: t.Union[bytes, str]) -> bytes:
+        if isinstance(x, str):
+            return x.encode(_ENCODING)
+        else:
+            return x
+
+    return {enc(k): enc(v) for k, v in d.items()}
+
+
+# in case of Python 3, just use exception chaining
+@deco.decorator
+def catch_and_return_token(
+    func: t.Callable,
+    self: "SecurityContext",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Optional[bytes]:
+    """Optionally defer exceptions and return a token instead
+
+    When `__DEFER_STEP_ERRORS__` is set on the implementing class
+    or instance, methods wrapped with this wrapper will
+    catch and save their :python:`GSSError` exceptions and
+    instead return the result token attached to the exception.
+
+    The exception can be later retrived through :python:`_last_err`
+    (and :python:`_last_tb` when Python 2 is in use).
+    """
+
+    try:
+        return func(self, *args, **kwargs)
+    except GSSError as e:
+        defer_step_errors = getattr(self, '__DEFER_STEP_ERRORS__', False)
+        if e.token is not None and defer_step_errors:
+            self._last_err = e
+            # skip the "return func" line above in the traceback
+            tb = e.__traceback__.tb_next  # type: ignore[union-attr]
+            self._last_err.__traceback__ = tb
+
+            return e.token
+        else:
+            raise
+
+
+@deco.decorator
+def check_last_err(
+    func: t.Callable,
+    self: "SecurityContext",
+    *args: t.Any,
+    **kwargs: t.Any,
+) -> t.Any:
+    """Check and raise deferred errors before running the function
+
+    This method checks :python:`_last_err` before running the wrapped
+    function.  If present and not None, the exception will be raised
+    with its original traceback.
+    """
+
+    if self._last_err is not None:
+        try:
+            raise self._last_err
+        finally:
+            self._last_err = None
+    else:
+        return func(self, *args, **kwargs)
+
+
+class CheckLastError(type):
+    """Check for a deferred error on all methods
+
+    This metaclass applies the :python:`check_last_err` decorator
+    to all methods not prefixed by '_'.
+
+    Additionally, it enabled `__DEFER_STEP_ERRORS__` by default.
+    """
+
+    def __new__(
+        cls,
+        name: str,
+        parents: t.Tuple[t.Type],
+        attrs: t.Dict[str, t.Any],
+    ) -> "CheckLastError":
+        attrs['__DEFER_STEP_ERRORS__'] = True
+
+        for attr_name in attrs:
+            attr = attrs[attr_name]
+
+            # wrap only methods
+            if not isinstance(attr, types.FunctionType):
+                continue
+
+            if attr_name[0] != '_':
+                attrs[attr_name] = check_last_err(attr)
+
+        return super(CheckLastError, cls).__new__(cls, name, parents, attrs)
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/creds.html b/stable/_modules/gssapi/creds.html
new file mode 100644
index 00000000..523052dd
--- /dev/null
+++ b/stable/_modules/gssapi/creds.html
@@ -0,0 +1,604 @@
+
+
+
+
+
+  
+  
+  gssapi.creds — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.creds
+import typing as t
+
+from gssapi.raw import creds as rcreds
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import names as rnames
+from gssapi.raw import oids as roids
+from gssapi._utils import import_gssapi_extension, _encode_dict
+
+from gssapi import names
+
+rcred_imp_exp = import_gssapi_extension('cred_imp_exp')
+rcred_s4u = import_gssapi_extension('s4u')
+rcred_cred_store = import_gssapi_extension('cred_store')
+rcred_rfc5588 = import_gssapi_extension('rfc5588')
+
+
+

+[docs]
+class Credentials(rcreds.Creds):
+    """GSSAPI Credentials
+
+    This class represents a set of GSSAPI credentials which may
+    be used with and/or returned by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI :class:`~gssapi.raw.creds.Creds`
+    class, and thus may used with both low-level and high-level API methods.
+
+    If your implementation of GSSAPI supports the credentials import-export
+    extension, you may pickle and unpickle this object.
+
+    The constructor either acquires or imports a set of GSSAPI
+    credentials.
+
+    If the `base` argument is used, an existing
+    :class:`~gssapi.raw.creds.Creds` object from the low-level API is
+    converted into a high-level object.
+
+    If the `token` argument is used, the credentials
+    are imported using the token, if the credentials import-export
+    extension is supported (:requires-ext:`cred_imp_exp`).
+
+    Otherwise, the credentials are acquired as per the
+    :meth:`acquire` method.
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """
+
+    __slots__ = ()
+
+    def __new__(
+        cls,
+        base: t.Optional[rcreds.Creds] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'both',
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> "Credentials":
+        # TODO(directxman12): this is missing support for password
+        #                     (non-RFC method)
+        if base is not None:
+            base_creds = base
+        elif token is not None:
+            if rcred_imp_exp is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for importing and "
+                                          "exporting creditials")
+
+            base_creds = rcred_imp_exp.import_cred(token)
+        else:
+            res = cls.acquire(name, lifetime, mechs, usage,
+                              store=store)
+            base_creds = res.creds
+
+        return t.cast("Credentials",
+                      super(Credentials, cls).__new__(cls, base_creds))
+
+    @property
+    def name(self) -> rnames.Name:
+        """Get the name associated with these credentials"""
+        return t.cast(rnames.Name,
+                      self.inquire(name=True, lifetime=False, usage=False,
+                                   mechs=False).name)
+
+    @property
+    def lifetime(self) -> int:
+        """Get the remaining lifetime of these credentials, in seconds"""
+        return t.cast(int,
+                      self.inquire(name=False, lifetime=True,
+                                   usage=False, mechs=False).lifetime)
+
+    @property
+    def mechs(self) -> t.Set[roids.OID]:
+        """Get the mechanisms for these credentials"""
+        return t.cast(t.Set[roids.OID],
+                      self.inquire(name=False, lifetime=False,
+                                   usage=False, mechs=True).mechs)
+
+    @property
+    def usage(self) -> str:
+        """Get the usage (initiate, accept, or both) of these credentials"""
+        return t.cast(str,
+                      self.inquire(name=False, lifetime=False,
+                                   usage=True, mechs=False).usage)
+
+

+[docs]
+    @classmethod
+    def acquire(
+        cls,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'both',
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> tuples.AcquireCredResult:
+        """Acquire GSSAPI credentials
+
+        This method acquires credentials.  If the `store` argument is
+        used, the credentials will be acquired from the given
+        credential store (if supported).  Otherwise, the credentials are
+        acquired from the default store.
+
+        The credential store information is a dictionary containing
+        mechanisms-specific keys and values pointing to a credential store
+        or stores.
+
+        Using a non-default store requires support for the credentials store
+        extension.
+
+        Args:
+            name (~gssapi.names.Name): the name associated with the
+                credentials, or None for the default name
+            lifetime (int): the desired lifetime of the credentials in seconds,
+                or None for indefinite
+            mechs (list): the desired :class:`MechType` OIDs to be used
+                with the credentials, or None for the default set
+            usage (str): the usage for the credentials -- either 'both',
+                'initiate', or 'accept'
+            store (dict): the credential store information pointing to the
+                credential store from which to acquire the credentials,
+                or None for the default store (:requires-ext:`cred_store`)
+
+        Returns:
+            AcquireCredResult: the acquired credentials and information about
+            them
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+        """
+
+        if store is None:
+            res = rcreds.acquire_cred(name, lifetime,
+                                      mechs, usage)
+        else:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores")
+
+            b_store = _encode_dict(store)
+
+            res = rcred_cred_store.acquire_cred_from(b_store, name,
+                                                     lifetime, mechs,
+                                                     usage)
+
+        return tuples.AcquireCredResult(cls(base=res.creds), res.mechs,
+                                        res.lifetime)

+
+
+

+[docs]
+    def store(
+        self,
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+        usage: str = 'both',
+        mech: t.Optional[roids.OID] = None,
+        overwrite: bool = False,
+        set_default: bool = False,
+    ) -> tuples.StoreCredResult:
+        """Store these credentials into the given store
+
+        This method stores the current credentials into the specified
+        credentials store.  If the default store is used, support for
+        :rfc:`5588` is required.  Otherwise, support for the credentials
+        store extension is required.
+
+        :requires-ext:`rfc5588` or :requires-ext:`cred_store`
+
+        Args:
+            store (dict): the store into which to store the credentials,
+                or None for the default store.
+            usage (str): the usage to store the credentials with -- either
+                'both', 'initiate', or 'accept'
+            mech (~gssapi.OID): the :class:`MechType` to associate with the
+                stored credentials
+            overwrite (bool): whether or not to overwrite existing credentials
+                stored with the same name, etc
+            set_default (bool): whether or not to set these credentials as
+                the default credentials for the given store.
+
+        Returns:
+            StoreCredResult: the results of the credential storing operation
+
+        Raises:
+            ~gssapi.exceptions.GSSError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.OperationUnavailableError
+            ~gssapi.exceptions.DuplicateCredentialsElementError
+        """
+
+        if store is None:
+            if rcred_rfc5588 is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for RFC 5588")
+
+            return rcred_rfc5588.store_cred(self, usage, mech,
+                                            overwrite, set_default)
+        else:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores directly")
+
+            b_store = _encode_dict(store)
+
+            return rcred_cred_store.store_cred_into(b_store, self, usage, mech,
+                                                    overwrite, set_default)

+
+
+

+[docs]
+    def impersonate(
+        self,
+        name: t.Optional[rnames.Name] = None,
+        lifetime: t.Optional[int] = None,
+        mechs: t.Optional[t.Iterable[roids.OID]] = None,
+        usage: str = 'initiate',
+    ) -> "Credentials":
+        """Impersonate a name using the current credentials
+
+        This method acquires credentials by impersonating another
+        name using the current credentials.
+
+        :requires-ext:`s4u`
+
+        Args:
+            name (~gssapi.names.Name): the name to impersonate
+            lifetime (int): the desired lifetime of the new credentials in
+                seconds, or None for indefinite
+            mechs (list): the desired :class:`MechType` OIDs for the new
+                credentials
+            usage (str): the desired usage for the new credentials -- either
+                'both', 'initiate', or 'accept'.  Note that some mechanisms
+                may only support 'initiate'.
+
+        Returns:
+            Credentials: the new credentials impersonating the given name
+        """
+
+        if rcred_s4u is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "have support for S4U")
+
+        res = rcred_s4u.acquire_cred_impersonate_name(self, name,
+                                                      lifetime, mechs,
+                                                      usage)
+
+        return type(self)(base=res.creds)

+
+
+

+[docs]
+    def inquire(
+        self,
+        name: bool = True,
+        lifetime: bool = True,
+        usage: bool = True,
+        mechs: bool = True,
+    ) -> tuples.InquireCredResult:
+        """Inspect these credentials for information
+
+        This method inspects these credentials for information about them.
+
+        Args:
+            name (bool): get the name associated with the credentials
+            lifetime (bool): get the remaining lifetime for the credentials
+            usage (bool): get the usage for the credentials
+            mechs (bool): get the mechanisms associated with the credentials
+
+        Returns:
+            InquireCredResult: the information about the credentials,
+            with None used when the corresponding argument was False
+
+        Raises:
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.InvalidCredentialsError
+            ~gssapi.exceptions.ExpiredCredentialsError
+        """
+
+        res = rcreds.inquire_cred(self, name, lifetime, usage, mechs)
+
+        if res.name is not None:
+            res_name = names.Name(res.name)
+        else:
+            res_name = None
+
+        return tuples.InquireCredResult(res_name, res.lifetime,
+                                        res.usage, res.mechs)

+
+
+

+[docs]
+    def inquire_by_mech(
+        self,
+        mech: roids.OID,
+        name: bool = True,
+        init_lifetime: bool = True,
+        accept_lifetime: bool = True,
+        usage: bool = True,
+    ) -> tuples.InquireCredByMechResult:
+        """Inspect these credentials for per-mechanism information
+
+        This method inspects these credentials for per-mechanism information
+        about them.
+
+        Args:
+            mech (~gssapi.OID): the mechanism for which to retrieve the
+                information
+            name (bool): get the name associated with the credentials
+            init_lifetime (bool): get the remaining initiate lifetime for
+                the credentials in seconds
+            accept_lifetime (bool): get the remaining accept lifetime for
+                the credentials in seconds
+            usage (bool): get the usage for the credentials
+
+        Returns:
+            InquireCredByMechResult: the information about the credentials,
+            with None used when the corresponding argument was False
+        """
+
+        res = rcreds.inquire_cred_by_mech(self, mech, name, init_lifetime,
+                                          accept_lifetime, usage)
+
+        if res.name is not None:
+            res_name = names.Name(res.name)
+        else:
+            res_name = None
+
+        return tuples.InquireCredByMechResult(res_name,
+                                              res.init_lifetime,
+                                              res.accept_lifetime,
+                                              res.usage)

+
+
+

+[docs]
+    def add(
+        self,
+        name: rnames.Name,
+        mech: roids.OID,
+        usage: str = 'both',
+        init_lifetime: t.Optional[int] = None,
+        accept_lifetime: t.Optional[int] = None,
+        impersonator: t.Optional[rcreds.Creds] = None,
+        store: t.Optional[
+            t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+        ] = None,
+    ) -> "Credentials":
+        """Acquire more credentials to add to the current set
+
+        This method works like :meth:`acquire`, except that it adds the
+        acquired credentials for a single mechanism to a copy of the current
+        set, instead of creating a new set for multiple mechanisms.
+        Unlike :meth:`acquire`, you cannot pass None desired name or
+        mechanism.
+
+        If the `impersonator` argument is used, the credentials will
+        impersonate the given name using the impersonator credentials
+        (:requires-ext:`s4u`).
+
+        If the `store` argument is used, the credentials will be acquired
+        from the given credential store (:requires-ext:`cred_store`).
+        Otherwise, the credentials are acquired from the default store.
+
+        The credential store information is a dictionary containing
+        mechanisms-specific keys and values pointing to a credential store
+        or stores.
+
+        Note that the `store` argument is not compatible with the
+        `impersonator` argument.
+
+        Args:
+            name (~gssapi.names.Name): the name associated with the
+                credentials
+            mech (~gssapi.OID): the desired :class:`MechType` to be used with
+                the credentials
+            usage (str): the usage for the credentials -- either 'both',
+                'initiate', or 'accept'
+            init_lifetime (int): the desired initiate lifetime of the
+                credentials in seconds, or None for indefinite
+            accept_lifetime (int): the desired accept lifetime of the
+                credentials in seconds, or None for indefinite
+            impersonator (Credentials): the credentials to use to impersonate
+                the given name, or None to not acquire normally
+                (:requires-ext:`s4u`)
+            store (dict): the credential store information pointing to the
+                credential store from which to acquire the credentials,
+                or None for the default store (:requires-ext:`cred_store`)
+
+        Returns:
+            Credentials: the credentials set containing the current credentials
+            and the newly acquired ones.
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.DuplicateCredentialsElementError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+        """
+
+        if store is not None and impersonator is not None:
+            raise ValueError('You cannot use both the `impersonator` and '
+                             '`store` arguments at the same time')
+
+        if store is not None:
+            if rcred_cred_store is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for manipulating "
+                                          "credential stores")
+            b_store = _encode_dict(store)
+
+            res = rcred_cred_store.add_cred_from(b_store, self, name, mech,
+                                                 usage, init_lifetime,
+                                                 accept_lifetime)
+        elif impersonator is not None:
+            if rcred_s4u is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not have support for S4U")
+            res = rcred_s4u.add_cred_impersonate_name(self, impersonator,
+                                                      name, mech, usage,
+                                                      init_lifetime,
+                                                      accept_lifetime)
+        else:
+            res = rcreds.add_cred(self, name, mech, usage, init_lifetime,
+                                  accept_lifetime)
+
+        return Credentials(res.creds)

+
+
+

+[docs]
+    def export(self) -> bytes:
+        """Export these credentials into a token
+
+        This method exports the current credentials to a token that can
+        then be imported by passing the `token` argument to the constructor.
+
+        This is often used to pass credentials between processes.
+
+        :requires-ext:`cred_imp_exp`
+
+        Returns:
+            bytes: the exported credentials in token form
+        """
+
+        if rcred_imp_exp is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "have support for importing and "
+                                      "exporting creditials")
+
+        return rcred_imp_exp.export_cred(self)

+
+
+    # pickle protocol support
+    def __reduce__(
+        self,
+    ) -> t.Tuple[t.Type["Credentials"], t.Tuple[None, bytes]]:
+        # the unpickle arguments to new are (base=None, token=self.export())
+        return (type(self), (None, self.export()))

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/exceptions.html b/stable/_modules/gssapi/exceptions.html
new file mode 100644
index 00000000..0460b787
--- /dev/null
+++ b/stable/_modules/gssapi/exceptions.html
@@ -0,0 +1,160 @@
+
+
+
+
+
+  
+  
+  gssapi.exceptions — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.exceptions
+import typing as t
+
+from gssapi.raw.exceptions import *  # noqa
+from gssapi.raw.misc import GSSError  # noqa
+
+"""High-Level API Errors
+
+This module includes several high-level exceptions,
+in addition to GSSError and exceptions from
+:mod:`gssapi.raw.exceptions`.
+"""
+
+
+# non-GSS exceptions
+

+[docs]
+class GeneralError(Exception):
+    """A General High-Level API Error"""
+    MAJOR_MESSAGE = "General error"
+    FMT_STR = "{maj}: {min}."
+
+    def __init__(
+        self,
+        minor_message: str,
+        **kwargs: str,
+    ) -> None:
+        maj_str = self.MAJOR_MESSAGE.format(**kwargs)
+        err_str = self.FMT_STR.format(maj=maj_str, min=minor_message)
+        super(GeneralError, self).__init__(err_str)

+
+
+
+

+[docs]
+class UnknownUsageError(GeneralError):
+    """An Error indicating an unknown usage type"""
+    MAJOR_MESSAGE = "Unable to determine {obj} usage"

+
+
+
+

+[docs]
+class EncryptionNotUsed(GeneralError):
+    """An Error indicating that encryption was requested, but not used"""
+    MAJOR_MESSAGE = "Confidentiality was requested, but not used"
+
+    def __init__(
+        self,
+        minor_message: str,
+        unwrapped_message: t.Optional[bytes] = None,
+        **kwargs: str,
+    ) -> None:
+        super(EncryptionNotUsed, self).__init__(minor_message, **kwargs)
+
+        self.unwrapped_message = unwrapped_message

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/names.html b/stable/_modules/gssapi/names.html
new file mode 100644
index 00000000..98415d52
--- /dev/null
+++ b/stable/_modules/gssapi/names.html
@@ -0,0 +1,537 @@
+
+
+
+
+
+  
+  
+  gssapi.names — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.names
+
+import typing as t
+
+from gssapi.raw import names as rname
+from gssapi.raw import NameType
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import oids as roids
+from gssapi import _utils
+
+from collections.abc import MutableMapping, Iterable
+
+rname_rfc6680 = _utils.import_gssapi_extension('rfc6680')
+rname_rfc6680_comp_oid = _utils.import_gssapi_extension('rfc6680_comp_oid')
+
+
+

+[docs]
+class Name(rname.Name):
+    """A GSSAPI Name
+
+    This class represents a GSSAPI name which may be used with and/or returned
+    by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI :class:`~gssapi.raw.names.Name`
+    class, and thus may used with both low-level and high-level API methods.
+
+    This class may be pickled and unpickled, as well as copied.
+
+    The :class:`str` and :class:`bytes` methods may be used to retrieve the
+    text of the name.
+
+    Note:
+        Name strings will be automatically converted to and from unicode
+        strings as appropriate.  If a method is listed as returning a
+        :class:`str` object, it will return a unicode string.
+
+        The encoding used will be python-gssapi's current encoding, which
+        defaults to UTF-8.
+    """
+
+    __slots__ = ('_attr_obj')
+
+    def __new__(
+        cls,
+        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
+        name_type: t.Optional[roids.OID] = None,
+        token: t.Optional[bytes] = None,
+        composite: bool = False,
+    ) -> "Name":
+        if token is not None:
+            if composite:
+                if rname_rfc6680 is None:
+                    raise NotImplementedError(
+                        "Your GSSAPI implementation does not support RFC 6680 "
+                        "(the GSSAPI naming extensions)")
+
+                if rname_rfc6680_comp_oid is not None:
+                    base_name = rname.import_name(token,
+                                                  NameType.composite_export)
+                    displ_name = rname.display_name(base_name, name_type=True)
+                    if displ_name.name_type == NameType.composite_export:
+                        # NB(directxman12): there's a bug in MIT krb5 <= 1.13
+                        # where GSS_C_NT_COMPOSITE_EXPORT doesn't trigger
+                        # immediate import logic.  However, we can just use
+                        # the normal GSS_C_NT_EXPORT_NAME in this case.
+                        base_name = rname.import_name(token, NameType.export)
+                else:
+                    # NB(directxman12): some older versions of MIT krb5 don't
+                    # have support for the GSS_C_NT_COMPOSITE_EXPORT, but do
+                    # support composite tokens via GSS_C_NT_EXPORT_NAME.
+                    base_name = rname.import_name(token, NameType.export)
+            else:
+                base_name = rname.import_name(token, NameType.export)
+        elif isinstance(base, rname.Name):
+            base_name = base
+        else:
+            if isinstance(base, str):
+                base = base.encode(_utils._get_encoding())
+
+            base_name = rname.import_name(
+                base,  # type: ignore[arg-type]
+                name_type)
+
+        return t.cast("Name", super(Name, cls).__new__(cls, base_name))
+
+    def __init__(
+        self,
+        base: t.Optional[t.Union[rname.Name, bytes, str]] = None,
+        name_type: t.Optional[roids.OID] = None,
+        token: t.Optional[bytes] = None,
+        composite: bool = False,
+    ) -> None:
+        """
+        The constructor can be used to "import" a name from a human readable
+        representation, or from a token, and can also be used to convert a
+        low-level :class:`gssapi.raw.names.Name` object into a high-level
+        object.
+
+        If a :class:`~gssapi.raw.names.Name` object from the low-level API
+        is passed as the `base` argument, it will be converted into a
+        high-level object.
+
+        If the `token` argument is used, the name will be imported using
+        the token.  If the token was exported as a composite token,
+        pass `composite=True`.
+
+        Otherwise, a new name will be created, using the `base` argument as
+        the human-readable string and the `name_type` argument to denote the
+        name type.
+
+        Raises:
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+            ~gssapi.exceptions.BadMechanismError
+        """
+
+        self._attr_obj: t.Optional[_NameAttributeMapping]
+
+        if rname_rfc6680 is not None:
+            self._attr_obj = _NameAttributeMapping(self)
+        else:
+            self._attr_obj = None
+
+    def __str__(self) -> str:
+        return bytes(self).decode(_utils._get_encoding())
+
+    def __unicode__(self) -> str:
+        # Python 2 -- someone asked for unicode
+        return self.__bytes__().decode(_utils._get_encoding())
+
+    def __bytes__(self) -> bytes:
+        # Python 3 -- someone asked for bytes
+        return rname.display_name(self, name_type=False).name
+
+

+[docs]
+    def display_as(
+        self,
+        name_type: roids.OID,
+    ) -> str:
+        """
+        Display this name as the given name type.
+
+        This method attempts to display the current :class:`Name`
+        using the syntax of the given :class:`~gssapi.raw.types.NameType`, if
+        possible.
+
+        Warning:
+
+            In MIT krb5 versions below 1.13.3, this method can segfault if
+            the name was not *originally* created with a `name_type` that was
+            not ``None`` (even in cases when a ``name_type``
+            is later "added", such as via :meth:`canonicalize`).
+            **Do not use this method unless you are sure the above
+            conditions can never happen in your code.**
+
+        Warning:
+
+            In addition to the above warning, current versions of MIT krb5 do
+            not actually fully implement this method, and it may return
+            incorrect results in the case of canonicalized names.
+
+        :requires-ext:`rfc6680`
+
+        Args:
+            name_type (~gssapi.OID): the :class:`~gssapi.raw.types.NameType` to
+                use to display the given name
+
+        Returns:
+            str: the displayed name
+
+        Raises:
+            ~gssapi.exceptions.OperationUnavailableError
+        """
+
+        if rname_rfc6680 is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+        return rname_rfc6680.display_name_ext(self, name_type).decode(
+            _utils._get_encoding())

+
+
+    @property
+    def name_type(self) -> t.Optional[roids.OID]:
+        """The :class:`~gssapi.raw.types.NameType` of this name"""
+        return rname.display_name(self, name_type=True).name_type
+
+    def __eq__(
+        self,
+        other: object,
+    ) -> bool:
+        if not isinstance(other, rname.Name):
+            # maybe something else can compare this
+            # to other classes, but we certainly can't
+            return NotImplemented
+        else:
+            return rname.compare_name(self, other)
+
+    def __ne__(
+        self,
+        other: object,
+    ) -> bool:
+        return not self.__eq__(other)
+
+    def __repr__(self) -> str:
+        disp_res = rname.display_name(self, name_type=True)
+        return "Name({name!r}, {name_type})".format(
+            name=disp_res.name, name_type=disp_res.name_type)
+
+

+[docs]
+    def export(
+        self,
+        composite: bool = False,
+    ) -> bytes:
+        """Export this name as a token.
+
+        This method exports the name into a byte string which can then be
+        imported by using the `token` argument of the constructor.
+
+        Args:
+            composite (bool): whether or not use to a composite token --
+                :requires-ext:`rfc6680`
+
+        Returns:
+            bytes: the exported name in token form
+
+        Raises:
+            ~gssapi.exceptions.MechanismNameRequiredError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+        """
+
+        if composite:
+            if rname_rfc6680 is None:
+                raise NotImplementedError("Your GSSAPI implementation does "
+                                          "not support RFC 6680 (the GSSAPI "
+                                          "naming extensions)")
+
+            return rname_rfc6680.export_name_composite(self)
+        else:
+            return rname.export_name(self)

+
+
+

+[docs]
+    def canonicalize(
+        self,
+        mech: roids.OID
+    ) -> "Name":
+        """Canonicalize a name with respect to a mechanism.
+
+        This method returns a new :class:`Name` that is canonicalized according
+        to the given mechanism.
+
+        Args:
+            mech (~gssapi.OID): the :class:`MechType` to use
+
+        Returns:
+            Name: the canonicalized name
+
+        Raises:
+            ~gssapi.exceptions.BadMechanismError
+            ~gssapi.exceptions.BadNameTypeError
+            ~gssapi.exceptions.BadNameError
+        """
+
+        return type(self)(rname.canonicalize_name(self, mech))

+
+
+    def __copy__(self) -> "Name":
+        return type(self)(rname.duplicate_name(self))
+
+    def __deepcopy__(
+        self,
+        memo: t.Dict,
+    ) -> "Name":
+        return type(self)(rname.duplicate_name(self))
+
+    def _inquire(
+        self,
+        **kwargs: t.Any,
+    ) -> tuples.InquireNameResult:
+        """Inspect this name for information.
+
+        This method inspects the name for information.
+
+        If no keyword arguments are passed, all available information
+        is returned.  Otherwise, only the keyword arguments that
+        are passed and set to `True` are returned.
+
+        Args:
+            mech_name (bool): get whether this is a mechanism name,
+                and, if so, the associated mechanism
+            attrs (bool): get the attributes names for this name
+
+        Returns:
+            InquireNameResult: the results of the inquiry, with unused
+                fields set to None
+
+        Raises:
+            ~gssapi.exceptions.GSSError
+        """
+
+        if rname_rfc6680 is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+
+        if not kwargs:
+            default_val = True
+        else:
+            default_val = False
+
+        attrs = kwargs.get('attrs', default_val)
+        mech_name = kwargs.get('mech_name', default_val)
+
+        return rname_rfc6680.inquire_name(self, mech_name=mech_name,
+                                          attrs=attrs)
+
+    @property
+    def is_mech_name(self) -> bool:
+        """Whether or not this name is a mechanism name
+        (:requires-ext:`rfc6680`)
+        """
+        return self._inquire(mech_name=True).is_mech_name
+
+    @property
+    def mech(self) -> roids.OID:
+        """The mechanism associated with this name (:requires-ext:`rfc6680`)
+        """
+        return self._inquire(mech_name=True).mech
+
+    @property
+    def attributes(self) -> t.Optional[MutableMapping]:
+        """The attributes of this name (:requires-ext:`rfc6680`)
+
+        The attributes are presenting in the form of a
+        :class:`~collections.abc.MutableMapping` (a dict-like object).
+
+        Retrieved values will always be in the form of :class:`frozenset`.
+
+        When assigning values, if iterables are used, they be considered to be
+        the set of values for the given attribute.  If a non-iterable is used,
+        it will be considered a single value, and automatically wrapped in an
+        iterable.
+
+        Note:
+            String types (includes :class:`bytes`) are not considered to
+            be iterables in this case.
+        """
+        if self._attr_obj is None:
+            raise NotImplementedError("Your GSSAPI implementation does not "
+                                      "support RFC 6680 (the GSSAPI naming "
+                                      "extensions)")
+
+        return self._attr_obj

+
+
+
+class _NameAttributeMapping(MutableMapping):
+
+    """Provides dict-like access to RFC 6680 Name attributes."""
+    def __init__(
+        self,
+        name: Name,
+    ) -> None:
+        self._name = name
+
+    def __getitem__(
+        self,
+        key: t.Union[bytes, str],
+    ) -> tuples.GetNameAttributeResult:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        res = rname_rfc6680.get_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+        res = t.cast(tuples.GetNameAttributeResult, res)
+
+        return tuples.GetNameAttributeResult(list(res.values),
+                                             list(res.display_values),
+                                             res.authenticated,
+                                             res.complete)
+
+    def __setitem__(
+        self,
+        key: t.Union[bytes, str],
+        value: t.Union[
+            tuples.GetNameAttributeResult, t.Tuple[bytes, bool], bytes
+        ],
+    ) -> None:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+
+        attr_value: t.List[bytes]
+        if isinstance(value, tuples.GetNameAttributeResult):
+            complete = value.complete
+            attr_value = value.values
+        elif isinstance(value, tuple) and len(value) == 2:
+            complete = t.cast(bool, value[1])
+            attr_value = [t.cast(bytes, value[0])]
+        else:
+            complete = False
+
+        if (isinstance(value, (str, bytes)) or
+                not isinstance(value, Iterable)):
+            # NB(directxman12): this allows us to easily assign a single
+            # value, since that's a common case
+            attr_value = [value]
+
+        rname_rfc6680.set_name_attribute(  # type: ignore[union-attr]
+            self._name, key, attr_value, complete=complete)
+
+    def __delitem__(
+        self,
+        key: t.Union[bytes, str],
+    ) -> None:
+        if isinstance(key, str):
+            key = key.encode(_utils._get_encoding())
+
+        rname_rfc6680.delete_name_attribute(  # type: ignore[union-attr]
+            self._name, key)
+
+    def __iter__(self) -> t.Iterator[bytes]:
+        return iter(self._name._inquire(attrs=True).attrs)
+
+    def __len__(self) -> int:
+        return len(self._name._inquire(attrs=True).attrs)
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/chan_bindings.html b/stable/_modules/gssapi/raw/chan_bindings.html
new file mode 100644
index 00000000..42b5b4da
--- /dev/null
+++ b/stable/_modules/gssapi/raw/chan_bindings.html
@@ -0,0 +1,152 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.chan_bindings — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.chan_bindings
+import typing as t
+
+
+

+[docs]
+class ChannelBindings:
+    """GSSAPI Channel Bindings
+
+    This class represents a set of GSSAPI channel bindings.
+
+    Args:
+        initiator_address_type: the initiator address type
+        initiator_address: the initiator address
+        acceptor_address_type:  the acceptor address type
+        acceptor_address: the acceptor address
+        application_data: additional application-specific data
+    """
+
+

+[docs]
+    initiator_address_type: t.Optional[int]

+
+

+[docs]
+    initiator_address: t.Optional[bytes]

+
+

+[docs]
+    acceptor_address_type: t.Optional[int]

+
+

+[docs]
+    acceptor_address: t.Optional[bytes]

+
+

+[docs]
+    application_data: t.Optional[bytes]

+
+
+    def __init__(
+        self,
+        initiator_address_type: t.Optional[int] = None,
+        initiator_address: t.Optional[bytes] = None,
+        acceptor_address_type: t.Optional[int] = None,
+        acceptor_address: t.Optional[bytes] = None,
+        application_data: t.Optional[bytes] = None,
+    ) -> None: ...

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/creds.html b/stable/_modules/gssapi/raw/creds.html
new file mode 100644
index 00000000..32a71d2d
--- /dev/null
+++ b/stable/_modules/gssapi/raw/creds.html
@@ -0,0 +1,310 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.creds — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.creds
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+    from gssapi.raw.named_tuples import (
+        AcquireCredResult,
+        AddCredResult,
+        InquireCredResult,
+        InquireCredByMechResult,
+    )
+
+
+

+[docs]
+class Creds:
+    """
+    GSSAPI Credentials
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["Creds"] = None,
+    ) -> "Creds": ...

+
+
+
+

+[docs]
+def acquire_cred(
+    name: t.Optional["Name"],
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'both',
+) -> "AcquireCredResult":
+    """Get GSSAPI credentials for the given name and mechanisms.
+
+    This method gets GSSAPI credentials corresponding to the given name
+    and mechanims.  The desired TTL and usage for the the credential may also
+    be specified.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name for which to acquire the
+            credentials (or None for the "no name" functionality)
+        lifetime (int): the lifetime in seconds for the credentials (or None
+            for indefinite)
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work, or None for the default set
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
+

+[docs]
+def release_cred(
+    creds: Creds,
+) -> None:
+    """
+    release_cred(creds)
+    Release GSSAPI Credentials.
+
+    This method releases GSSAPI credentials.
+
+    Warning:
+        This method is deprecated.  Credentials are
+        automatically freed by Python.
+
+    Args:
+        creds (Creds): the credentials in question
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
+

+[docs]
+def add_cred(
+    input_cred: Creds,
+    name: "Name",
+    mech: "OID",
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+    mutate_input: bool = False,
+) -> "AddCredResult":
+    """Add a credential element to a credential.
+
+    This method can be used to either compose two credentials (i.e., original
+    and new credential), or to add a new element to an existing credential.
+
+    Args:
+        input_cred (Creds): the set of credentials to which to add the new
+            credentials
+        name (~gssapi.raw.names.Name): name of principal to acquire a
+            credential for
+        mech (~gssapi.raw.types.MechType): the desired security mechanism
+            (required).
+        usage (str): usage type for credentials.  Possible values:
+            'initiate' (default), 'accept', 'both' (failsafe).
+        init_lifetime (int): lifetime of credentials for use in initiating
+            security contexts in seconds (None for indefinite)
+        accept_lifetime (int): lifetime of credentials for use in accepting
+            security contexts in seconds (None for indefinite)
+        mutate_input (bool): whether to mutate the input credentials (True)
+            or produce a new set of credentials (False).  Defaults to False
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL, and the actual acceptor TTL (None for
+        either indefinite or not supported).  Note that the credentials may
+        be set to None if mutate_input is set to True.
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.DuplicateCredentialsElementError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+    """

+
+
+
+

+[docs]
+def inquire_cred(
+    creds: Creds,
+    name: bool = True,
+    lifetime: bool = True,
+    usage: bool = True,
+    mechs: bool = True,
+) -> "InquireCredResult":
+    """Inspect credentials for information.
+
+    This method inspects a :class:`Creds` object for information.
+
+    Args:
+        creds (Creds): the credentials to inspect
+        name (bool): get the Name associated with the credentials
+        lifetime (bool): get the TTL for the credentials
+        usage (bool): get the usage type of the credentials
+        mechs (bool): the mechanims used with the credentials
+
+    Returns:
+        InquireCredResult: the information about the credentials,
+        with unused fields set to None
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+    """

+
+
+
+

+[docs]
+def inquire_cred_by_mech(
+    creds: Creds,
+    mech: "OID",
+    name: bool = True,
+    init_lifetime: bool = True,
+    accept_lifetime: bool = True,
+    usage: bool = True,
+) -> "InquireCredByMechResult":
+    """Inspect credentials for mechanism-specific information.
+
+    This method inspects a :class:`Creds` object for information
+    specific to a particular mechanism.  It functions similarly
+    to :func:`inquire_cred`.
+
+    Args:
+        creds (Creds): the credentials to inspect
+        mech (~gssapi.OID): the desired mechanism
+        name (bool): get the Name associated with the credentials
+        init_lifetime (bool): get the initiator TTL for the credentials (in
+            seconds)
+        accept_lifetime (bool): get the acceptor TTL for the credentials (in
+            seconds)
+        usage (bool): get the usage type of the credentials
+
+    Returns:
+        InquireCredByMechResult: the information about the credentials,
+        with unused fields set to None
+
+    Raises:
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.InvalidCredentialsError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/exceptions.html b/stable/_modules/gssapi/raw/exceptions.html
new file mode 100644
index 00000000..8487c276
--- /dev/null
+++ b/stable/_modules/gssapi/raw/exceptions.html
@@ -0,0 +1,270 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.exceptions — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.exceptions
+from gssapi.raw.misc import GSSError
+
+

+[docs]
+class ParameterReadError(GSSError): ...

+
+
+

+[docs]
+class ParameterWriteError(GSSError): ...

+
+
+

+[docs]
+class MalformedParameterError(GSSError): ...

+
+
+

+[docs]
+class BadMechanismError(GSSError): ...

+
+
+

+[docs]
+class BadNameError(GSSError): ...

+
+
+

+[docs]
+class BadNameTypeError(GSSError): ...

+
+
+

+[docs]
+class BadChannelBindingsError(GSSError): ...

+
+
+

+[docs]
+class BadStatusError(GSSError): ...

+
+
+

+[docs]
+class BadMICError(GSSError): ...

+
+
+

+[docs]
+class MissingCredentialsError(GSSError): ...

+
+
+

+[docs]
+class MissingContextError(GSSError): ...

+
+
+

+[docs]
+class InvalidTokenError(GSSError): ...

+
+
+

+[docs]
+class InvalidCredentialsError(GSSError): ...

+
+
+

+[docs]
+class ExpiredCredentialsError(GSSError): ...

+
+
+

+[docs]
+class ExpiredContextError(GSSError): ...

+
+
+

+[docs]
+class BadQoPError(GSSError): ...

+
+
+

+[docs]
+class UnauthorizedError(GSSError): ...

+
+
+

+[docs]
+class OperationUnavailableError(GSSError): ...

+
+
+

+[docs]
+class DuplicateCredentialsElementError(GSSError): ...

+
+
+

+[docs]
+class MechanismNameRequiredError(GSSError): ...

+
+
+

+[docs]
+class NameReadError(ParameterReadError, BadNameError): ...

+
+
+

+[docs]
+class NameTypeReadError(ParameterReadError, BadNameTypeError): ...

+
+
+

+[docs]
+class TokenReadError(ParameterReadError, InvalidTokenError): ...

+
+
+

+[docs]
+class ContextReadError(ParameterReadError, MissingContextError): ...

+
+
+

+[docs]
+class CredentialsReadError(ParameterReadError, MissingCredentialsError): ...

+
+
+

+[docs]
+class ContextWriteError(ParameterWriteError, MissingContextError): ...

+
+
+

+[docs]
+class CredentialsWriteError(ParameterWriteError, MissingCredentialsError): ...

+
+
+

+[docs]
+class SupplementaryError(GSSError): ...

+
+
+

+[docs]
+class DuplicateTokenError(SupplementaryError): ...

+
+
+

+[docs]
+class ExpiredTokenError(SupplementaryError): ...

+
+
+

+[docs]
+class TokenOutOfSequenceError(SupplementaryError): ...

+
+
+

+[docs]
+class TokenTooLateError(TokenOutOfSequenceError): ...

+
+
+

+[docs]
+class TokenTooEarlyError(TokenOutOfSequenceError): ...

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_cred_imp_exp.html b/stable/_modules/gssapi/raw/ext_cred_imp_exp.html
new file mode 100644
index 00000000..1e7415fa
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_cred_imp_exp.html
@@ -0,0 +1,154 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_cred_imp_exp — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_cred_imp_exp
+"""Credentials Import/Export Extension"""
+
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+
+
+

+[docs]
+def export_cred(
+    creds: "Creds",
+) -> bytes:
+    """Export GSSAPI credentials.
+
+    This method exports GSSSAPI credentials into a token
+    which may be transmitted between different processes.
+
+    Args:
+        creds (Creds): the credentials object to be exported
+
+    Returns:
+        bytes: the exported token representing the given credentials object
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def import_cred(
+    token: bytes,
+) -> "Creds":
+    """Import GSSAPI credentials from a token.
+
+    This method imports a credentials object from a token
+    previously exported by :func:`export_cred`.
+
+    Args:
+        token (bytes): the token to import
+
+    Returns:
+        Creds: the imported credentials object
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_cred_store.html b/stable/_modules/gssapi/raw/ext_cred_store.html
new file mode 100644
index 00000000..f4454717
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_cred_store.html
@@ -0,0 +1,249 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_cred_store — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_cred_store
+"""Credential Store Extension"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AcquireCredResult, StoreCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def acquire_cred_from(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ] = None,
+    name: t.Optional["Name"] = None,
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'both',
+) -> "AcquireCredResult":
+    """Acquire credentials from the given store.
+
+    This method acquires credentials from the store specified by the
+    given credential store information.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the credential store information pointing to the
+            credential store from which to acquire the credentials.
+            See :doc:`credstore` for valid values
+        name (~gssapi.raw.names.Name): the name associated with the
+            credentials, or None for the default name
+        lifetime (int): the desired lifetime of the credentials in seconds, or
+            None for indefinite
+        mechs (list): the desired mechanisms to be used with these
+            credentials, or None for the default set
+        usage (str): the usage for these credentials -- either 'both',
+            'initiate', or 'accept'
+
+    Returns:
+        AcquireCredResult: the acquired credentials and information about
+        them
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def add_cred_from(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ],
+    input_creds: "Creds",
+    name: "Name",
+    mech: "OID",
+    usage: str = 'both',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AcquireCredResult":
+    """Acquire credentials to add to the current set from the given store.
+
+    This method works like :func:`acquire_cred_from`, except that it
+    adds the acquired credentials for a single mechanism to a copy of
+    the current set, instead of creating a new set for multiple mechanisms.
+    Unlike :func:`~gssapi.raw.creds.acquire_cred`, you cannot pass None for the
+    desired name or mechanism.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the store into which to store the credentials,
+            or None for the default store.
+            See :doc:`credstore` for valid values
+        name (~gssapi.raw.names.Name): the name associated with the credentials
+        mech (~gssapi.OID): the desired mechanism to be used with these
+            credentials
+        usage (str): the usage for these credentials -- either 'both',
+            'initiate', or 'accept'
+        init_lifetime (int): the desired initiate lifetime of the credentials
+            in seconds, or None for indefinite
+        accept_lifetime (int): the desired accept lifetime of the credentials
+            in seconds, or None for indefinite
+
+    Returns:
+        AcquireCredResult: the new credentials set and information about
+        it
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def store_cred_into(
+    dict_store: t.Optional[
+        t.Dict[t.Union[bytes, str], t.Union[bytes, str]]
+    ],
+    creds: "Creds",
+    usage: str = 'both',
+    mech: t.Optional["OID"] = None,
+    overwrite: bool = False,
+    set_default: bool = False,
+) -> "StoreCredResult":
+    """Store credentials into the given store.
+
+    This method stores the given credentials into the store specified
+    by the given store information.  They may then be retrieved later using
+    :func:`acquire_cred_from` or :func:`add_cred_from`.
+
+    The credential store information is a dictionary containing
+    mechanisms-specific keys and values pointing to a credential store
+    or stores.
+
+    Args:
+        store (dict): the store into which to store the credentials,
+            or None for the default store.
+            See :doc:`credstore` for valid values
+        creds (Creds): the credentials to store
+        usage (str): the usage to store the credentials with -- either
+            'both', 'initiate', or 'accept'
+        mech (~gssapi.OID): the mechansim to associate with the stored
+            credentials
+        overwrite (bool): whether or not to overwrite existing credentials
+            stored with the same name, etc
+        set_default (bool): whether or not to set these credentials as
+            the default credentials for the given store.
+
+    Returns:
+        StoreCredResult: the results of the credential storing operation
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_dce.html b/stable/_modules/gssapi/raw/ext_dce.html
new file mode 100644
index 00000000..c364ca54
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_dce.html
@@ -0,0 +1,351 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_dce — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_dce
+import typing as t
+
+from enum import IntEnum
+
+from gssapi.raw.ext_dce_aead import wrap_aead, unwrap_aead
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import IOVUnwrapResult, WrapResult
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+class IOVBufferType(IntEnum):
+    """
+    IOV Buffer Types
+
+    This IntEnum represent GSSAPI IOV buffer
+    types to be used with the IOV methods.
+
+    The numbers behind the values correspond directly
+    to their C counterparts.
+    """
+
+

+[docs]
+    empty = 0 #: GSS_IOV_BUFFER_TYPE_EMPTY

+
+

+[docs]
+    data = 1 #: GSS_IOV_BUFFER_TYPE_DATA

+
+

+[docs]
+    header = 2 #: GSS_IOV_BUFFER_TYPE_HEADER

+
+

+[docs]
+    mech_params = 3 #: GSS_IOV_BUFFER_TYPE_MECH_PARAMS

+
+

+[docs]
+    trailer = 7 #: GSS_IOV_BUFFER_TYPE_TRAILER

+
+

+[docs]
+    padding = 9 #: GSS_IOV_BUFFER_TYPE_PADDING

+
+

+[docs]
+    stream = 10 #: GSS_IOV_BUFFER_TYPE_STREAM

+
+

+[docs]
+    sign_only = 11 #: GSS_IOV_BUFFER_TYPE_SIGN_ONLY

+
+

+[docs]
+    mic_token = 12 #: GSS_IOV_BUFFER_TYPE_MIC_TOKEN

+

+
+
+
+

+[docs]
+class IOVBuffer(t.NamedTuple):
+

+[docs]
+    type: IOVBufferType

+
+

+[docs]
+    allocate: t.Optional[bool]

+
+

+[docs]
+    value: t.Optional[bytes]

+

+
+
+
+

+[docs]
+class IOV:
+    """A GSSAPI IOV"""
+
+    def __init__(
+        self,
+        *args: t.Union[
+            IOVBuffer,
+            t.Tuple[
+                t.Union[IOVBufferType, int],
+                t.Optional[bool],
+                t.Optional[bytes]],
+            t.Tuple[
+                t.Union[IOVBufferType, int],
+                t.Optional[t.Union[bool, bytes]],
+            ],
+            bytes,
+            t.Union[IOVBufferType, int],
+        ],
+        std_layout: bool = True,
+        auto_alloc: bool = True,
+    ) -> None: ...
+
+    def __getitem__(
+        self,
+        ind: int,
+    ) -> IOVBuffer: ...
+
+    def __len__(self) -> int: ...
+
+    def __iter__(self) -> t.Iterator[IOVBuffer]: ...
+
+    def __contains__(
+        self,
+        item: IOVBuffer,
+    ) -> bool: ...
+
+    def __reversed__(self) -> t.Iterator[IOVBuffer]: ...
+
+

+[docs]
+    def index(
+        self,
+        value: t.Any,
+    ) -> int: ...

+
+
+

+[docs]
+    def count(
+        self,
+        value: t.Any,
+    ) -> int: ...

+

+
+
+
+

+[docs]
+def wrap_iov(
+    context: "SecurityContext",
+    message: IOV,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> bool:
+    """Wrap/Encrypt an IOV message.
+
+    This method wraps or encrypts an IOV message.  The allocate
+    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
+    indicates whether or not that particular buffer should be
+    automatically allocated (for use with padding, header, and
+    trailer buffers).
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+        confidential (bool): whether or not to encrypt the miovessage (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        bool: whether or not confidentiality was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def unwrap_iov(
+    context: "SecurityContext",
+    message: IOV,
+) -> "IOVUnwrapResult":
+    """Unwrap/Decrypt an IOV message.
+
+    This method uwraps or decrypts an IOV message.  The allocate
+    parameter of the :class:`IOVBuffer` objects in the :class:`IOV`
+    indicates whether or not that particular buffer should be
+    automatically allocated (for use with padding, header, and
+    trailer buffers).
+
+    As a special case, you may pass an entire IOV message
+    as a single 'stream'.  In this case, pass a buffer type
+    of :attr:`IOVBufferType.stream` followed by a buffer type of
+    :attr:`IOVBufferType.data`.  The former should contain the
+    entire IOV message, while the latter should be empty.
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+
+    Returns:
+        IOVUnwrapResult: whether or not confidentiality was used,
+        and the QoP used.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def wrap_iov_length(
+    context: "SecurityContext",
+    message: IOV,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Appropriately size padding, trailer, and header IOV buffers.
+
+    This method sets the length values on the IOV buffers.  You
+    should already have data provided for the data (and sign-only)
+    buffer(s) so that padding lengths can be appropriately computed.
+
+    In Python terms, this will result in an appropriately sized
+    `bytes` object consisting of all zeros.
+
+    Warning:
+        This modifies the input :class:`IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): an :class:`IOV` containing the message
+
+    Returns:
+        WrapResult: a list of :class:IOVBuffer` objects, and whether or not
+        encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_dce_aead.html b/stable/_modules/gssapi/raw/ext_dce_aead.html
new file mode 100644
index 00000000..2aaf9ca4
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_dce_aead.html
@@ -0,0 +1,171 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_dce_aead — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_dce_aead
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+def wrap_aead(
+    context: "SecurityContext",
+    message: bytes,
+    associated: t.Optional[bytes] = None,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Wrap/Encrypt an AEAD message.
+
+    This method takes an input message and associated data,
+    and outputs and AEAD message.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to wrap or encrypt
+        associated (bytes): associated data to go with the message
+        confidential (bool): whether or not to encrypt the message (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        WrapResult: the wrapped/encrypted total message, and whether or not
+        encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def unwrap_aead(
+    context: "SecurityContext",
+    message: bytes,
+    associated: t.Optional[bytes] = None,
+) -> "UnwrapResult":
+    """Unwrap/Decrypt an AEAD message.
+
+    This method takes an encrpyted/wrapped AEAD message and some associated
+    data, and returns an unwrapped/decrypted message.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the AEAD message to unwrap or decrypt
+        associated (bytes): associated data that goes with the message
+
+    Returns:
+        UnwrapResult: the unwrapped/decrypted message, whether or on
+        encryption was used, and the QoP used
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_ggf.html b/stable/_modules/gssapi/raw/ext_ggf.html
new file mode 100644
index 00000000..0103e313
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_ggf.html
@@ -0,0 +1,210 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_ggf — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_ggf
+"""
+GGF Extensions
+
+GGF provides extended credential and security context inquiry that allows
+application to retrieve more information about the client's credentials and
+security context. One common use case is to use
+:meth:`inquire_sec_context_by_oid` to retrieve the "session" key that is
+required by the SMB protocol for signing and encrypting a message.
+
+Draft IETF document for these extensions can be found at
+https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00
+"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+def inquire_cred_by_oid(
+    cred_handle: "Creds",
+    desired_aspect: "OID",
+) -> t.List[bytes]:
+    """
+    This method inspects a :class:`~gssapi.raw.creds.Creds` object for
+    information specific to a particular desired aspect as an OID.
+
+    Args:
+        cred_handle (Creds): the Credentials to query
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Credentials to inquire about.
+
+    Returns:
+        list: A list of zero or more pieces of data (as bytes objects)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def inquire_sec_context_by_oid(
+    context: "SecurityContext",
+    desired_aspect: "OID",
+) -> t.List[bytes]:
+    """
+    This method inspects a :class:`~gssapi.raw.sec_contexts.SecurityContext`
+    object for information specific to a particular desired aspect as an OID.
+
+    This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
+    retrieve the required key that is used to derive the SMB/SAMBA signing and
+    encryption keys.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
+            Context to query
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Security Context to inquire about.
+
+    Returns:
+        list: A list of zero or more pieces of data (as bytes objects)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def set_sec_context_option(
+    desired_aspect: "OID",
+    context: "SecurityContext",
+    value: t.Optional[bytes] = None,
+) -> None:
+    """
+    This method is used to set a value for a specific OID of a
+    :class:`~gssapi.raw.sec_contexts.SecurityContext` object. The OID and value
+    to pass in depends on the mech the SecurityContext backs.
+
+    An example of how this can be used would be to reset the NTLM crypto engine
+    used in gss-ntlmssp. The OID that controls this value is
+    '1.3.6.1.4.1.7165.655.1.3' and it takes it a byte value that represents
+    an int32 where 1 resets the verifier handle and any other int resets the
+    sender handle.
+
+    Args:
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Security Context to set the value for.
+        context (~gssapi.raw.sec_contexts.SecurityContext): the Security
+            Context to set, or None to create a new context.
+        value (bytes): the value to set on the desired aspect of the Security
+            Context or None to send GSS_C_EMPTY_BUFFER.
+
+    Returns:
+        ~gssapi.raw.sec_contexts.SecurityContext: The output security context.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_iov_mic.html b/stable/_modules/gssapi/raw/ext_iov_mic.html
new file mode 100644
index 00000000..2dcdedab
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_iov_mic.html
@@ -0,0 +1,203 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_iov_mic — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_iov_mic
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.ext_dce import IOV
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+def get_mic_iov(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> None:
+    """Generate MIC tokens for the given IOV message.
+
+    This method generates a MIC token for the given IOV message, and places it
+    in the :attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token` buffer in the
+    IOV. This method operates entirely in-place, and returns nothing.
+
+    Warning:
+        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def get_mic_iov_length(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> None:
+    """Allocate space for the MIC buffer in the given IOV message.
+
+    This method allocates space for the MIC token buffer
+    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) in the given IOV
+    message.
+
+    Warning:
+        This modifies the input :class:`~gssapi.raw.ext_dce.IOV`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def verify_mic_iov(
+    context: "SecurityContext",
+    message: "IOV",
+    qop: t.Optional[int] = None,
+) -> int:
+    """Verify that the MIC matches the data in the given IOV message.
+
+    This method verifies that the MIC token in the MIC buffer
+    (:attr:`~gssapi.raw.ext_dce.IOVBufferType.mic_token`) match the data
+    buffer(s) in the given IOV method.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (IOV): the :class:`~gssapi.raw.ext_dce.IOV` containing the
+            message
+
+    Returns:
+        int: the QoP used to generate the MIC token
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_krb5.html b/stable/_modules/gssapi/raw/ext_krb5.html
new file mode 100644
index 00000000..53cedd2d
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_krb5.html
@@ -0,0 +1,435 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_krb5 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_krb5
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import CfxKeyData, Rfc1964KeyData
+    from gssapi.raw.sec_contexts import SecurityContext
+
+
+

+[docs]
+class Krb5LucidContext:
+    """
+    The base container returned by :meth:`krb5_export_lucid_sec_context` when
+    an unknown version was requested.
+    """

+
+
+
+

+[docs]
+class Krb5LucidContextV1(Krb5LucidContext):
+    """
+    Kerberos context data returned by :meth:`krb5_export_lucid_sec_context`
+    when version 1 was requested.
+    """
+
+    @property
+

+[docs]
+    def version(self) -> t.Optional[int]:
+        """The structure version number
+
+        Returns:
+            Optional[int]: the structure version number
+        """

+
+
+    @property
+

+[docs]
+    def is_initiator(self) -> t.Optional[bool]:
+        """Whether the context was the initiator
+
+        Returns:
+            Optional[bool]: ``True`` when the exported context was the
+            initiator
+        """

+
+
+    @property
+

+[docs]
+    def endtime(self) -> t.Optional[int]:
+        """Expiration time of the context
+
+        Returns:
+            Optional[int]: the expiration time of the context
+        """

+
+
+    @property
+

+[docs]
+    def send_seq(self) -> t.Optional[int]:
+        """Sender sequence number
+
+        Returns:
+            Optional[int]: the sender sequence number
+        """

+
+
+    @property
+

+[docs]
+    def recv_seq(self) -> t.Optional[int]:
+        """Receiver sequence number
+
+        Returns:
+            Optional[int]: the receiver sequence number
+        """

+
+
+    @property
+

+[docs]
+    def protocol(self) -> t.Optional[int]:
+        """The protocol number
+
+        If the protocol number is 0 then :attr:`rfc1964_kd` is set and
+        :attr:`cfx_kd` is `None`. If the protocol number is 1 then the opposite
+        is true.
+
+        Protocol 0 refers to RFC1964 and 1 refers to RFC4121.
+
+        Returns:
+            Optional[int]: the protocol number
+        """

+
+
+    @property
+

+[docs]
+    def rfc1964_kd(self) -> t.Optional["Rfc1964KeyData"]:
+        """Keydata for protocol 0 (RFC1964)
+
+        This will be set when :attr:`protocol` is ``0``.
+
+        Returns:
+            Optional[Rfc1964KeyData]: the RFC1964 key data
+        """

+
+
+    @property
+

+[docs]
+    def cfx_kd(self) -> t.Optional["CfxKeyData"]:
+        """Key data for protocol 1 (RFC4121)
+
+        This will be set when :attr:`protocol` is ``1``.
+
+        Returns:
+            Optional[CfxKeyData]: the RFC4121 key data
+        """

+

+
+
+
+

+[docs]
+def krb5_ccache_name(
+    name: t.Optional[bytes],
+) -> bytes:
+    """Set the default Kerberos Protocol credentials cache name.
+
+    This method sets the default credentials cache name for use by he Kerberos
+    mechanism. The default credentials cache is used by
+    :meth:`~gssapi.raw.creds.acquire_cred` to create a GSS-API credential. It
+    is also used by :meth:`~gssapi.raw.sec_contexts.init_sec_context` when
+    `GSS_C_NO_CREDENTIAL` is specified.
+
+    Note:
+        Heimdal does not return the old name when called. It also does not
+        reset the ccache lookup behaviour when setting to ``None``.
+
+    Note:
+        The return value may not be thread safe.
+
+    Args:
+        name (Optional[bytes]): the name to set as the new thread specific
+            ccache name. Set to ``None`` to revert back to getting the ccache
+            from the config/environment settings.
+
+    Returns:
+        bytes: the old name that was previously set
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_export_lucid_sec_context(
+    context: "SecurityContext",
+    version: int,
+) -> Krb5LucidContext:
+    """Returns a non-opaque version of the internal context info.
+
+    Gets information about the Kerberos security context passed in. Currently
+    only version 1 is known and supported by this library.
+
+    Note:
+        The context handle must not be used again by the caller after this
+        call.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        version (int): the output structure version to export.  Currently
+            only 1 is supported.
+
+    Returns:
+        Krb5LucidContext: the non-opaque version context info
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_extract_authtime_from_sec_context(
+    context: "SecurityContext",
+) -> int:
+    """Get the auth time for the security context.
+
+    Gets the auth time for the established security context.
+
+    Note:
+        Heimdal can only get the authtime on the acceptor security context.
+        MIT is able to get the authtime on both initiators and acceptors.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+
+    Returns:
+        int: the authtime
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_extract_authz_data_from_sec_context(
+    context: "SecurityContext",
+    ad_type: int,
+) -> bytes:
+    """Extracts Kerberos authorization data.
+
+    Extracts authorization data that may be stored within the context.
+
+    Note:
+        Only operates on acceptor contexts.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        ad_type (int): the type of data to extract
+
+    Returns:
+        bytes: the raw authz data from the sec context
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_import_cred(
+    cred_handle: "Creds",
+    cache: t.Optional[int] = None,
+    keytab_principal: t.Optional[int] = None,
+    keytab: t.Optional[int] = None,
+) -> None:
+    """Import Krb5 credentials into GSSAPI credential.
+
+    Imports the krb5 credentials (either or both of the keytab and cache) into
+    the GSSAPI credential so it can be used within GSSAPI. The ccache is
+    copied by reference and thus shared, so if the credential is destroyed,
+    all users of cred_handle will fail.
+
+    Args:
+        cred_handle (Creds): the credential handle to import into
+        cache (int): the krb5_ccache address pointer, as an int, to import
+            from
+        keytab_principal (int): the krb5_principal address pointer, as an int,
+            of the credential to import
+        keytab (int): the krb5_keytab address pointer, as an int, of the
+            keytab to import
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_get_tkt_flags(
+    context: "SecurityContext",
+) -> int:
+    """Return ticket flags for the kerberos ticket.
+
+    Return the ticket flags for the kerberos ticket received when
+    authenticating the initiator.
+
+    Note:
+        Heimdal can only get the tkt flags on the acceptor security context.
+        MIT is able to get the tkt flags on initiators and acceptors.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context
+
+    Returns:
+        int: the ticket flags for the received kerberos ticket
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def krb5_set_allowable_enctypes(
+    cred_handle: "Creds",
+    ktypes: t.Iterable[int],
+) -> None:
+    """Limits the keys that can be exported.
+
+    Called by a context initiator after acquiring the creds but before calling
+    :meth:`~gssapi.raw.sec_contexts.init_sec_context` to restrict the set of
+    enctypes which will be negotiated during context establisment to those in
+    the provided list.
+
+    Warning:
+        The cred_handle should not be ``GSS_C_NO_CREDENTIAL``.
+
+    Args:
+        cred_hande (Creds): the credential handle
+        ktypes (List[int]): list of enctypes allowed
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_password.html b/stable/_modules/gssapi/raw/ext_password.html
new file mode 100644
index 00000000..b352b71e
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_password.html
@@ -0,0 +1,148 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_password — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_password
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import AcquireCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def acquire_cred_with_password(
+    name: "Name",
+    password: bytes,
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'initiate',
+) -> "AcquireCredResult":
+    """Acquire credentials through provided password.
+
+    This function is originally from Solaris and is not documented by either
+    MIT or Heimdal.
+
+    In general, it functions similarly to
+    :func:`~gssapi.raw.creds.acquire_cred`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to acquire credentials for
+        password (bytes): the password used to acquire credentialss with
+        lifetime (int): the lifetime for the credentials in seconds (or None
+            for indefinite)
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work (or None for the default set)
+        usage (str): usage type for credentials.  Possible values:
+            'initiate' (default), 'accept', 'both' (failsafe).
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_password_add.html b/stable/_modules/gssapi/raw/ext_password_add.html
new file mode 100644
index 00000000..bf13124c
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_password_add.html
@@ -0,0 +1,155 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_password_add — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_password_add
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AddCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def add_cred_with_password(
+    input_cred: "Creds",
+    name: "Name",
+    mech: "OID",
+    password: bytes,
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AddCredResult":
+    """Add a credential-element to a credential using provided password.
+
+    This function is originally from Solaris and is not documented by either
+    MIT or Heimdal.
+
+    In general, it functions similarly to :func:`~gssapi.raw.creds.add_cred`.
+
+    Args:
+        input_cred (~gssapi.raw.creds.Creds): the credentials to add to
+        name (~gssapi.raw.names.Name): the name to acquire credentials for
+        mech (~gssapi.raw.types.MechType): the desired mechanism.  Note that
+            this is both singular and required
+        password (bytes): the password used to acquire credentialss with
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+        init_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to initiate security contexts (or None
+            for indefinite)
+        accept_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to accept security contexts (or None
+            for indefinite)
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL in seconds, and the actual acceptor TTL
+        in seconds (the TTLs may be None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_rfc4178.html b/stable/_modules/gssapi/raw/ext_rfc4178.html
new file mode 100644
index 00000000..f87d3a43
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_rfc4178.html
@@ -0,0 +1,134 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc4178 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc4178
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def set_neg_mechs(
+    cred_handle: "Creds",
+    mech_set: t.Iterable["OID"],
+) -> None:
+    """
+    Specify the set of security mechanisms that may be negotiated with
+    the credential identified by cred_handle.
+    If more than one mechanism is specified in mech_set, the order in
+    which those mechanisms are specified implies a relative preference.
+
+    Args:
+        cred_handle (Creds): credentials to set negotiable mechanisms for
+        mech_set (~gssapi.raw.types.MechType): negotiable mechanisms to be set
+
+    Returns:
+        None
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_rfc5587.html b/stable/_modules/gssapi/raw/ext_rfc5587.html
new file mode 100644
index 00000000..1788c6af
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_rfc5587.html
@@ -0,0 +1,176 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc5587 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc5587
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import InquireAttrsResult, DisplayAttrResult
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def indicate_mechs_by_attrs(
+    desired_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+    except_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+    critical_mech_attrs: t.Optional[t.Iterable["OID"]] = None,
+) -> t.Set["OID"]:
+    """Get a set of mechanisms that have the specified attributes.
+
+    Args:
+        desired_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
+            offer
+        except_mech_attrs (~gssapi.OID): Attributes that the output mechs MUST
+            NOT offer
+        critical_mech_attrs (~gssapi.OID): Attributes that the output mechs
+            MUST understand and offer
+
+    Returns:
+        ~gssapi.MechType: a set of mechs which satisfy the given criteria
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def inquire_attrs_for_mech(
+    mech: "OID",
+) -> "InquireAttrsResult":
+    """Gets the set of attrs supported and known by a mechanism.
+
+    Args:
+        mech (~gssapi.raw.types.MechType): Mechanism to inquire about
+
+    Returns:
+        InquireAttrsResult: the results of inquiry; a mech's attributes and
+        known attributes
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def display_mech_attr(
+    attr: "OID",
+) -> "DisplayAttrResult":
+    """Returns information about attributes in human readable form.
+
+    Args:
+        attr (~gssapi.OID): Mechanism attribute to retrieve names and
+            descriptions of
+
+    Returns:
+        DisplayAttrResult: the results of displaying the attribute; mech name,
+        short description, and long description.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_rfc5588.html b/stable/_modules/gssapi/raw/ext_rfc5588.html
new file mode 100644
index 00000000..95f46959
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_rfc5588.html
@@ -0,0 +1,149 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc5588 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc5588
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import StoreCredResult
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def store_cred(
+    creds: "Creds",
+    usage: str = 'both',
+    mech: t.Optional["OID"] = None,
+    overwrite: bool = False,
+    set_default: bool = False,
+) -> "StoreCredResult":
+    """Store credentials into the default store.
+
+    This method stores the given credentials into the default store.
+    They may then be retrieved later using
+    :func:`~gssapi.raw.creds.acquire_cred`.
+
+    Args:
+        creds (Creds): the credentials to store
+        usage (str): the usage to store the credentials with -- either
+            'both', 'initiate', or 'accept'
+        mech (~gssapi.OID): the mechansim to associate with the stored
+            credentials
+        overwrite (bool): whether or not to overwrite existing credentials
+            stored with the same name, etc
+        set_default (bool): whether or not to set these credentials as
+            the default credentials for the given store.
+
+    Returns:
+        StoreCredResult: the results of the credential storing operation
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.DuplicateCredentialsElementError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_rfc5801.html b/stable/_modules/gssapi/raw/ext_rfc5801.html
new file mode 100644
index 00000000..192aae27
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_rfc5801.html
@@ -0,0 +1,149 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc5801 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc5801
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import InquireSASLNameResult
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def inquire_saslname_for_mech(
+    mech: "OID",
+) -> "InquireSASLNameResult":
+    """Gets information about a specified mech, including the SASL name,
+    the mech name, and the mech description.
+
+    Args:
+        mech (~gssapi.OID): Mechanism to inquire about
+
+    Returns:
+        InquireSASLNameResult: the results of inquiry; a mech's SASL name,
+        name, and description.
+
+    Raises:
+        ~gssapi.exceptions.GSSError: an unknown failure occurred
+    """

+
+
+
+

+[docs]
+def inquire_mech_for_saslname(
+    sasl_name: bytes,
+) -> "OID":
+    """Gets the OID for the mech specified by SASL name.
+
+    Args:
+        sasl_name (bytes): SASL name of the mechanism
+
+    Returns:
+        ~gssapi.OID: the mechanism with corresponding SASL name.
+
+    Raises:
+        ~gssapi.exceptions.GSSError: An unknown failure occurred
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_rfc6680.html b/stable/_modules/gssapi/raw/ext_rfc6680.html
new file mode 100644
index 00000000..8b0239e6
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_rfc6680.html
@@ -0,0 +1,291 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_rfc6680 — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_rfc6680
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import (
+        GetNameAttributeResult,
+        InquireNameResult,
+    )
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def display_name_ext(
+    name: "Name",
+    name_type: "OID",
+) -> bytes:
+    """Display the given Name using the given name type.
+
+    This method attempts to display the given Name using the syntax of
+    the given name type.  If this is not possible, an appropriate error
+    will be raised.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to display
+        name_type (~gssapi.OID): the name type (see NameType) to use to
+            display the given name
+
+    Returns:
+        bytes: the displayed name
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given name could not
+            be displayed using the given name type
+    """

+
+
+
+

+[docs]
+def inquire_name(
+    name: "Name",
+    mech_name: bool = True,
+    attrs: bool = True,
+) -> "InquireNameResult":
+    """Get information about a Name.
+
+    This method retrieves information about the given name, including
+    the set of attribute names for the given name, as well as whether or
+    not the name is a mechanism name.  Additionally, if the given name is
+    a mechanism name, the associated mechansim is returned as well.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name about which to inquire
+        mech_name (bool): whether or not to retrieve if this name
+            is a mech_name (and the associate mechanism)
+        attrs (bool): whether or not to retrieve the attribute name list
+
+    Returns:
+        InquireNameResult: the set of attribute names for the given name,
+        whether or not the name is a Mechanism Name, and potentially
+        the associated mechanism if it is a Mechanism Name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def set_name_attribute(
+    name: "Name",
+    attr: bytes,
+    value: t.Iterable[bytes],
+    complete: bool = False,
+) -> None:
+    """Set the value(s) of a name attribute.
+
+    This method sets the value(s) of the given attribute on the given name.
+
+    Note that this functionality more closely matches the pseudo-API
+    presented in RFC 6680, not the C API (which uses multiple calls to
+    add multiple values).  However, multiple calls to this method will
+    continue adding values, so :func:`delete_name_attribute` must be
+    used in between calls to "clear" the values.
+
+    Args:
+        name (~gssapi.raw.names.Name): the Name on which to set the attribute
+        attr (bytes): the name of the attribute
+        value (list): a list of bytes objects to use as the value(s)
+        complete (bool): whether or not to mark this attribute's value
+            set as being "complete"
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given attribute name
+            is unknown or could not be set
+    """

+
+
+
+

+[docs]
+def get_name_attribute(
+    name: "Name",
+    attr: bytes,
+    more: t.Optional[int] = None,
+) -> "GetNameAttributeResult":
+    """Get the value(s) of a name attribute.
+
+    This method retrieves the value(s) of the given attribute
+    for the given Name.
+
+    Note that this functionality matches pseudo-API presented
+    in RFC 6680, not the C API (which uses a state variable and
+    multiple calls to retrieve multiple values).
+
+    Args:
+        name (~gssapi.raw.names.Name): the Name from which to get the attribute
+        attr (bytes): the name of the attribute
+
+    Returns:
+        GetNameAttributeResult: the raw version of the value(s),
+        the human-readable version of the value(s), whether
+        or not the attribute was authenticated, and whether or
+        not the attribute's value set was marked as complete
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError: the given attribute is
+            unknown or unset
+    """

+
+
+
+

+[docs]
+def delete_name_attribute(
+    name: "Name",
+    attr: bytes,
+) -> None:
+    """Remove an attribute from a name.
+
+    This method removes an attribute from a Name.  This method may be
+    used before :func:`set_name_attribute` clear the values of an attribute
+    before setting a new value (making the latter method work like a 'set'
+    operation instead of an 'add' operation).
+
+    Note that the removal of certain attributes may not be allowed.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to remove the attribute from
+        attr (bytes): the name of the attribute
+
+    Raises:
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.UnauthorizedError
+    """

+
+
+
+

+[docs]
+def export_name_composite(
+    name: "Name",
+) -> bytes:
+    """Export a name, preserving attribute information.
+
+    This method functions similarly to :func:`~gssapi.raw.names.export_name`,
+    except that it preserves attribute information.  The resulting bytes may be
+    imported using :func:`~gssapi.raw.names.import_name` with the
+    :attr:`~gssapi.raw.types.NameType.composite_export` name type.
+
+    Note:
+        Some versions of MIT Kerberos require you to either canonicalize a name
+        once it has been imported with composite-export name type, or to import
+        using the normal export name type.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to export
+
+    Returns:
+        bytes: the exported composite name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_s4u.html b/stable/_modules/gssapi/raw/ext_s4u.html
new file mode 100644
index 00000000..58432093
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_s4u.html
@@ -0,0 +1,196 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_s4u — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_s4u
+"""Service4User Extension"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import AcquireCredResult, AddCredResult
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def acquire_cred_impersonate_name(
+    impersonator_cred: "Creds",
+    name: "Name",
+    lifetime: t.Optional[int] = None,
+    mechs: t.Optional[t.Iterable["OID"]] = None,
+    usage: str = 'initiate',
+) -> "AcquireCredResult":
+    """Acquire credentials by impersonating another name.
+
+    This method is one of the ways to use S4U2Self.  It acquires credentials
+    by impersonating another name using a set of proxy credentials.  The
+    impersonator credentials must have a usage of 'both' or 'initiate'.
+
+    Args:
+        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
+            permissions to impersonate the target name
+        name (~gssapi.raw.names.Name): the name to impersonate
+        lifetime (int): the lifetime for the credentials (or None for
+            indefinite) in seconds
+        mechs (~gssapi.raw.types.MechType): the desired mechanisms for which
+            the credentials should work (or None for the default set)
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+
+    Returns:
+        AcquireCredResult: the resulting credentials, the actual mechanisms
+        with which they may be used, and their actual lifetime in seconds (or
+        None for indefinite or not support)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def add_cred_impersonate_name(
+    input_cred: "Creds",
+    impersonator_cred: "Creds",
+    name: "Name",
+    mech: "OID",
+    usage: str = 'initiate',
+    init_lifetime: t.Optional[int] = None,
+    accept_lifetime: t.Optional[int] = None,
+) -> "AddCredResult":
+    """Add a credentials element to a credential by impersonating another name.
+
+    This method is one of the ways to use S4U2Self.  It adds credentials
+    to the input credentials by impersonating another name using a set of
+    proxy credentials.  The impersonator credentials must have a usage of
+    'both' or 'initiate'.
+
+    Args:
+        input_cred (~gssapi.raw.creds.Creds): the set of credentials to which
+            to add the new credentials
+        impersonator_cred (~gssapi.raw.creds.Creds): the credentials with
+            permissions to impersonate the target name
+        name (~gssapi.raw.names.Name): the name to impersonate
+        mech (~gssapi.raw.types.MechType): the desired mechanism. Note that
+            this is both
+            singular and required, unlike acquireCredImpersonateName
+        usage (str): the usage type for the credentials: may be
+            'initiate', 'accept', or 'both'
+        init_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to initiate security contexts (or None
+            for indefinite)
+        accept_lifetime (int): the lifetime, in seconds, for the credentials to
+            remain valid when using them to accept security contexts (or None
+            for indefinite)
+
+    Returns:
+        AddCredResult: the actual mechanisms with which the credentials may be
+        used, the actual initiator TTL in seconds, and the actual acceptor TTL
+        in seconds (the TTLs may be None for indefinite or not supported)
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/ext_set_cred_opt.html b/stable/_modules/gssapi/raw/ext_set_cred_opt.html
new file mode 100644
index 00000000..6f73abef
--- /dev/null
+++ b/stable/_modules/gssapi/raw/ext_set_cred_opt.html
@@ -0,0 +1,157 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.ext_set_cred_opt — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.ext_set_cred_opt
+"""
+gss_set_cred_option
+
+Provides a way to set options on a credential based on the OID specified. A
+common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
+credential. This is used for interoperability with Microsoft's SSPI.
+
+Note this function is commonly lumped with the GGF extensions but they are not
+part of the GGF IETF draft so it's separated into it's own file.
+
+Closest draft IETF document for the gss_set_cred_option can be found at
+https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01
+"""
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+def set_cred_option(
+    desired_aspect: "OID",
+    creds: t.Optional["Creds"] = None,
+    value: t.Optional[bytes] = None,
+) -> "Creds":
+    """
+    This method is used to set options of a :class:`~gssapi.raw.creds.Creds`
+    object based on an OID key. The options that can be set depends on the mech
+    the credentials were created with.
+
+    An example of how this can be used would be to set the
+    GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
+    this flag is '1.2.752.43.13.29' and it requires no value to be set. This
+    must be set before the SecurityContext was initialised with the
+    credentials.
+
+    Args:
+        desired_aspect (~gssapi.raw.oids.OID): the desired aspect of the
+            Credential to set.
+        cred_handle (~gssapi.raw.creds.Creds): the Credentials to set, or None
+            to create a new credential.
+        value (bytes): the value to set on the desired aspect of the Credential
+            or None to send GSS_C_EMPTY_BUFFER.
+
+    Returns:
+        Creds: The output credential.
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/message.html b/stable/_modules/gssapi/raw/message.html
new file mode 100644
index 00000000..d0578a9e
--- /dev/null
+++ b/stable/_modules/gssapi/raw/message.html
@@ -0,0 +1,275 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.message — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.message
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import WrapResult, UnwrapResult
+    from gssapi.sec_contexts import SecurityContext
+
+
+

+[docs]
+def get_mic(
+    context: "SecurityContext",
+    message: bytes,
+    qop: t.Optional[int] = None,
+) -> bytes:
+    """Generate a MIC for a message.
+
+    This method generates a Message Integrity Check token for the
+    given message.  This can be separately trasmitted to the other
+    entity, unlike wrap, which bundles the MIC and the message
+    together.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message for which to generate the MIC
+        qop (int): the requested Quality of Protection
+            (or None to use the default)
+
+    Returns:
+        bytes: the generated MIC token
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
+

+[docs]
+def verify_mic(
+    context: "SecurityContext",
+    message: bytes,
+    token: bytes,
+) -> int:
+    """Verify that a MIC matches a message.
+
+    This method verifies that the given MIC matches the given message.
+    If the MIC does not match the given message, an exception will
+    be raised.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message in question
+        token (bytes): the MIC token in question
+
+    Returns:
+        int: the QoP used.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.TokenTooLateError
+        ~gssapi.exceptions.TokenTooEarlyError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def wrap_size_limit(
+    context: "SecurityContext",
+    output_size: int,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> int:
+    """Calculate the max message size.
+
+    This method calculates the unwrapped/unencrypted message size for
+    the given maximum wrapped/encrypted message size.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        output_size (int): the maximum desired wrapped/encrypted message size
+        confidential (bool): whether or not confidentiality is being used
+        qop (int): the QoP that will be when you actually call wrap
+            (or None for the default QoP)
+
+    Returns:
+        int: the maximum unencrypted/unwrapped message size
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
+

+[docs]
+def wrap(
+    context: "SecurityContext",
+    message: bytes,
+    confidential: bool = True,
+    qop: t.Optional[int] = None,
+) -> "WrapResult":
+    """Wrap/Encrypt a message.
+
+    This method wraps or encrypts a message (depending on the value
+    of confidential) with the given Quality of Protection.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to wrap or encrypt
+        confidential (bool): whether or not to encrypt the message (True),
+            or just wrap it with a MIC (False)
+        qop (int): the desired Quality of Protection
+            (or None for the default QoP)
+
+    Returns:
+        WrapResult: the wrapped/encrypted message, and whether or not
+            encryption was actually used
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadQoPError
+    """

+
+
+
+

+[docs]
+def unwrap(
+    context: "SecurityContext",
+    message: bytes,
+) -> "UnwrapResult":
+    """Unwrap/Decrypt a message.
+
+    This method unwraps or decrypts a message, depending
+    on whether the sender used confidentiality.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the current
+            security context
+        message (bytes): the message to unwrap/decrypt
+
+    Returns:
+        UnwrapResult: the unwrapped/decrypted message, whether or on
+            encryption was used, and the QoP used
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.TokenTooLateError
+        ~gssapi.exceptions.TokenTooEarlyError
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/misc.html b/stable/_modules/gssapi/raw/misc.html
new file mode 100644
index 00000000..f3adb7be
--- /dev/null
+++ b/stable/_modules/gssapi/raw/misc.html
@@ -0,0 +1,306 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.misc — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.misc
+import typing as t
+
+from gssapi.raw.names import Name
+from gssapi.raw.oids import OID
+from gssapi.raw.types import MechType
+
+
+

+[docs]
+def indicate_mechs() -> t.Set[OID]:
+    """Get the currently supported mechanisms.
+
+    This method retrieves the currently supported GSSAPI mechanisms.
+    Note that if unknown mechanims are found, those will be skipped.
+    """

+
+
+
+

+[docs]
+def inquire_names_for_mech(
+    mech: OID,
+) -> t.Set[OID]:
+    """
+    inquire_names_for_mech(mech)
+    Get the name types supported by a mechanism.
+
+    This method retrieves the different name types supported by
+    the given mechanism.
+
+    Args:
+        mech (~gssapi.OID): the mechanism in question
+
+    Returns:
+        list: the name type OIDs supported by the given mechanism
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+

+[docs]
+def inquire_mechs_for_name(
+    name: Name,
+) -> t.Set[OID]:
+    """
+    inquire_mechs_for_name(name)
+    List the mechanisms which can process a name.
+
+    This method lists the mechanisms which may be able to
+    process the given name.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+
+    Returns:
+        The mechanism OIDs able to process the given name
+
+    Raises:
+        ~gssapi.exceptions.GSSError
+    """

+
+
+
+def _display_status(
+    error_code: int,
+    is_major_code: bool,
+    mech: t.Optional[MechType] = None,
+    message_context: int = 0,
+) -> t.Tuple[bytes, int, bool]:
+    """
+    Display a string message for a GSSAPI error code.
+
+    This method displays a message for a corresponding GSSAPI error code.
+    Since some error codes might have multiple messages, a context parameter
+    may be passed to indicate where in the series of messages we currently are
+    (this is the second item in the return value tuple).  Additionally, the
+    third item in the return value tuple indicates whether or not more
+    messages are available.
+
+    Args:
+        error_code (int): The error code in question
+        is_major_code (bool): is this a major code (True) or a
+            minor code (False)
+        mech (~gssapi.raw.types.MechType): The mechanism type that returned
+            this error code (defaults to None, for the default mechanism)
+        message_context (int): The context for this call -- this is used when
+            multiple messages are available (defaults to 0)
+
+    Returns:
+        (bytes, int, bool): the message, the new message context, and
+            whether or not to call again for further messages
+
+    Raises:
+       ValueError
+    """
+
+
+

+[docs]
+class GSSError(Exception):
+    """
+    A GSSAPI Error
+
+    This Exception represents an error returned from the GSSAPI
+    C bindings.  It contains the major and minor status codes
+    returned by the method which caused the error, and can
+    generate human-readable string messages from the error
+    codes
+    """
+
+

+[docs]
+    maj_code: int

+
+

+[docs]
+    min_code: int

+
+

+[docs]
+    token: t.Optional[bytes]

+
+

+[docs]
+    calling_code: int

+
+

+[docs]
+    routine_code: int

+
+

+[docs]
+    supplementary_code: int

+
+
+    @classmethod
+    def _parse_major_code(
+        cls,
+        maj_code: int
+    ) -> t.Tuple[int, int, int]: ...
+
+    def __init__(
+        self,
+        maj_code: int,
+        min_code: int,
+        token: t.Optional[bytes] = None,
+    ) -> None:
+        """
+        Create a new GSSError.
+
+        This method creates a new GSSError,
+        retrieves the related human-readable
+        string messages, and uses the results to construct an
+        exception message
+
+        Args:
+            maj_code: the major code associated with this error
+            min_code: the minor code associated with this error
+            token: an error token associated with the error
+        """
+
+

+[docs]
+    def get_all_statuses(
+        self,
+        code: int,
+        is_maj: bool,
+    ) -> t.List[str]:
+        """
+        Retrieve all messages for a status code.
+
+        This method retrieves all human-readable messages
+        available for the given status code.
+
+        Args:
+            code: the status code in question
+            is_maj: whether this is a major status code (True)
+                or minor status code (False)
+
+        Returns:
+            [str]: A list of string messages associated with the
+                given code
+        """

+
+
+

+[docs]
+    def gen_message(self) -> str:
+        """
+        Retrieves all messages for this error's status codes
+
+        This method retrieves all messages for this error's status codes,
+        and forms them into a string for use as an exception message
+
+        Returns:
+            str: a string for use as this error's message
+        """

+

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/named_tuples.html b/stable/_modules/gssapi/raw/named_tuples.html
new file mode 100644
index 00000000..b2093040
--- /dev/null
+++ b/stable/_modules/gssapi/raw/named_tuples.html
@@ -0,0 +1,384 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.named_tuples — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.named_tuples
+from typing import List, NamedTuple, Optional, Set, TYPE_CHECKING
+
+from gssapi.raw.oids import OID
+from gssapi.raw.types import RequirementFlag
+
+if TYPE_CHECKING:
+    import gssapi
+
+
+

+[docs]
+class AcquireCredResult(NamedTuple):
+    """Credential result when acquiring a GSSAPI credential."""
+    #: GSSAPI credentials that were acquired
+    creds: "gssapi.raw.creds.Creds"
+    #: Set of mechs the cred is for
+    mechs: Set[OID]
+    #: Number of seconds for which the cred will remain valid
+    lifetime: int

+
+
+
+

+[docs]
+class InquireCredResult(NamedTuple):
+    """Information about the credential."""
+    #: The principal associated with the credential
+    name: Optional["gssapi.raw.names.Name"]
+    #: Number of seconds which the cred is valid for
+    lifetime: Optional[int]
+    #: How the credential can be used
+    usage: Optional[str]
+    #: Set of mechs the cred is for
+    mechs: Optional[Set[OID]]

+
+
+
+

+[docs]
+class InquireCredByMechResult(NamedTuple):
+    """Information about the credential for a specific mechanism."""
+    #: The principal associated with the credential
+    name: Optional["gssapi.raw.names.Name"]
+    #: Time valid for initiation, in seconds
+    init_lifetime: Optional[int]
+    #: Time valid for accepting, in seconds
+    accept_lifetime: Optional[int]
+    #: How the credential can be used
+    usage: Optional[str]

+
+
+
+

+[docs]
+class AddCredResult(NamedTuple):
+    """Result of adding to a GSSAPI credential."""
+    #: The credential that was generated
+    creds: Optional["gssapi.raw.creds.Creds"]
+    #: Set of mechs the cred is for
+    mechs: Set[OID]
+    #: Time valid for initiation, in seconds
+    init_lifetime: int
+    #: Time valid for accepting, in seconds
+    accept_lifetime: int

+
+
+
+

+[docs]
+class DisplayNameResult(NamedTuple):
+    """Textual representation of a GSSAPI name."""
+    #: The representation of the GSSAPI name
+    name: bytes
+    #: The type of GSSAPI name
+    name_type: Optional[OID]

+
+
+
+

+[docs]
+class WrapResult(NamedTuple):
+    """Wrapped message result."""
+    #: The wrapped message
+    message: bytes
+    #: Whether the message is encrypted and not just signed
+    encrypted: bool

+
+
+
+

+[docs]
+class UnwrapResult(NamedTuple):
+    """Unwrapped message result."""
+    #: The unwrapped message
+    message: bytes
+    #: Whether the message was encrypted and not just signed
+    encrypted: bool
+    #: The quality of protection applied to the message
+    qop: int

+
+
+
+

+[docs]
+class AcceptSecContextResult(NamedTuple):
+    """Result when accepting a security context by an initiator."""
+    #: The acceptor security context
+    context: "gssapi.raw.sec_contexts.SecurityContext"
+    #: The authenticated name of the initiator
+    initiator_name: "gssapi.raw.names.Name"
+    #: Mechanism with which the context was established
+    mech: OID
+    #: Token to be returned to the initiator
+    token: Optional[bytes]
+    #: Services requested by the initiator
+    flags: RequirementFlag
+    #: Seconds for which the context is valid for
+    lifetime: int
+    #: Delegated credentials
+    delegated_creds: Optional["gssapi.raw.creds.Creds"]
+    #: More input is required to complete the exchange
+    more_steps: bool

+
+
+
+

+[docs]
+class InitSecContextResult(NamedTuple):
+    """Result when initiating a security context"""
+    #: The initiator security context
+    context: "gssapi.raw.sec_contexts.SecurityContext"
+    #: Mechanism used in the security context
+    mech: OID
+    #: Services available for the context
+    flags: RequirementFlag
+    #: Token to be sent to the acceptor
+    token: Optional[bytes]
+    #: Seconds for which the context is valid for
+    lifetime: int
+    #: More input is required to complete the exchange
+    more_steps: bool

+
+
+
+

+[docs]
+class InquireContextResult(NamedTuple):
+    """Information about the security context."""
+    #: Name of the initiator
+    initiator_name: Optional["gssapi.raw.names.Name"]
+    #: Name of the acceptor
+    target_name: Optional["gssapi.raw.names.Name"]
+    #: Time valid for the security context, in seconds
+    lifetime: Optional[int]
+    #: Mech used to create the security context
+    mech: Optional[OID]
+    #: Services available for the context
+    flags: Optional[RequirementFlag]
+    #: Context was initiated locally
+    locally_init: Optional[bool]
+    #: Context has been established and ready to use
+    complete: Optional[bool]

+
+
+
+

+[docs]
+class StoreCredResult(NamedTuple):
+    """Result of the credential storing operation."""
+    #: Mechs that were stored in the credential store
+    mechs: List[OID]
+    #: How the credential can be used
+    usage: str

+
+
+
+

+[docs]
+class IOVUnwrapResult(NamedTuple):
+    """Unwrapped IOV message result."""
+    #: Whether the message was encrypted and not just signed
+    encrypted: bool
+    #: The quality of protection applied to the message
+    qop: int

+
+
+
+

+[docs]
+class InquireNameResult(NamedTuple):
+    """Information about a GSSAPI Name."""
+    #: Set of attribute names
+    attrs: List[bytes]
+    #: Name is a mechanism name
+    is_mech_name: bool
+    #: The mechanism if is_name_mech is True
+    mech: OID

+
+
+
+

+[docs]
+class GetNameAttributeResult(NamedTuple):
+    """GSSAPI Name attribute values."""
+    #: Raw values
+    values: List[bytes]
+    #: Human-readable values
+    display_values: List[bytes]
+    #: Attribute has been authenticated
+    authenticated: bool
+    #: Attribute value is marked as complete
+    complete: bool

+
+
+
+

+[docs]
+class InquireAttrsResult(NamedTuple):
+    """Set of attributes supported and known by a mechanism."""
+    #: The mechanisms attributes
+    mech_attrs: Set[OID]
+    #: Known attributes of the mechanism
+    known_mech_attrs: Set[OID]

+
+
+
+

+[docs]
+class DisplayAttrResult(NamedTuple):
+    """Information about an attribute."""
+    #: The mechanism name
+    name: bytes
+    #: Short description of the mechanism
+    short_desc: bytes
+    #: Long description of the mechanism
+    long_desc: bytes

+
+
+
+

+[docs]
+class InquireSASLNameResult(NamedTuple):
+    """SASL informmation about a GSSAPI Name."""
+    #: The SASL name
+    sasl_mech_name: bytes
+    #: The mechanism name
+    mech_name: bytes
+    #: The mechanism description
+    mech_description: bytes

+
+
+
+

+[docs]
+class Rfc1964KeyData(NamedTuple):
+    """Security context key data based on RFC1964."""
+    #: Signing algorithm identifier
+    sign_alg: int
+    #: Sealing algorithm identifier
+    seal_alg: int
+    #: Key encryption type identifier
+    key_type: int
+    #: Encryption key data
+    key: bytes

+
+
+
+

+[docs]
+class CfxKeyData(NamedTuple):
+    """Securty context key data."""
+    #: Context key encryption type identifier
+    ctx_key_type: int
+    #: Context key data - session or sub-session key
+    ctx_key: bytes
+    #: Acceptor key enc type identifier
+    acceptor_subkey_type: Optional[int]
+    #: Acceptor key data
+    acceptor_subkey: Optional[bytes]

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/names.html b/stable/_modules/gssapi/raw/names.html
new file mode 100644
index 00000000..13a89ba5
--- /dev/null
+++ b/stable/_modules/gssapi/raw/names.html
@@ -0,0 +1,298 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.names — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.names
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.named_tuples import DisplayNameResult
+    from gssapi.raw.oids import OID
+
+

+[docs]
+class Name:
+    """
+    A GSSAPI Name
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["Name"] = None,
+    ) -> "Name": ...

+
+
+
+

+[docs]
+def import_name(
+    name: bytes,
+    name_type: t.Optional["OID"] = None,
+) -> Name:
+    """Convert a string and a name type into a GSSAPI name.
+
+    This method takes a string name and a name type and converts
+    them into a GSSAPI :class:`Name`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the string version of the name
+        name_type (~gssapi.raw.types.MechType): the type of this name
+
+    Returns:
+        Name: the GSSAPI version of the name
+
+    Raises:
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
+

+[docs]
+def display_name(
+    name: Name,
+    name_type: bool = True,
+) -> "DisplayNameResult":
+    """Convert a GSSAPI name into its components.
+
+    This method converts a GSSAPI :class:`Name` back into its
+    text form.  If ``name_type`` is True, it also attempts to
+    retrieve the :class:`~gssapi.raw.types.NameType` of the name (otherwise the
+    returned name type will be ``None``).
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+        name_type (~gssapi.raw.types.MechType): whether or not to retrieve the
+            name type
+
+    Returns:
+        DisplayNameResult: the text part of the name and its type
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def compare_name(
+    name1: Name,
+    name2: Name,
+) -> bool:
+    """Check two GSSAPI names to see if they are the same.
+
+    This method compares two GSSAPI names, checking to
+    see if they are equivalent.
+
+    Args:
+        name1 (~gssapi.raw.names.Name): the first name to compare
+        name2 (~gssapi.raw.names.Name): the second name to compare
+
+    Returns:
+        bool: whether or not the names are equal
+
+    Raises:
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def export_name(
+    name: Name,
+) -> bytes:
+    """Export a GSSAPI name.
+
+    This method "produces a canonical contigous string representation
+    of a mechanism name, suitable for direct comparison for use in
+    authorization functions".
+
+    The input name must be a valid GSSAPI mechanism name, as generated by
+    :func:`canonicalize_name` or
+    :func:`~gssapi.raw.sec_contexts.accept_sec_context`.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to export
+
+    Returns:
+        bytes: the exported name
+
+    Raises:
+        ~gssapi.exceptions.MechanismNameRequiredError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def canonicalize_name(
+    name: Name,
+    mech: "OID",
+) -> Name:
+    """Canonicalize an arbitrary GSSAPI Name into a Mechanism Name
+
+    This method turns any GSSAPI name into a "mechanism name" --
+    a full form name specific to a mechanism.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to canonicalize
+        mech (~gssapi.raw.types.MechType): the mechanism type to use to
+            canonicalize the name
+
+    Returns:
+        Name: a canonicalized version of the input name
+
+    Raises:
+        ~gssapi.exceptions.BadMechanismError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def duplicate_name(
+    name: Name,
+) -> Name:
+    """Duplicate a GSSAPI name.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name to duplicate
+
+    Returns:
+        Name: a duplicate of the input name
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+
+
+

+[docs]
+def release_name(
+    name: Name,
+) -> None:
+    """Release a GSSAPI name.
+
+    This method frees a GSSAPI :class:`Name`.
+    You probably won't have to do this.
+
+    Warning:
+        This method is deprecated.  Names are
+        automatically freed by Python.
+
+    Args:
+        name (~gssapi.raw.names.Name): the name in question
+
+    Raises:
+        ~gssapi.exceptions.BadNameError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/oids.html b/stable/_modules/gssapi/raw/oids.html
new file mode 100644
index 00000000..64173ee1
--- /dev/null
+++ b/stable/_modules/gssapi/raw/oids.html
@@ -0,0 +1,163 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.oids — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.oids
+import typing as t
+
+

+[docs]
+class OID:
+    """
+    A GSSAPI OID
+
+    A new OID may be created by passing the `elements` argument
+    to the constructor.  The `elements` argument should be a
+    :class:`bytes` consisting of the BER-encoded values in the OID.
+
+    To retrieve the underlying bytes, use the :class:`bytes`
+    function in Python 3.
+
+    This object is hashable, and may be compared using equality
+    operators.
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["OID"] = None,
+        elements: t.Optional[bytes] = None,
+    ) -> "OID": ...
+
+    @classmethod
+

+[docs]
+    def from_int_seq(
+        cls,
+        integer_sequence: t.Union[str, t.Iterable[int]],
+    ) -> "OID":
+        """Create a OID from a sequence of integers.
+
+        This method creates an OID from a sequence of integers.
+        The sequence can either be in dotted form as a string,
+        or in list form.
+
+        This method is not for BER-encoded byte strings, which
+        can be passed directly to the OID constructor.
+
+        Args:
+            integer_sequence: either a list of integers or
+                a string in dotted form
+
+        Returns:
+            OID: the OID represented by the given integer sequence
+
+        Raises:
+            ValueError: the sequence is less than two elements long
+        """

+
+
+    @property
+

+[docs]
+    def dotted_form(self) -> str: ...

+

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/sec_contexts.html b/stable/_modules/gssapi/raw/sec_contexts.html
new file mode 100644
index 00000000..e29ec41f
--- /dev/null
+++ b/stable/_modules/gssapi/raw/sec_contexts.html
@@ -0,0 +1,425 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.sec_contexts — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.sec_contexts
+import typing as t
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.chan_bindings import ChannelBindings
+    from gssapi.raw.creds import Creds
+    from gssapi.raw.named_tuples import (
+        AcceptSecContextResult,
+        InitSecContextResult,
+        InquireContextResult,
+    )
+    from gssapi.raw.names import Name
+    from gssapi.raw.oids import OID
+    from gssapi.raw.types import RequirementFlag
+
+

+[docs]
+class SecurityContext:
+    """
+    A GSSAPI Security Context
+    """
+
+    def __new__(
+        cls,
+        cpy: t.Optional["SecurityContext"] = None,
+    ) -> "SecurityContext": ...
+
+    @property
+    def _started(self) -> bool: ...

+
+
+
+

+[docs]
+def init_sec_context(
+    name: "Name",
+    creds: t.Optional["Creds"] = None,
+    context: t.Optional[SecurityContext] = None,
+    mech: t.Optional["OID"] = None,
+    flags: t.Optional[t.Union[
+        int, "RequirementFlag",
+        t.Iterable[int], t.Iterable["RequirementFlag"]
+    ]] = None,
+    lifetime: t.Optional[int] = None,
+    channel_bindings: t.Optional["ChannelBindings"] = None,
+    input_token: t.Optional[bytes] = None,
+) -> "InitSecContextResult":
+    """Initiate a GSSAPI security context.
+
+    This method initiates a GSSAPI security context, targeting the given
+    target name.  To create a basic context, just provide the target name.
+    Further calls used to update the context should pass in the output context
+    of the last call, as well as the input token received from the acceptor.
+
+    Warning:
+        This changes the input context!
+
+    Args:
+        target_name (~gssapi.raw.names.Name): the target for the security
+            context
+        creds (Creds): the credentials to use to initiate the context,
+            or None to use the default credentials
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context to update, or None to create a new context
+        mech (~gssapi.raw.types.MechType): the mechanism type for this security
+            context, or None for the default mechanism type
+        flags (list): the flags to request for the security context, or
+            None to use the default set: mutual_authentication and
+            out_of_sequence_detection.  This may also be an
+            :class:`IntEnumFlagSet`
+        lifetime (int): the request lifetime of the security context in seconds
+            (a value of 0 or None means indefinite)
+        channel_bindings (ChannelBindings): The channel bindings (or None for
+            no channel bindings)
+        input_token (bytes): the token to use to update the security context,
+            or None if you are creating a new context
+
+    Returns:
+        InitSecContextResult: the output security context, the actual mech
+        type, the actual flags used, the output token to send to the acceptor,
+        the actual lifetime of the context in seconds (or None if not supported
+        or indefinite), and whether or not more calls are needed to finish the
+        initiation.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.BadChannelBindingsError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadNameTypeError
+        ~gssapi.exceptions.BadNameError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
+

+[docs]
+def accept_sec_context(
+    input_token: bytes,
+    acceptor_creds: t.Optional["Creds"] = None,
+    context: t.Optional[SecurityContext] = None,
+    channel_bindings: t.Optional["ChannelBindings"] = None,
+) -> "AcceptSecContextResult":
+    """Accept a GSSAPI security context.
+
+    This method accepts a GSSAPI security context using a token sent by the
+    initiator, using the given credentials.  It can either be used to accept a
+    security context and create a new security context object, or to update an
+    existing security context object.
+
+    Warning:
+        This changes the input context!
+
+    Args:
+        input_token (bytes): the token sent by the context initiator
+        acceptor_creds (Creds): the credentials to be used to accept the
+            context (or None to use the default credentials)
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context to update (or None to create a new security context object)
+        channel_bindings (ChannelBindings): The channel bindings (or None for
+            no channel bindings)
+
+    Returns:
+        AcceptSecContextResult: the resulting security context, the initiator
+        name, the mechanism being used, the output token, the flags in use,
+        the lifetime of the context in seconds (or None for indefinite or not
+        supported), the delegated credentials (valid only if the
+        delegate_to_peer flag is set), and whether or not further token
+        exchanges are needed to finalize the security context.
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.InvalidCredentialsError
+        ~gssapi.exceptions.MissingCredentialsError
+        ~gssapi.exceptions.ExpiredCredentialsError
+        ~gssapi.exceptions.BadChannelBindingsError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.BadMICError
+        ~gssapi.exceptions.ExpiredTokenError
+        ~gssapi.exceptions.DuplicateTokenError
+        ~gssapi.exceptions.BadMechanismError
+    """

+
+
+
+

+[docs]
+def inquire_context(
+    context: SecurityContext,
+    initiator_name: bool = True,
+    target_name: bool = True,
+    lifetime: bool = True,
+    mech: bool = True,
+    flags: bool = True,
+    locally_init: bool = True,
+    complete: bool = True,
+) -> "InquireContextResult":
+    """Get information about a security context.
+
+    This method obtains information about a security context, including
+    the initiator and target names, as well as the TTL, mech,
+    flags, and its current state (open vs closed).
+
+    Note:
+        the target name may be ``None`` if it would have been ``GSS_C_NO_NAME``
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the context in
+            question
+
+    Returns:
+        InquireContextResult: the initiator name, the target name, the TTL
+        (can be None for indefinite or not supported), the mech type, the
+        flags, whether or not the context was locally initiated,
+        and whether or not the context is currently fully established
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def context_time(
+    context: SecurityContext,
+) -> int:
+    """Get the amount of time for which the given context will remain valid.
+
+    This method determines the amount of time for which the given
+    security context will remain valid.  An expired context will
+    give a result of 0.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context in question
+
+    Returns:
+        int: the number of seconds for which the context will be valid
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def process_context_token(
+    context: SecurityContext,
+    token: bytes,
+) -> None:
+    """Process a token asynchronously.
+
+    This method provides a way to process a token, even if the
+    given security context is not expecting one.  For example,
+    if the initiator has the initSecContext return that the context
+    is complete, but the acceptor is unable to accept the context,
+    and wishes to send a token to the initiator, letting the
+    initiator know of the error.
+
+    Warning:
+        This method has been essentially deprecated by :rfc:`2744`.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context against which to process the token
+        token (bytes): the token to process
+
+    Raises:
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.MissingContextError
+    """

+
+
+
+

+[docs]
+def import_sec_context(
+    token: bytes,
+) -> SecurityContext:
+    """Import a context from another process.
+
+    This method imports a security context established in another process
+    by reading the specified token which was output by
+    :func:`export_sec_context`.
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.InvalidTokenError
+        ~gssapi.exceptions.OperationUnavailableError
+        ~gssapi.exceptions.UnauthorizedError
+    """

+
+
+
+

+[docs]
+def export_sec_context(
+    context: SecurityContext,
+) -> bytes:
+    """Export a context for use in another process.
+
+    This method exports a security context, deactivating in the current process
+    and creating a token which can then be imported into another process
+    with :func:`import_sec_context`.
+
+    Warning: this modifies the input context
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the context to send
+            to another process
+
+    Returns:
+        bytes: the output token to be imported
+
+    Raises:
+        ~gssapi.exceptions.ExpiredContextError
+        ~gssapi.exceptions.MissingContextError
+        ~gssapi.exceptions.OperationUnavailableError
+    """

+
+
+
+

+[docs]
+def delete_sec_context(
+    context: SecurityContext,
+    local_only: bool = True,
+) -> bytes:
+    """Delete a GSSAPI security context.
+
+    This method deletes a GSSAPI security context,
+    returning an output token to send to the other
+    holder of the security context to notify them
+    of the deletion.
+
+    Note:
+        This method generally should not be used.  :class:`SecurityContext`
+        objects will automatically be freed by Python.
+
+    Args:
+        context (~gssapi.raw.sec_contexts.SecurityContext): the security
+            context in question
+        local_only (bool): should we request local deletion (True), or also
+            remote deletion (False), in which case a token is also returned
+
+    Returns:
+        bytes: the output token (if remote deletion is requested).  Generally
+            this is None, but bytes for compatibility.
+
+    Raises:
+        ~gssapi.exceptions.MissingContextError
+    """

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/raw/types.html b/stable/_modules/gssapi/raw/types.html
new file mode 100644
index 00000000..5c8c7faf
--- /dev/null
+++ b/stable/_modules/gssapi/raw/types.html
@@ -0,0 +1,440 @@
+
+
+
+
+
+  
+  
+  gssapi.raw.types — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.raw.types
+import numbers
+import typing as t
+
+from collections.abc import MutableSet
+from enum import IntEnum
+
+if t.TYPE_CHECKING:
+    from gssapi.raw.oids import OID
+
+
+

+[docs]
+class NameType:
+    """
+    GSSAPI Name Types
+
+    This enum-like object represents GSSAPI name
+    types (to be used with :func:`~gssapi.raw.names.import_name`, etc)
+    """
+    #: GSS_C_NT_ANONYMOUS 1.3.6.1.5.6.3
+

+[docs]
+    anonymous: "OID" = ...

+
+    #: GSS_C_NT_EXPORT_NAME 1.3.6.1.5.6.4
+

+[docs]
+    export: "OID" = ...

+
+    #: GSS_C_NT_HOSTBASED_SERVICE 1.2.840.113554.1.2.1.4
+

+[docs]
+    hostbased_service: "OID" = ...

+
+    #: GSS_C_NT_MACHINE_UID_NAME 1.2.840.113554.1.2.1.2
+

+[docs]
+    machine_uid: "OID" = ...

+
+    #: GSS_C_NT_STRING_UID_NAME 1.2.840.113554.1.2.1.3
+

+[docs]
+    string_uid: "OID" = ...

+
+    #: GSS_C_NT_USER_NAME 1.2.840.113554.1.2.1.1
+

+[docs]
+    user: "OID" = ...

+
+
+    # Provided through optional extensions
+    #: GSS_C_NT_COMPOSITE_EXPORT 1.3.6.1.5.6.6
+

+[docs]
+    composite_export: "OID" = ...

+
+    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
+

+[docs]
+    kerberos_principal: "OID" = ...

+
+    #: GSS_KRB5_NT_PRINCIPAL_NAME 1.2.840.113554.1.2.2.1
+

+[docs]
+    krb5_nt_principal_name: "OID" = ...

+

+
+
+
+

+[docs]
+class RequirementFlag(IntEnum):
+    """
+    GSSAPI Requirement Flags
+
+    This :class:`~enum.IntEnum` represents flags used with the
+    :class:`~gssapi.raw.sec_contexts.SecurityContext`-related methods (e.g.
+    :func:`~gssapi.raw.sec_contexts.init_sec_context`)
+
+    The numbers behind the values correspond directly
+    to their C counterparts.
+    """
+    # Note the values are only set here for documentation and type hints
+

+[docs]
+    delegate_to_peer = 1 #: GSS_C_DELEG_FLAG

+
+

+[docs]
+    mutual_authentication = 2 #: GSS_C_MUTUAL_FLAG

+
+

+[docs]
+    replay_detection = 4 #: GSS_C_REPLAY_FLAG

+
+

+[docs]
+    out_of_sequence_detection = 8 #: GSS_C_SEQUENCE_FLAG

+
+

+[docs]
+    confidentiality = 16 #: GSS_C_CONF_FLAG

+
+

+[docs]
+    integrity = 32 #: GSS_C_INTEG_FLAG

+
+

+[docs]
+    anonymity = 64 #: GSS_C_ANON_FLAG

+
+

+[docs]
+    protection_ready = 128 #: GSS_C_PROT_READY_FLAG

+
+

+[docs]
+    transferable = 256 #: GSS_C_TRANS_FLAG

+
+

+[docs]
+    channel_bound = 2048 #: GSS_C_CHANNEL_BOUND_FLAG

+
+

+[docs]
+    dce_style = 4096 #: GSS_C_DCE_STYLE

+
+

+[docs]
+    identify = 8192 #: GSS_C_IDENTIFY_FLAG

+
+

+[docs]
+    extended_error = 16384 #: GSS_C_EXTENDED_ERROR_FLAG

+
+

+[docs]
+    ok_as_delegate = 32768 #: GSS_C_DELEG_POLICY_FLAG

+

+
+
+
+

+[docs]
+class AddressType(IntEnum):
+    """
+    GSSAPI Channel Bindings Address Types
+
+    This :class:`~enum.IntEnum` represents the various address
+    types used with the :class:`~gssapi.raw.chan_bindings.ChannelBindings`
+    structure.
+
+    The numbers behind the values correspond directly
+    to their C counterparts.  There is no value for
+    ``GSS_C_AF_UNSPEC``, since this is represented
+    by ``None``.
+    """
+    # Note the values are only set here for documentation and type hints
+

+[docs]
+    local = 1 #: GSS_C_AF_LOCAL

+
+

+[docs]
+    ip = 2 #: GSS_C_AF_INET

+
+

+[docs]
+    arpanet = 3 #: GSS_C_AF_IMPLINK

+
+

+[docs]
+    pup = 4 #: GSS_C_AF_PUP

+
+

+[docs]
+    chaos = 5 #: GSS_C_AF_CHAOS

+
+

+[docs]
+    xerox_ns = 6 #: GSS_C_AF_NS

+
+

+[docs]
+    nbs = 7 #: GSS_C_AF_NBS

+
+

+[docs]
+    ecma = 8 #: GSS_C_AF_ECMA

+
+

+[docs]
+    datakit = 9 #: GSS_C_AF_DATAKIT

+
+

+[docs]
+    ccitt = 10 #: GSS_C_AF_CCITT

+
+

+[docs]
+    ibm_sna = 11 #: GSS_C_AF_SNA

+
+

+[docs]
+    decnet = 12 #: GSS_C_AF_DECnet

+
+

+[docs]
+    dli = 13 #: GSS_C_AF_DLI

+
+

+[docs]
+    lat = 14 #: GSS_C_AF_LAT

+
+

+[docs]
+    hyperchannel = 15 #: GSS_C_AF_HYLINK

+
+

+[docs]
+    appletalk = 16 #: GSS_C_AF_APPLETALK

+
+

+[docs]
+    bisync = 17 #: GSS_C_AF_BSC

+
+

+[docs]
+    dss = 18 #: GSS_C_AF_DSS

+
+

+[docs]
+    osi_tp4 = 19 #: GSS_C_AF_OSI

+
+

+[docs]
+    x25 = 21 #: GSS_C_AF_X25

+
+

+[docs]
+    null = 255 #: GSS_C_AF_NULLADDR

+

+
+
+
+

+[docs]
+class MechType:
+    """
+    GSSAPI Mechanism Types
+
+    This enum-like object contains any mechanism :class:`~gssapi.raw.oids.OID`
+    values registered by imported mechanisms.
+    """
+

+[docs]
+    kerberos: "OID" #: gss_mech_krb5 1.2.840.113554.1.2.2

+

+
+
+
+

+[docs]
+class GenericFlagSet(MutableSet):
+    """A set backed by a 32-bit integer
+
+    This is a set backed by a 32 bit integer.
+    the members are integers where only one
+    bit is set.
+
+    The class supports normal set operations,
+    as well as traditional "flag set" operations,
+    such as bitwise AND, OR, and XOR.
+    """
+
+

+[docs]
+    MAX_VAL: int

+
+
+    def __init__(
+        self,
+        flags: t.Optional[
+            t.Union[GenericFlagSet, numbers.Integral, int]
+        ] = None,
+    ) -> None: ...
+
+    def __contains__(
+        self,
+        flag: object,
+    ) -> bool: ...
+
+    def __iter__(self) -> t.Iterator[int]: ...
+
+    def __len__(self) -> int: ...
+
+

+[docs]
+    def add(
+        self,
+        flag: int,
+    ) -> None: ...

+
+
+

+[docs]
+    def discard(
+        self,
+        flag: int,
+    ) -> None: ...

+

+
+
+
+

+[docs]
+class IntEnumFlagSet(GenericFlagSet):
+    """A set backed by a 32-bit integer with enum members
+
+    This class is a :class:`GenericFlagSet` where the returned
+    members are values in an :class:`~enum.IntEnum`.
+
+    It functions exactly like a `GenericFlagSet`, except that
+    it also supports bitwise operations with the enum values.
+    """
+
+    def __init__(
+        self,
+        enum: t.Type[IntEnum],
+        flags: t.Optional[
+            t.Union[GenericFlagSet, numbers.Integral, int]
+        ] = None,
+    ) -> None: ...
+
+    def __iter__(self) -> t.Iterator[IntEnum]: ...

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/gssapi/sec_contexts.html b/stable/_modules/gssapi/sec_contexts.html
new file mode 100644
index 00000000..b5acbbe7
--- /dev/null
+++ b/stable/_modules/gssapi/sec_contexts.html
@@ -0,0 +1,759 @@
+
+
+
+
+
+  
+  
+  gssapi.sec_contexts — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  
Source code for gssapi.sec_contexts
+import typing as t
+
+from gssapi.raw import chan_bindings as rchan_bindings
+from gssapi.raw import sec_contexts as rsec_contexts
+from gssapi.raw import message as rmessage
+from gssapi.raw import named_tuples as tuples
+from gssapi.raw import names as rnames
+from gssapi.raw import oids as roids
+from gssapi.raw.types import RequirementFlag, IntEnumFlagSet
+
+import gssapi.exceptions as excs
+from gssapi import _utils
+from gssapi.names import Name
+from gssapi.creds import Credentials
+
+
+

+[docs]
+class SecurityContext(rsec_contexts.SecurityContext,
+                      metaclass=_utils.CheckLastError):
+    """A GSSAPI Security Context
+
+    This class represents a GSSAPI security context that may be used
+    with and/or returned by other GSSAPI methods.
+
+    It inherits from the low-level GSSAPI
+    :class:`~gssapi.raw.sec_contexts.SecurityContext` class,
+    and thus may used with both low-level and high-level API methods.
+
+    This class may be pickled and unpickled (the attached delegated
+    credentials object will not be preserved, however).
+    """
+
+    def __new__(
+        cls,
+        base: t.Optional[rsec_contexts.SecurityContext] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        creds: t.Optional[Credentials] = None,
+        lifetime: t.Optional[int] = None,
+        flags: t.Optional[int] = None,
+        mech: t.Optional[roids.OID] = None,
+        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
+        usage: t.Optional[str] = None,
+    ) -> "SecurityContext":
+
+        if token is not None:
+            base = rsec_contexts.import_sec_context(token)
+
+        return t.cast("SecurityContext",
+                      super(SecurityContext, cls).__new__(cls, base))
+
+    def __init__(
+        self,
+        base: t.Optional[rsec_contexts.SecurityContext] = None,
+        token: t.Optional[bytes] = None,
+        name: t.Optional[rnames.Name] = None,
+        creds: t.Optional[Credentials] = None,
+        lifetime: t.Optional[int] = None,
+        flags: t.Optional[int] = None,
+        mech: t.Optional[roids.OID] = None,
+        channel_bindings: t.Optional[rchan_bindings.ChannelBindings] = None,
+        usage: t.Optional[str] = None,
+    ) -> None:
+        """
+        The constructor creates a new security context, but does not begin
+        the initiate or accept process.
+
+        If the `base` argument is used, an existing
+        :class:`~gssapi.raw.sec_contexts.SecurityContext` object from
+        the low-level API is converted into a high-level object.
+
+        If the `token` argument is passed, the security context is imported
+        using the token.
+
+        Otherwise, a new security context is created.
+
+        If the `usage` argument is not passed, the constructor will attempt
+        to detect what the appropriate usage is based on either the existing
+        security context (if `base` or `token` are used) or the argument set.
+
+        For a security context of the `initiate` usage, the `name` argument
+        must be used, and the `creds`, `mech`, `flags`,
+        `lifetime`, and `channel_bindings` arguments may be
+        used as well.
+
+        For a security context of the `accept` usage, the `creds` and
+        `channel_bindings` arguments may optionally be used.
+        """
+
+        # NB(directxman12): _last_err must be set first
+        self._last_err = None
+
+        # determine the usage ('initiate' vs 'accept')
+        if base is None and token is None:
+            # this will be a new context
+            if usage is not None:
+                if usage not in ('initiate', 'accept'):
+                    msg = "Usage must be either 'initiate' or 'accept'"
+                    raise excs.UnknownUsageError(msg, obj="security context")
+
+                self.usage = usage
+            elif creds is not None and creds.usage != 'both':
+                self.usage = creds.usage
+            elif name is not None:
+                # if we pass a name, assume the usage is 'initiate'
+                self.usage = 'initiate'
+            else:
+                # if we don't pass a name, assume the usage is 'accept'
+                self.usage = 'accept'
+
+            # check for appropriate arguments
+            if self.usage == 'initiate':
+                # takes: creds?, target_name, mech?, flags?,
+                #        channel_bindings?
+                if name is None:
+                    raise TypeError("You must pass the 'name' argument when "
+                                    "creating an initiating security context")
+                self._target_name = name
+                self._mech = mech
+                self._desired_flags = IntEnumFlagSet(RequirementFlag, flags)
+                self._desired_lifetime = lifetime
+            else:
+                # takes creds?
+                if (name is not None or flags is not None or
+                        mech is not None or lifetime is not None):
+                    raise TypeError("You must pass at most the 'creds' "
+                                    "argument when creating an accepting "
+                                    "security context")
+
+            self._channel_bindings = channel_bindings
+            self._creds = creds
+
+            self._delegated_creds = None
+
+        else:
+            # we already have a context in progress, just inspect it
+            # NB(directxman12): MIT krb5 refuses to inquire about a context
+            # if it's partially established, so we have to check here
+
+            try:
+                if self.locally_initiated:
+                    self.usage = 'initiate'
+                else:
+                    self.usage = 'accept'
+            except excs.MissingContextError:
+                msg = ("Cannot extract usage from a partially completed "
+                       "context")
+                raise excs.UnknownUsageError(msg, obj="security context")
+
+        # This is to work around an MIT krb5 bug (see the `complete` property)
+        self._complete: t.Optional[bool] = None
+
+    # NB(directxman12): DO NOT ADD AN __del__ TO THIS CLASS -- it screws up
+    #                   the garbage collector if _last_tb is still defined
+
+    # TODO(directxman12): implement flag properties
+
+

+[docs]
+    def get_signature(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Calculate the signature for a message.
+
+        This method calculates the signature (called a MIC) for
+        the given message, which may be then used with
+        :meth:`verify_signature` to confirm the validity of the
+        signature.  This is useful if you wish to transmit the
+        message signature and message in your own format.
+
+        Args:
+            message (bytes): the input message
+
+        Returns:
+            bytes: the message signature
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        # TODO(directxman12): check flags?
+        return rmessage.get_mic(self, message)

+
+
+

+[docs]
+    def verify_signature(
+        self,
+        message: bytes,
+        mic: bytes,
+    ) -> int:
+        """Verify the signature for a message.
+
+        This method verifies that a signature (generated by
+        :meth:`get_signature` is valid for the given message.
+
+        If the signature is valid, the method will return.
+        Otherwise, it will raise an error.
+
+        Args:
+            message (bytes): the message
+            mic (bytes): the signature to verify
+
+        Returns:
+            int: the QoP used.
+
+        Raises:
+            ~gssapi.exceptions.BadMICError: the signature was not valid
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        return rmessage.verify_mic(self, message, mic)

+
+
+

+[docs]
+    def wrap(
+        self,
+        message: bytes,
+        encrypt: bool,
+    ) -> tuples.WrapResult:
+        """Wrap a message, optionally with encryption
+
+        This wraps a message, signing it and optionally
+        encrypting it.
+
+        Args:
+            message (bytes): the message to wrap
+            encrypt (bool): whether or not to encrypt the message
+
+        Returns:
+            WrapResult: the wrapped message and details about it
+            (e.g. whether encryption was used succesfully)
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        return rmessage.wrap(self, message, encrypt)

+
+
+

+[docs]
+    def unwrap(
+        self,
+        message: bytes,
+    ) -> tuples.UnwrapResult:
+        """Unwrap a wrapped message.
+
+        This method unwraps/unencrypts a wrapped message,
+        verifying the signature along the way.
+
+        Args:
+            message (bytes): the message to unwrap/decrypt
+
+        Returns:
+            UnwrapResult: the unwrapped message and details about it
+            (e.g. wheter encryption was used)
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        return rmessage.unwrap(self, message)

+
+
+

+[docs]
+    def encrypt(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Encrypt a message.
+
+        This method wraps and encrypts a message, similarly to
+        :meth:`wrap`.  The difference is that encryption is always
+        used, and the method will raise an exception if this is
+        not possible.  Additionally, this method simply returns
+        the encrypted message directly.
+
+        Args:
+            message (bytes): the message to encrypt
+
+        Returns:
+            bytes: the encrypted message
+
+        Raises:
+            ~gssapi.exceptions.EncryptionNotUsed: the encryption could not be
+                used
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        res = self.wrap(message, encrypt=True)
+
+        if not res.encrypted:
+            raise excs.EncryptionNotUsed("Wrapped message was not encrypted")
+
+        return res.message

+
+
+

+[docs]
+    def decrypt(
+        self,
+        message: bytes,
+    ) -> bytes:
+        """Decrypt a message.
+
+        This method decrypts and unwraps a message, verifying the signature
+        along the way, similarly to :meth:`unwrap`.  The difference is that
+        this method will raise an exception if encryption was established
+        by the context and not used, and simply returns the decrypted
+        message directly.
+
+        Args:
+            message (bytes): the encrypted message
+
+        Returns:
+            bytes: the decrypted message
+
+        Raises:
+            ~gssapi.exceptions.EncryptionNotUsed: encryption was expected, but
+                not used
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.ExpiredTokenError
+            ~gssapi.exceptions.TokenTooLateError
+            ~gssapi.exceptions.TokenTooEarlyError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        res = self.unwrap(message)
+
+        if (not res.encrypted and
+                self.actual_flags & RequirementFlag.confidentiality):
+            raise excs.EncryptionNotUsed("The context was established with "
+                                         "encryption, but unwrapped message "
+                                         "was not encrypted",
+                                         unwrapped_message=res.message)
+
+        return res.message

+
+
+

+[docs]
+    def get_wrap_size_limit(
+        self,
+        desired_output_size: int,
+        encrypted: bool = True,
+    ) -> int:
+        """Calculate the maximum message size for a given wrapped message size.
+
+        This method calculates the maximum input message size for a given
+        maximum wrapped/encrypted message size.
+
+        Args:
+            desired_output_size (int): the maximum output message size
+            encrypted (bool): whether or not encryption should be taken
+                into account
+
+        Returns:
+            int: the maximum input message size
+
+        Raises:
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.BadQoPError
+        """
+
+        return rmessage.wrap_size_limit(self, desired_output_size,
+                                        encrypted)

+
+
+

+[docs]
+    def process_token(
+        self,
+        token: bytes,
+    ) -> None:
+        """Process an output token asynchronously.
+
+        This method processes an output token even when the security context
+        was not expecting it.
+
+        Warning:
+            This method is deprecated.
+
+        Args:
+            token (bytes): the token to process
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.MissingContextError
+        """
+
+        rsec_contexts.process_context_token(self, token)

+
+
+

+[docs]
+    def export(self) -> bytes:
+        """Export a security context.
+
+        This method exports a security context, allowing it to be passed
+        between processes.
+
+        Returns:
+            bytes: the exported security context
+
+        Raises:
+            ~gssapi.exceptions.ExpiredContextError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.OperationUnavailableError
+        """
+
+        return rsec_contexts.export_sec_context(self)

+
+
+    _INQUIRE_ARGS = ('initiator_name', 'target_name', 'lifetime',
+                     'mech', 'flags', 'locally_init', 'complete')
+
+    @_utils.check_last_err
+    def _inquire(
+        self,
+        **kwargs: bool,
+    ) -> tuples.InquireContextResult:
+        """Inspect the security context for information
+
+        This method inspects the security context for information.
+
+        If no keyword arguments are passed, all available information
+        is returned.  Otherwise, only the keyword arguments that
+        are passed and set to `True` are returned.
+
+        Args:
+            initiator_name (bool): get the initiator name for this context
+            target_name (bool): get the target name for this context
+            lifetime (bool): get the remaining lifetime, in seconds, for this
+                context
+            mech (bool): get the :class:`MechType` used by this context
+            flags (bool): get the flags set on this context
+            locally_init (bool): get whether this context was locally initiated
+            complete (bool): get whether negotiation on this context has
+                been completed
+
+        Returns:
+            InquireContextResult: the results of the inquiry, with unused
+            fields set to None
+
+        Raises:
+            ~gssapi.exceptions.MissingContextError
+        """
+        if not kwargs:
+            default_val = True
+        else:
+            default_val = False
+
+        for arg in self._INQUIRE_ARGS:
+            kwargs[arg] = kwargs.get(arg, default_val)
+
+        res = rsec_contexts.inquire_context(self, **kwargs)
+
+        if (kwargs.get('initiator_name', False) and
+                res.initiator_name is not None):
+            init_name = Name(res.initiator_name)
+        else:
+            init_name = None
+
+        if (kwargs.get('target_name', False) and
+                res.target_name is not None):
+            target_name = Name(res.target_name)
+        else:
+            target_name = None
+
+        return tuples.InquireContextResult(init_name, target_name,
+                                           res.lifetime, res.mech,
+                                           res.flags, res.locally_init,
+                                           res.complete)
+
+    @property
+    def lifetime(self) -> int:
+        """The amount of time for which this context remains valid"""
+        return rsec_contexts.context_time(self)
+
+    @property
+    def delegated_creds(self) -> t.Optional[Credentials]:
+        """The credentials delegated from the initiator to the acceptor
+
+        .. warning::
+
+            This value will not be preserved across picklings.  These should
+            be separately exported and transferred.
+
+        """
+        return self._delegated_creds
+
+    initiator_name = _utils.inquire_property(
+        'initiator_name', 'The :class:`Name` of the initiator of this context')
+    target_name = _utils.inquire_property(
+        'target_name', 'The :class:`Name` of the target of this context')
+    mech = _utils.inquire_property(
+        'mech', 'The mechanism (:class:`MechType`) in use by this context')
+    actual_flags = _utils.inquire_property(
+        'flags', 'The flags set on this context')
+    locally_initiated = _utils.inquire_property(
+        'locally_init', 'Whether this context was locally intiated')
+
+    @property  # type: ignore # https://github.com/python/mypy/issues/1362
+    @_utils.check_last_err
+    def complete(self) -> bool:
+        """Whether negotiation for this context has been completed"""
+        # NB(directxman12): MIT krb5 has a bug where it refuses to
+        #                   inquire about partially completed contexts,
+        #                   so we can't just use `self._inquire` generally
+        if self._started:
+            complete = self._complete
+            if complete is None:
+                try:
+                    complete = self._inquire(complete=True).complete
+                except excs.MissingContextError:
+                    return False
+                else:
+                    self._complete = complete
+
+            return complete
+        else:
+            return False
+
+

+[docs]
+    @_utils.catch_and_return_token
+    def step(
+        self,
+        token: t.Optional[bytes] = None,
+    ) -> t.Optional[bytes]:
+        """Perform a negotation step.
+
+        This method performs a negotiation step based on the usage type
+        of this context.  If `__DEFER_STEP_ERRORS__` is set to True on
+        the class, this method will return a token, even when exceptions
+        would be thrown.  The generated exception will be thrown on the next
+        method call or property lookup on the context.
+        **This is the default behavior.**
+
+        This method should be used in a while loop, as such:
+
+        .. code-block:: python
+
+           input_token = None
+           try:
+               while not ctx.complete:
+                   output_token = ctx.step(input_token)
+                   if not output_token:
+                       break
+                   input_token = send_and_receive(output_token)
+           except GSSError as e:
+                handle_the_issue()
+
+        .. tip::
+
+            Disabling `__DEFER_STEP_ERRORS__` is rarely necessary.
+            When this method is used in a loop (as above),
+            `__DEFER_STEP_ERRORS__` will ensure that you always
+            send an error token when it's available,
+            keeping the other end of the security context updated
+            with the status of the negotiation.
+
+        Args:
+            token (bytes): the input token from the other participant's step
+
+        Returns:
+            bytes: the output token to send to the other participant
+
+        Raises:
+            ~gssapi.exceptions.InvalidTokenError
+            ~gssapi.exceptions.InvalidCredentialsError
+            ~gssapi.exceptions.MissingCredentialsError
+            ~gssapi.exceptions.ExpiredCredentialsError
+            ~gssapi.exceptions.BadChannelBindingsError
+            ~gssapi.exceptions.BadMICError
+            ~gssapi.exceptions.ExpiredTokenError: (initiate only)
+            ~gssapi.exceptions.DuplicateTokenError
+            ~gssapi.exceptions.MissingContextError
+            ~gssapi.exceptions.BadNameTypeError: (initiate only)
+            ~gssapi.exceptions.BadNameError: (initiate only)
+            ~gssapi.exceptions.BadMechanismError
+        """
+
+        if self.usage == 'accept':
+            return self._acceptor_step(token=token or b"")
+        else:
+            return self._initiator_step(token=token)

+
+
+    def _acceptor_step(
+        self,
+        token: bytes,
+    ) -> t.Optional[bytes]:
+        res = rsec_contexts.accept_sec_context(token, self._creds,
+                                               self, self._channel_bindings)
+
+        if res.delegated_creds is not None:
+            self._delegated_creds = Credentials(res.delegated_creds)
+        else:
+            self._delegated_creds = None
+
+        self._complete = not res.more_steps
+
+        return res.token
+
+    def _initiator_step(
+        self,
+        token: t.Optional[bytes] = None,
+    ) -> t.Optional[bytes]:
+        res = rsec_contexts.init_sec_context(self._target_name, self._creds,
+                                             self, self._mech,
+                                             self._desired_flags,
+                                             self._desired_lifetime,
+                                             self._channel_bindings,
+                                             token)
+
+        self._complete = not res.more_steps
+
+        return res.token
+
+    # pickle protocol support
+    def __reduce__(
+        self,
+    ) -> t.Tuple[t.Type["SecurityContext"], t.Tuple[None, bytes]]:
+        # the unpickle arguments to new are (base=None, token=self.export())
+        return (type(self), (None, self.export()))

+
+

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_modules/index.html b/stable/_modules/index.html
new file mode 100644
index 00000000..2c5316f5
--- /dev/null
+++ b/stable/_modules/index.html
@@ -0,0 +1,134 @@
+
+
+
+
+
+  
+  
+  Overview: module code — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Overview: module code
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           
+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/_sources/basic-tutorial.md.txt b/stable/_sources/basic-tutorial.md.txt
new file mode 100644
index 00000000..25b9232b
--- /dev/null
+++ b/stable/_sources/basic-tutorial.md.txt
@@ -0,0 +1,218 @@
+A Basic Introduction to GSSAPI
+==============================
+
+GSSAPI (which stands for "Generic Security Service API") is an
+standard layer for interfacing with security services.  While it
+supports multiple different mechanisms, it is most commonly used
+with Kerberos 5 ("krb5" for short).
+
+This tutorial will provide a basic introduction to interacting with
+GSSAPI through Python.
+
+*Note*: This file is designed to be runnable using
+[YALPT](https://github.com/directxman12/yalpt).  You can also just
+read it normally.
+
+To start out, we'll import python-gssapi, and save the current FQDN
+for later:
+
+    >>> import gssapi, socket
+    >>> FQDN = socket.getfqdn()
+    >>>
+
+Note that this assumes you have a KRB5 realm set up, and some relevant
+functions available in the `REALM` object (see gssapi-console.py in
+[gssapi_console](https://pypi.python.org/pypi/gssapi_console)), or
+try `$ run-lit -e gssapi basic-tutorial.md` when you have both
+gssapi_console and yalpt installed).  Any actions performed using the
+`REALM` object are not part of the GSSAPI library; the `REALM` object
+simply contains wrappers to krb5 commands generally run separately from
+the application using GSSAPI.
+
+Names and Credentials
+---------------------
+
+Two important concepts in GSSAPI are *names* and *credentials*.
+
+*Names*, as the name suggests, identify different entities, be they
+users or services.  GSSAPI has the concept of different *name types*.
+These represent different types of names and corresponding syntax
+for representing names as strings.
+
+Suppose we wanted to refer to an HTTP server on the current host.
+We could refer to it as a *host-based service*, or in the default
+mechanism form (in this case, for krb5):
+
+    >>> server_hostbased_name = gssapi.Name(f"HTTP@{FQDN}", name_type=gssapi.NameType.hostbased_service)
+    >>> server_hostbased_name
+    Name(b'HTTP@seton.mivehind.net', )
+    >>> server_name = gssapi.Name(f"HTTP/{FQDN}@")
+    >>> server_name
+    Name(b'HTTP/seton.mivehind.net@', None)
+    >>>
+
+These are both effectively the same, but if we *canonicalize* both
+names with respect to krb5, we'll see that GSSAPI knows they're the
+same:
+
+    >>> server_name == server_hostbased_name
+    False
+    >>> server_canon_name = server_name.canonicalize(gssapi.MechType.kerberos)
+    >>> server_hostbased_canon_name = server_hostbased_name.canonicalize(gssapi.MechType.kerberos)
+    >>> server_canon_name == server_hostbased_canon_name
+    True
+    >>>
+
+To compare two names of different name types, you should canonicalize
+them first.
+
+*Credentials* represent identification for a user or service.  In
+order to establish secure communication with other entities, a user
+or service first needs credentials.  For the krb5 mechanism,
+credentials generally represent a handle to the TGT.
+
+Credentials may be acquired for a particular name, or the default set
+of credentials may be acquired.
+
+For instance, suppose that we are writing a server, and wish to
+communicate accept connections as the 'HTTP' service.  We would need
+to acquire credentials as such:
+
+    >>> REALM.addprinc('HTTP/%s@%s' % (FQDN, REALM.realm))
+    >>> REALM.extract_keytab('HTTP/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
+    >>> server_creds = gssapi.Credentials(usage='accept', name=server_name)
+    >>>
+
+Note that for the krb5 mechanism, in order to acquire credentials with
+the GSSAPI, the system must already have a way to access those credentials.
+For users, this generally means that they have already performed a `kinit`
+(i.e. have cached a TGT), while for services (like above), having a keytab
+is sufficient.  This process is generally performed outside the application
+using the GSSAPI.
+
+Credentials have a *usage*: 'accept' for accepting security contexts,
+'initiate' for initiating security contexts, or 'both' for
+credentials used for both initiating and accepting security contexts.
+
+Credentials also have an associated *name*, *lifetime* (which may
+be `None` for indefinite), and set of *mechanisms* with which the
+credentials are usable:
+
+    >>> server_creds.usage
+    'accept'
+    >>> server_creds.name == server_name
+    True
+    >>> server_creds.lifetime is None
+    True
+    >>> gssapi.MechType.kerberos in server_creds.mechs
+    True
+    >>> gssapi.MechType.kerberos in server_creds.mechs
+    True
+    >>>
+
+Each of these settings is setable from the constructor as `usage`,
+`name`, `lifetime`, and `mechs`.
+
+Security Contexts
+-----------------
+
+*Security contexts* represent active sessions between two different
+entities.  Security contexts are used to verify identities, as well
+as ensure *integrity* (message signing), *confidentiality* (message
+encryption), or both for messages exchanged between the two parties.
+
+When establishing a security context, the default credentials are
+used unless otherwise specified.  This allows applications to use
+the user's already acquired credentials:
+
+    >>> client_ctx = gssapi.SecurityContext(name=server_name, usage='initiate')
+    >>> initial_client_token = client_ctx.step()
+    >>> client_ctx.complete
+    False
+    >>>
+
+Just like credentials, security contexts are either initiating
+contexts, or accepting contexts (they cannot be both).  Initiating
+contexts must specify at least a target name.  In this case,
+we indicate that we wish to establish a context with the HTTP server
+from above.  The http server can then accept that context:
+
+    >>> server_ctx = gssapi.SecurityContext(creds=server_creds, usage='accept')
+    >>> initial_server_token = server_ctx.step(initial_client_token)
+    >>>
+
+As you can see, creating an accepting security context is similar.
+Here, we specify a set of accepting credentials to use, although
+this is optional (the defaults will be used if no credentials are
+specified).
+
+Let's finish up the exchange:
+
+    >>> server_tok = initial_server_token
+    >>>
+    >>> while not (client_ctx.complete and server_ctx.complete):
+    ...     client_tok = client_ctx.step(server_tok)
+    ...     if not client_tok:
+    ...         break
+    ...     server_tok = server_ctx.step(client_tok)
+    ...
+    >>> client_ctx.complete and server_ctx.complete
+    True
+    >>>
+
+We can now wrap and unwrap messages, using the `wrap` and `unwrap` methods
+on `SecurityContext`:
+
+    >>> message = b'some message here'
+    >>> wrapped_message, msg_encrypted = client_ctx.wrap(message, True)
+    >>> message not in wrapped_message
+    True
+    >>> msg_encrypted
+    True
+    >>> server_ctx.unwrap(wrapped_message)
+    UnwrapResult(message=b'some message here', encrypted=True, qop=0)
+    >>>
+
+We can use the second parameter to control whether or not we encrypt the
+messages, or just sign them:
+
+    >>> signed_message, msg_encrypted = client_ctx.wrap(message, False)
+    >>> msg_encrypted
+    False
+    >>> message in signed_message
+    True
+    >>> server_ctx.unwrap(signed_message)
+    UnwrapResult(message=b'some message here', encrypted=False, qop=0)
+    >>>
+
+Manually passing in a second parameter and checking whether or not encryption
+was used can get tedious, so python-gssapi provides two convenience methods
+to help with this: `encrypt` and `decrypt`.  If the context is set up to use
+encryption, they will call `wrap` with encryption.  If not, they will
+call `wrap` without encryption.
+
+    >>> encrypted_message = client_ctx.encrypt(message)
+    >>> encrypted_message != message
+    True
+    >>> server_ctx.decrypt(encrypted_message)
+    b'some message here'
+    >>>
+
+Notice that if we try to use `decrypt` a signed message, and exception will be raised,
+since the context was set up to use encryption (the default):
+
+    >>> signed_message, _ = client_ctx.wrap(message, False)
+    >>> server_ctx.decrypt(signed_message)
+    Traceback (most recent call last):
+      File "", line 1, in 
+      File "", line 2, in decrypt
+      File "/usr/lib/python3.4/site-packages/gssapi/_utils.py", line 167, in check_last_err
+        return func(self, *args, **kwargs)
+      File "/usr/lib/python3.4/site-packages/gssapi/sec_contexts.py", line 295, in decrypt
+        unwrapped_message=res.message)
+    gssapi.exceptions.EncryptionNotUsed: Confidentiality was requested, but not used: The context was established with encryption, but unwrapped message was not encrypted.
+    >>>
+
+There you have it: the basics of GSSAPI.  You can use the `help` function
+at the interpreter, or check the [docs](http://pythonhosted.org/gssapi/)
+for more information.
diff --git a/stable/_sources/credstore.rst.txt b/stable/_sources/credstore.rst.txt
new file mode 100644
index 00000000..b777ca7c
--- /dev/null
+++ b/stable/_sources/credstore.rst.txt
@@ -0,0 +1,90 @@
+Common Values for Credentials Store Extensions
+==============================================
+
+The credentials store extension is an extension introduced by the MIT krb5
+library implementation of GSSAPI.  It allows for finer control of credentials
+from within a GSSAPI application.  Each mechanism can define keywords to
+manipulate various aspects of their credentials for storage or retrieval
+operations.
+
+.. note:
+
+   Only mechanisms that implement keywords can use them: some mechanisms may
+   share the same or similar keywords, but their meaning is always local to a
+   specific mechanism.
+
+.. note:
+
+   `None` is not a permitted value and will raise exceptions.  Phrased
+   differently, values must be strings, not empty.
+
+The krb5 mechanism in MIT libraries
+-----------------------------------
+
+The krb5 mechanism as implemented by MIT libraries supports the credentials
+store extension with a number of keywords.
+
+client_keytab
+"""""""""""""
+
+The `client_keytab` keyword can be used in a credential store when it is used
+with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions to indicate a custom
+location for a keytab containing client keys.  It is not used in the context
+of calls used to store credentials.
+
+The value is a string in the form **type:residual** where **type** can be any
+keytab storage type understood by the implementation and **residual** is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to `FILE`.
+
+keytab
+""""""
+
+The `keytab` keyword can be used in a credential store when it is used with
+the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions to indicate a custom
+location for a keytab containing service keys.  It is not used in the context
+of calls used to store credentials.
+
+The value is a string in the form **type:residual** where **type** can be any
+keytab storage type understood by the implementation and **residual** is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to `FILE`.
+
+ccache
+""""""
+
+The `ccache` keyword can be used to reference a specific credential storage.
+It can be used both to indicate the source of existing credentials for the
+:func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, as well as the
+destination storage for the :func:`gssapi.raw.ext_cred_store.store_cred_into`
+function.
+
+The value is a string in the form **type:residual** where **type** can be any
+credential cache storage type understood by the implementation and
+**residual** is the ccache identifier.  If the string is a path, then the type
+is defaulted to `FILE`.  Other commonly used types are `DIR`, `KEYRING`,
+`KCM`, and `MEMORY`.  Each type has a different format for the **residual**;
+refer to the MIT krb5 documentation for more details.
+
+rcache
+""""""
+
+The `rcache` keyword can be used to reference a custom replay cache storage.
+It is used only with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions for credentials used
+to accept context establishments, not to initiate contexts.
+
+The value is a string in the form **type:residual** where **type** can be any
+replay cache storage type understood by the implementation and **residual** is
+the cache identifier (usually something like a path).  If the string is a
+path, then the type is defaulted to `FILE`.
+
+The krb5 mechanism in Heimdal
+-----------------------------
+
+Heimdal has recently implemented the credential store extensions with the same
+interface as MIT krb5.  However, it is not yet present in any released
+version.
diff --git a/stable/_sources/gssapi.raw.rst.txt b/stable/_sources/gssapi.raw.rst.txt
new file mode 100644
index 00000000..912c5364
--- /dev/null
+++ b/stable/_sources/gssapi.raw.rst.txt
@@ -0,0 +1,203 @@
+Low-Level API
+=============
+
+.. py:module:: gssapi.raw
+
+The low-level API contains a variety of Python functions that map directly
+to the corresponding C functions.  Additionally, it contains several basic
+wrapper classes that wrap underlying C structs and automatically deallocate
+them when the Python object itself is deallocated.
+
+.. warning::
+
+    All methods in both the high-level and low-level APIs may throw the generic
+    GSSError exception.
+
+Core RFC 2744
+-------------
+
+Names
+~~~~~
+
+.. note::
+    Some functions in the following section will refer to
+    "mechanism names".  These are not names of mechanisms.
+    Instead, they are a special form of name specific to
+    a given mechanism.
+
+.. autoapimodule:: gssapi.raw.names
+    :members:
+    :undoc-members:
+
+Credentials
+~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.creds
+    :members:
+    :undoc-members:
+
+Security Contexts
+~~~~~~~~~~~~~~~~~
+
+.. autoapimodule::  gssapi.raw.sec_contexts
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.message
+    :members:
+    :undoc-members:
+
+Misc
+~~~~
+
+.. autoapimodule:: gssapi.raw.oids
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.misc
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.types
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.chan_bindings
+    :members:
+    :undoc-members:
+
+Additional RFCs and Extensions
+------------------------------
+
+The following is a list of GSSAPI extensions supported by the low-level API.
+
+.. note::
+    While all of these extensions have bindings, they may not be supported
+    by your particularly GSSAPI implementation.  In this case, they will not
+    be compiled, and will simply not be available in the :mod:`gssapi.raw`
+    namespace.
+
+:rfc:`4178` (GSS-API Negotiation Mechanism)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc4178
+    :members:
+    :undoc-members:
+
+:rfc:`5587` (GSS-API Extension for Mech Attributes)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc5587
+    :members:
+    :undoc-members:
+
+:rfc:`5588` (GSS-API Extension for Storing Delegated Credentials)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc5588
+    :members:
+    :undoc-members:
+
+:rfc:`5801` (GSS-API SASL Extensions)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc5801
+    :members:
+    :undoc-members:
+
+Credential Store Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_cred_store
+    :members:
+    :undoc-members:
+
+:rfc:`6680` (GSS-API Naming Extensions)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_rfc6680
+    :members:
+    :undoc-members:
+
+Credentials Import-Export Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_cred_imp_exp
+    :members:
+    :undoc-members:
+
+DCE (IOV/AEAD) Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_dce
+    :members:
+    :undoc-members:
+
+..
+    gssapi.raw.ext_dce_aead is imported with ext_dce so no need to double up.
+
+
+IOV MIC Extensions
+~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_iov_mic
+    :members:
+    :undoc-members:
+
+Global Grid Forum (GGF) Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_ggf
+    :members:
+    :undoc-members:
+
+Services4User Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_s4u
+    :members:
+    :undoc-members:
+
+Acquiring Credentials With a Password Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_password
+    :members:
+    :undoc-members:
+
+.. autoapimodule:: gssapi.raw.ext_password_add
+    :members:
+    :undoc-members:
+
+Kerberos Specific Extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_krb5
+    :members:
+    :undoc-members:
+
+Other Extensions
+~~~~~~~~~~~~~~~~
+
+.. autoapimodule:: gssapi.raw.ext_set_cred_opt
+    :members:
+    :undoc-members:
+
+Results
+-------
+
+..
+    Use autoapimodule once
+    https://github.com/readthedocs/sphinx-autoapi/issues/323 is resolved.
+
+.. automodule:: gssapi.raw.named_tuples
+    :members:
+    :undoc-members:
+
+Exceptions
+----------
+
+.. autoapimodule:: gssapi.raw.exceptions
+    :members:
+    :undoc-members:
+    :show-inheritance:
diff --git a/stable/_sources/gssapi.rst.txt b/stable/_sources/gssapi.rst.txt
new file mode 100644
index 00000000..7c99fd49
--- /dev/null
+++ b/stable/_sources/gssapi.rst.txt
@@ -0,0 +1,127 @@
+High-Level API
+==============
+
+.. py:module:: gssapi
+
+The high-level API contains three main classes for interacting with GSSAPI,
+representing the primary abstractions that GSSAPI provides:
+:class:`~gssapi.names.Name`, :class:`~gssapi.creds.Credentials`, and
+:class:`~gssapi.sec_contexts.SecurityContext`.
+
+.. note::
+
+    Classes in the high-level API inherit from the corresponding classes in the
+    low-level API, and thus may be passed in to low-level API functions.
+
+.. warning::
+
+    All methods in both the high-level and low-level APIs may throw the generic
+    :class:`GSSError` exception.
+
+Main Classes
+------------
+
+Names
+"""""
+
+.. automodule:: gssapi.names
+    :members:
+    :undoc-members:
+
+Credentials
+"""""""""""
+
+.. automodule:: gssapi.creds
+    :members:
+    :undoc-members:
+
+Security Contexts
+"""""""""""""""""
+
+.. automodule:: gssapi.sec_contexts
+    :members:
+    :undoc-members:
+
+Enums and Helper Classes
+------------------------
+
+The following enumerations from the low-level API are also
+used with the high-level API.  For convenience, they are
+imported in the high-level API :mod:`gssapi` module:
+
+.. autoclass:: gssapi.NameType
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. autoclass:: gssapi.MechType
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+.. TODO(directxman12): Sphinx doesn't document enums properly yet,
+   so we need to figure out how to document them.
+
+.. autoclass:: gssapi.RequirementFlag
+    :show-inheritance:
+
+The ``ok_as_delegate`` flag corresponds to the C level flag
+``GSS_C_DELEG_POLICY_FLAG``. This flag is similar to ``delegate_to_peer``
+except it only delegates if the KDC delegation policies for the service
+principal allow it to use delegation. This is typically used on Microsoft
+domain environments to control whether constrained or unconstrained delegation
+is allowed for a service principal. By setting this flag, the delegation
+process follows the same behaviour as delegation on SSPI/Windows.
+
+Here are the four cases when either of these flags are set or not.
+
+Neither flag set
+   No delegation occurs.
+
+delegate_to_peer
+   Always try to delegate regardless of the KDC delegation policies.
+   ``delegate_to_peer`` is set in the return flags if successful.
+
+ok_as_delegate
+   Try to delegate but only if the KDC trusts the service principal for
+   delegation. ``delegate_to_peer`` and ``ok_as_delegate`` are set in the
+   return flags if successful.
+
+delegate_to_peer | ok_as_delegate
+   Acts like ``delegate_to_peer`` being set but will also set
+   ``ok_as_delegate`` in the return flags if the service principal was trusted
+   for delegation by the KDC.
+
+
+.. autoclass:: gssapi.AddressType
+    :show-inheritance:
+
+Similarly, there are a couple classes from the low-level API
+that are imported into the high-level API module.  These classes
+are less likely to be used directly by a user, but are returned
+by several methods:
+
+.. autoclass:: gssapi.OID
+    :members:
+
+.. autoclass:: gssapi.IntEnumFlagSet
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
+Exceptions
+----------
+
+The high-level API can raise all of the exceptions that the low-level API
+can raise in addition to several other high-level-specific exceptions:
+
+.. automodule:: gssapi.exceptions
+    :members:
+    :undoc-members:
+    :show-inheritance:
+    :imported-members:
+
+Utilities
+---------
+
+.. autofunction:: gssapi.set_encoding
diff --git a/stable/_sources/index.rst.txt b/stable/_sources/index.rst.txt
new file mode 100644
index 00000000..1cf289bb
--- /dev/null
+++ b/stable/_sources/index.rst.txt
@@ -0,0 +1,41 @@
+.. Python-GSSAPI documentation master file, created by
+   sphinx-quickstart on Tue Jul  2 19:01:09 2013.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Python-GSSAPI: Python bindings for GSSAPI
+=========================================
+
+Python-GSSAPI provides Python bindings for the GSSAPI C bindings as defined
+by :rfc:`2744`, as well as several extensions.
+
+The package is organized into two parts: a high-level API and a low-level API.
+The high-level API resides in :mod:`gssapi`, and presents an object-oriented
+API around GSSAPI.
+
+The other part of Python-GSSAPI is the low-level API, which resides in
+:mod:`gssapi.raw`.  The low-level API provides thin wrappers around the
+corresponding C functions.  The high-level API makes use of the low-level API
+to access underlying GSSAPI functionality.  Additionally certain extensions
+are currently only available from the low-level API.
+
+To get started, check out the :doc:`tutorials page ` or jump
+straight into the :doc:`high-level API documentation `.
+
+.. toctree::
+   :hidden:
+   :maxdepth: 3
+
+   gssapi.rst
+   gssapi.raw.rst
+   otherdoc.rst
+   tutorials.rst
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
+
diff --git a/stable/_sources/otherdoc.rst.txt b/stable/_sources/otherdoc.rst.txt
new file mode 100644
index 00000000..7e8e6f30
--- /dev/null
+++ b/stable/_sources/otherdoc.rst.txt
@@ -0,0 +1,11 @@
+Other Documentation
+===================
+
+This section contain documentation that is not expressed directly in functions
+documentation, like implementation specific quirks or issues, implementation
+tips, environment influence on operations and similar.
+
+.. toctree::
+   :maxdepth: 1
+
+   credstore.rst
diff --git a/stable/_sources/tutorials.rst.txt b/stable/_sources/tutorials.rst.txt
new file mode 100644
index 00000000..86f364dc
--- /dev/null
+++ b/stable/_sources/tutorials.rst.txt
@@ -0,0 +1,10 @@
+Tutorials
+=========
+
+To get started with using Python-GSSAPI, check out some of the following tutorials:
+
+.. toctree::
+   :maxdepth: 1
+
+   basic-tutorial.md
+
diff --git a/stable/_static/_sphinx_javascript_frameworks_compat.js b/stable/_static/_sphinx_javascript_frameworks_compat.js
new file mode 100644
index 00000000..81415803
--- /dev/null
+++ b/stable/_static/_sphinx_javascript_frameworks_compat.js
@@ -0,0 +1,123 @@
+/* Compatability shim for jQuery and underscores.js.
+ *
+ * Copyright Sphinx contributors
+ * Released under the two clause BSD licence
+ */
+
+/**
+ * small helper function to urldecode strings
+ *
+ * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL
+ */
+jQuery.urldecode = function(x) {
+    if (!x) {
+        return x
+    }
+    return decodeURIComponent(x.replace(/\+/g, ' '));
+};
+
+/**
+ * small helper function to urlencode strings
+ */
+jQuery.urlencode = encodeURIComponent;
+
+/**
+ * This function returns the parsed url parameters of the
+ * current request. Multiple values per key are supported,
+ * it will always return arrays of strings for the value parts.
+ */
+jQuery.getQueryParameters = function(s) {
+    if (typeof s === 'undefined')
+        s = document.location.search;
+    var parts = s.substr(s.indexOf('?') + 1).split('&');
+    var result = {};
+    for (var i = 0; i < parts.length; i++) {
+        var tmp = parts[i].split('=', 2);
+        var key = jQuery.urldecode(tmp[0]);
+        var value = jQuery.urldecode(tmp[1]);
+        if (key in result)
+            result[key].push(value);
+        else
+            result[key] = [value];
+    }
+    return result;
+};
+
+/**
+ * highlight a given string on a jquery object by wrapping it in
+ * span elements with the given class name.
+ */
+jQuery.fn.highlightText = function(text, className) {
+    function highlight(node, addItems) {
+        if (node.nodeType === 3) {
+            var val = node.nodeValue;
+            var pos = val.toLowerCase().indexOf(text);
+            if (pos >= 0 &&
+                !jQuery(node.parentNode).hasClass(className) &&
+                !jQuery(node.parentNode).hasClass("nohighlight")) {
+                var span;
+                var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg");
+                if (isInSVG) {
+                    span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+                } else {
+                    span = document.createElement("span");
+                    span.className = className;
+                }
+                span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+                node.parentNode.insertBefore(span, node.parentNode.insertBefore(
+                    document.createTextNode(val.substr(pos + text.length)),
+                    node.nextSibling));
+                node.nodeValue = val.substr(0, pos);
+                if (isInSVG) {
+                    var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect");
+                    var bbox = node.parentElement.getBBox();
+                    rect.x.baseVal.value = bbox.x;
+                    rect.y.baseVal.value = bbox.y;
+                    rect.width.baseVal.value = bbox.width;
+                    rect.height.baseVal.value = bbox.height;
+                    rect.setAttribute('class', className);
+                    addItems.push({
+                        "parent": node.parentNode,
+                        "target": rect});
+                }
+            }
+        }
+        else if (!jQuery(node).is("button, select, textarea")) {
+            jQuery.each(node.childNodes, function() {
+                highlight(this, addItems);
+            });
+        }
+    }
+    var addItems = [];
+    var result = this.each(function() {
+        highlight(this, addItems);
+    });
+    for (var i = 0; i < addItems.length; ++i) {
+        jQuery(addItems[i].parent).before(addItems[i].target);
+    }
+    return result;
+};
+
+/*
+ * backward compatibility for jQuery.browser
+ * This will be supported until firefox bug is fixed.
+ */
+if (!jQuery.browser) {
+    jQuery.uaMatch = function(ua) {
+        ua = ua.toLowerCase();
+
+        var match = /(chrome)[ \/]([\w.]+)/.exec(ua) ||
+            /(webkit)[ \/]([\w.]+)/.exec(ua) ||
+            /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) ||
+            /(msie) ([\w.]+)/.exec(ua) ||
+            ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) ||
+            [];
+
+        return {
+            browser: match[ 1 ] || "",
+            version: match[ 2 ] || "0"
+        };
+    };
+    jQuery.browser = {};
+    jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true;
+}
diff --git a/stable/_static/basic.css b/stable/_static/basic.css
new file mode 100644
index 00000000..f316efcb
--- /dev/null
+++ b/stable/_static/basic.css
@@ -0,0 +1,925 @@
+/*
+ * basic.css
+ * ~~~~~~~~~
+ *
+ * Sphinx stylesheet -- basic theme.
+ *
+ * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+/* -- main layout ----------------------------------------------------------- */
+
+div.clearer {
+    clear: both;
+}
+
+div.section::after {
+    display: block;
+    content: '';
+    clear: left;
+}
+
+/* -- relbar ---------------------------------------------------------------- */
+
+div.related {
+    width: 100%;
+    font-size: 90%;
+}
+
+div.related h3 {
+    display: none;
+}
+
+div.related ul {
+    margin: 0;
+    padding: 0 0 0 10px;
+    list-style: none;
+}
+
+div.related li {
+    display: inline;
+}
+
+div.related li.right {
+    float: right;
+    margin-right: 5px;
+}
+
+/* -- sidebar --------------------------------------------------------------- */
+
+div.sphinxsidebarwrapper {
+    padding: 10px 5px 0 10px;
+}
+
+div.sphinxsidebar {
+    float: left;
+    width: 230px;
+    margin-left: -100%;
+    font-size: 90%;
+    word-wrap: break-word;
+    overflow-wrap : break-word;
+}
+
+div.sphinxsidebar ul {
+    list-style: none;
+}
+
+div.sphinxsidebar ul ul,
+div.sphinxsidebar ul.want-points {
+    margin-left: 20px;
+    list-style: square;
+}
+
+div.sphinxsidebar ul ul {
+    margin-top: 0;
+    margin-bottom: 0;
+}
+
+div.sphinxsidebar form {
+    margin-top: 10px;
+}
+
+div.sphinxsidebar input {
+    border: 1px solid #98dbcc;
+    font-family: sans-serif;
+    font-size: 1em;
+}
+
+div.sphinxsidebar #searchbox form.search {
+    overflow: hidden;
+}
+
+div.sphinxsidebar #searchbox input[type="text"] {
+    float: left;
+    width: 80%;
+    padding: 0.25em;
+    box-sizing: border-box;
+}
+
+div.sphinxsidebar #searchbox input[type="submit"] {
+    float: left;
+    width: 20%;
+    border-left: none;
+    padding: 0.25em;
+    box-sizing: border-box;
+}
+
+
+img {
+    border: 0;
+    max-width: 100%;
+}
+
+/* -- search page ----------------------------------------------------------- */
+
+ul.search {
+    margin: 10px 0 0 20px;
+    padding: 0;
+}
+
+ul.search li {
+    padding: 5px 0 5px 20px;
+    background-image: url(file.png);
+    background-repeat: no-repeat;
+    background-position: 0 7px;
+}
+
+ul.search li a {
+    font-weight: bold;
+}
+
+ul.search li p.context {
+    color: #888;
+    margin: 2px 0 0 30px;
+    text-align: left;
+}
+
+ul.keywordmatches li.goodmatch a {
+    font-weight: bold;
+}
+
+/* -- index page ------------------------------------------------------------ */
+
+table.contentstable {
+    width: 90%;
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table.contentstable p.biglink {
+    line-height: 150%;
+}
+
+a.biglink {
+    font-size: 1.3em;
+}
+
+span.linkdescr {
+    font-style: italic;
+    padding-top: 5px;
+    font-size: 90%;
+}
+
+/* -- general index --------------------------------------------------------- */
+
+table.indextable {
+    width: 100%;
+}
+
+table.indextable td {
+    text-align: left;
+    vertical-align: top;
+}
+
+table.indextable ul {
+    margin-top: 0;
+    margin-bottom: 0;
+    list-style-type: none;
+}
+
+table.indextable > tbody > tr > td > ul {
+    padding-left: 0em;
+}
+
+table.indextable tr.pcap {
+    height: 10px;
+}
+
+table.indextable tr.cap {
+    margin-top: 10px;
+    background-color: #f2f2f2;
+}
+
+img.toggler {
+    margin-right: 3px;
+    margin-top: 3px;
+    cursor: pointer;
+}
+
+div.modindex-jumpbox {
+    border-top: 1px solid #ddd;
+    border-bottom: 1px solid #ddd;
+    margin: 1em 0 1em 0;
+    padding: 0.4em;
+}
+
+div.genindex-jumpbox {
+    border-top: 1px solid #ddd;
+    border-bottom: 1px solid #ddd;
+    margin: 1em 0 1em 0;
+    padding: 0.4em;
+}
+
+/* -- domain module index --------------------------------------------------- */
+
+table.modindextable td {
+    padding: 2px;
+    border-collapse: collapse;
+}
+
+/* -- general body styles --------------------------------------------------- */
+
+div.body {
+    min-width: 360px;
+    max-width: 800px;
+}
+
+div.body p, div.body dd, div.body li, div.body blockquote {
+    -moz-hyphens: auto;
+    -ms-hyphens: auto;
+    -webkit-hyphens: auto;
+    hyphens: auto;
+}
+
+a.headerlink {
+    visibility: hidden;
+}
+
+a:visited {
+    color: #551A8B;
+}
+
+h1:hover > a.headerlink,
+h2:hover > a.headerlink,
+h3:hover > a.headerlink,
+h4:hover > a.headerlink,
+h5:hover > a.headerlink,
+h6:hover > a.headerlink,
+dt:hover > a.headerlink,
+caption:hover > a.headerlink,
+p.caption:hover > a.headerlink,
+div.code-block-caption:hover > a.headerlink {
+    visibility: visible;
+}
+
+div.body p.caption {
+    text-align: inherit;
+}
+
+div.body td {
+    text-align: left;
+}
+
+.first {
+    margin-top: 0 !important;
+}
+
+p.rubric {
+    margin-top: 30px;
+    font-weight: bold;
+}
+
+img.align-left, figure.align-left, .figure.align-left, object.align-left {
+    clear: left;
+    float: left;
+    margin-right: 1em;
+}
+
+img.align-right, figure.align-right, .figure.align-right, object.align-right {
+    clear: right;
+    float: right;
+    margin-left: 1em;
+}
+
+img.align-center, figure.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+img.align-default, figure.align-default, .figure.align-default {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+    text-align: left;
+}
+
+.align-center {
+    text-align: center;
+}
+
+.align-default {
+    text-align: center;
+}
+
+.align-right {
+    text-align: right;
+}
+
+/* -- sidebars -------------------------------------------------------------- */
+
+div.sidebar,
+aside.sidebar {
+    margin: 0 0 0.5em 1em;
+    border: 1px solid #ddb;
+    padding: 7px;
+    background-color: #ffe;
+    width: 40%;
+    float: right;
+    clear: right;
+    overflow-x: auto;
+}
+
+p.sidebar-title {
+    font-weight: bold;
+}
+
+nav.contents,
+aside.topic,
+div.admonition, div.topic, blockquote {
+    clear: left;
+}
+
+/* -- topics ---------------------------------------------------------------- */
+
+nav.contents,
+aside.topic,
+div.topic {
+    border: 1px solid #ccc;
+    padding: 7px;
+    margin: 10px 0 10px 0;
+}
+
+p.topic-title {
+    font-size: 1.1em;
+    font-weight: bold;
+    margin-top: 10px;
+}
+
+/* -- admonitions ----------------------------------------------------------- */
+
+div.admonition {
+    margin-top: 10px;
+    margin-bottom: 10px;
+    padding: 7px;
+}
+
+div.admonition dt {
+    font-weight: bold;
+}
+
+p.admonition-title {
+    margin: 0px 10px 5px 0px;
+    font-weight: bold;
+}
+
+div.body p.centered {
+    text-align: center;
+    margin-top: 25px;
+}
+
+/* -- content of sidebars/topics/admonitions -------------------------------- */
+
+div.sidebar > :last-child,
+aside.sidebar > :last-child,
+nav.contents > :last-child,
+aside.topic > :last-child,
+div.topic > :last-child,
+div.admonition > :last-child {
+    margin-bottom: 0;
+}
+
+div.sidebar::after,
+aside.sidebar::after,
+nav.contents::after,
+aside.topic::after,
+div.topic::after,
+div.admonition::after,
+blockquote::after {
+    display: block;
+    content: '';
+    clear: both;
+}
+
+/* -- tables ---------------------------------------------------------------- */
+
+table.docutils {
+    margin-top: 10px;
+    margin-bottom: 10px;
+    border: 0;
+    border-collapse: collapse;
+}
+
+table.align-center {
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table.align-default {
+    margin-left: auto;
+    margin-right: auto;
+}
+
+table caption span.caption-number {
+    font-style: italic;
+}
+
+table caption span.caption-text {
+}
+
+table.docutils td, table.docutils th {
+    padding: 1px 8px 1px 5px;
+    border-top: 0;
+    border-left: 0;
+    border-right: 0;
+    border-bottom: 1px solid #aaa;
+}
+
+th {
+    text-align: left;
+    padding-right: 5px;
+}
+
+table.citation {
+    border-left: solid 1px gray;
+    margin-left: 1px;
+}
+
+table.citation td {
+    border-bottom: none;
+}
+
+th > :first-child,
+td > :first-child {
+    margin-top: 0px;
+}
+
+th > :last-child,
+td > :last-child {
+    margin-bottom: 0px;
+}
+
+/* -- figures --------------------------------------------------------------- */
+
+div.figure, figure {
+    margin: 0.5em;
+    padding: 0.5em;
+}
+
+div.figure p.caption, figcaption {
+    padding: 0.3em;
+}
+
+div.figure p.caption span.caption-number,
+figcaption span.caption-number {
+    font-style: italic;
+}
+
+div.figure p.caption span.caption-text,
+figcaption span.caption-text {
+}
+
+/* -- field list styles ----------------------------------------------------- */
+
+table.field-list td, table.field-list th {
+    border: 0 !important;
+}
+
+.field-list ul {
+    margin: 0;
+    padding-left: 1em;
+}
+
+.field-list p {
+    margin: 0;
+}
+
+.field-name {
+    -moz-hyphens: manual;
+    -ms-hyphens: manual;
+    -webkit-hyphens: manual;
+    hyphens: manual;
+}
+
+/* -- hlist styles ---------------------------------------------------------- */
+
+table.hlist {
+    margin: 1em 0;
+}
+
+table.hlist td {
+    vertical-align: top;
+}
+
+/* -- object description styles --------------------------------------------- */
+
+.sig {
+	font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
+}
+
+.sig-name, code.descname {
+    background-color: transparent;
+    font-weight: bold;
+}
+
+.sig-name {
+	font-size: 1.1em;
+}
+
+code.descname {
+    font-size: 1.2em;
+}
+
+.sig-prename, code.descclassname {
+    background-color: transparent;
+}
+
+.optional {
+    font-size: 1.3em;
+}
+
+.sig-paren {
+    font-size: larger;
+}
+
+.sig-param.n {
+	font-style: italic;
+}
+
+/* C++ specific styling */
+
+.sig-inline.c-texpr,
+.sig-inline.cpp-texpr {
+	font-family: unset;
+}
+
+.sig.c   .k, .sig.c   .kt,
+.sig.cpp .k, .sig.cpp .kt {
+	color: #0033B3;
+}
+
+.sig.c   .m,
+.sig.cpp .m {
+	color: #1750EB;
+}
+
+.sig.c   .s, .sig.c   .sc,
+.sig.cpp .s, .sig.cpp .sc {
+	color: #067D17;
+}
+
+
+/* -- other body styles ----------------------------------------------------- */
+
+ol.arabic {
+    list-style: decimal;
+}
+
+ol.loweralpha {
+    list-style: lower-alpha;
+}
+
+ol.upperalpha {
+    list-style: upper-alpha;
+}
+
+ol.lowerroman {
+    list-style: lower-roman;
+}
+
+ol.upperroman {
+    list-style: upper-roman;
+}
+
+:not(li) > ol > li:first-child > :first-child,
+:not(li) > ul > li:first-child > :first-child {
+    margin-top: 0px;
+}
+
+:not(li) > ol > li:last-child > :last-child,
+:not(li) > ul > li:last-child > :last-child {
+    margin-bottom: 0px;
+}
+
+ol.simple ol p,
+ol.simple ul p,
+ul.simple ol p,
+ul.simple ul p {
+    margin-top: 0;
+}
+
+ol.simple > li:not(:first-child) > p,
+ul.simple > li:not(:first-child) > p {
+    margin-top: 0;
+}
+
+ol.simple p,
+ul.simple p {
+    margin-bottom: 0;
+}
+
+aside.footnote > span,
+div.citation > span {
+    float: left;
+}
+aside.footnote > span:last-of-type,
+div.citation > span:last-of-type {
+  padding-right: 0.5em;
+}
+aside.footnote > p {
+  margin-left: 2em;
+}
+div.citation > p {
+  margin-left: 4em;
+}
+aside.footnote > p:last-of-type,
+div.citation > p:last-of-type {
+    margin-bottom: 0em;
+}
+aside.footnote > p:last-of-type:after,
+div.citation > p:last-of-type:after {
+    content: "";
+    clear: both;
+}
+
+dl.field-list {
+    display: grid;
+    grid-template-columns: fit-content(30%) auto;
+}
+
+dl.field-list > dt {
+    font-weight: bold;
+    word-break: break-word;
+    padding-left: 0.5em;
+    padding-right: 5px;
+}
+
+dl.field-list > dd {
+    padding-left: 0.5em;
+    margin-top: 0em;
+    margin-left: 0em;
+    margin-bottom: 0em;
+}
+
+dl {
+    margin-bottom: 15px;
+}
+
+dd > :first-child {
+    margin-top: 0px;
+}
+
+dd ul, dd table {
+    margin-bottom: 10px;
+}
+
+dd {
+    margin-top: 3px;
+    margin-bottom: 10px;
+    margin-left: 30px;
+}
+
+.sig dd {
+    margin-top: 0px;
+    margin-bottom: 0px;
+}
+
+.sig dl {
+    margin-top: 0px;
+    margin-bottom: 0px;
+}
+
+dl > dd:last-child,
+dl > dd:last-child > :last-child {
+    margin-bottom: 0;
+}
+
+dt:target, span.highlighted {
+    background-color: #fbe54e;
+}
+
+rect.highlighted {
+    fill: #fbe54e;
+}
+
+dl.glossary dt {
+    font-weight: bold;
+    font-size: 1.1em;
+}
+
+.versionmodified {
+    font-style: italic;
+}
+
+.system-message {
+    background-color: #fda;
+    padding: 5px;
+    border: 3px solid red;
+}
+
+.footnote:target  {
+    background-color: #ffa;
+}
+
+.line-block {
+    display: block;
+    margin-top: 1em;
+    margin-bottom: 1em;
+}
+
+.line-block .line-block {
+    margin-top: 0;
+    margin-bottom: 0;
+    margin-left: 1.5em;
+}
+
+.guilabel, .menuselection {
+    font-family: sans-serif;
+}
+
+.accelerator {
+    text-decoration: underline;
+}
+
+.classifier {
+    font-style: oblique;
+}
+
+.classifier:before {
+    font-style: normal;
+    margin: 0 0.5em;
+    content: ":";
+    display: inline-block;
+}
+
+abbr, acronym {
+    border-bottom: dotted 1px;
+    cursor: help;
+}
+
+.translated {
+    background-color: rgba(207, 255, 207, 0.2)
+}
+
+.untranslated {
+    background-color: rgba(255, 207, 207, 0.2)
+}
+
+/* -- code displays --------------------------------------------------------- */
+
+pre {
+    overflow: auto;
+    overflow-y: hidden;  /* fixes display issues on Chrome browsers */
+}
+
+pre, div[class*="highlight-"] {
+    clear: both;
+}
+
+span.pre {
+    -moz-hyphens: none;
+    -ms-hyphens: none;
+    -webkit-hyphens: none;
+    hyphens: none;
+    white-space: nowrap;
+}
+
+div[class*="highlight-"] {
+    margin: 1em 0;
+}
+
+td.linenos pre {
+    border: 0;
+    background-color: transparent;
+    color: #aaa;
+}
+
+table.highlighttable {
+    display: block;
+}
+
+table.highlighttable tbody {
+    display: block;
+}
+
+table.highlighttable tr {
+    display: flex;
+}
+
+table.highlighttable td {
+    margin: 0;
+    padding: 0;
+}
+
+table.highlighttable td.linenos {
+    padding-right: 0.5em;
+}
+
+table.highlighttable td.code {
+    flex: 1;
+    overflow: hidden;
+}
+
+.highlight .hll {
+    display: block;
+}
+
+div.highlight pre,
+table.highlighttable pre {
+    margin: 0;
+}
+
+div.code-block-caption + div {
+    margin-top: 0;
+}
+
+div.code-block-caption {
+    margin-top: 1em;
+    padding: 2px 5px;
+    font-size: small;
+}
+
+div.code-block-caption code {
+    background-color: transparent;
+}
+
+table.highlighttable td.linenos,
+span.linenos,
+div.highlight span.gp {  /* gp: Generic.Prompt */
+  user-select: none;
+  -webkit-user-select: text; /* Safari fallback only */
+  -webkit-user-select: none; /* Chrome/Safari */
+  -moz-user-select: none; /* Firefox */
+  -ms-user-select: none; /* IE10+ */
+}
+
+div.code-block-caption span.caption-number {
+    padding: 0.1em 0.3em;
+    font-style: italic;
+}
+
+div.code-block-caption span.caption-text {
+}
+
+div.literal-block-wrapper {
+    margin: 1em 0;
+}
+
+code.xref, a code {
+    background-color: transparent;
+    font-weight: bold;
+}
+
+h1 code, h2 code, h3 code, h4 code, h5 code, h6 code {
+    background-color: transparent;
+}
+
+.viewcode-link {
+    float: right;
+}
+
+.viewcode-back {
+    float: right;
+    font-family: sans-serif;
+}
+
+div.viewcode-block:target {
+    margin: -1px -10px;
+    padding: 0 10px;
+}
+
+/* -- math display ---------------------------------------------------------- */
+
+img.math {
+    vertical-align: middle;
+}
+
+div.body div.math p {
+    text-align: center;
+}
+
+span.eqno {
+    float: right;
+}
+
+span.eqno a.headerlink {
+    position: absolute;
+    z-index: 1;
+}
+
+div.math:hover a.headerlink {
+    visibility: visible;
+}
+
+/* -- printout stylesheet --------------------------------------------------- */
+
+@media print {
+    div.document,
+    div.documentwrapper,
+    div.bodywrapper {
+        margin: 0 !important;
+        width: 100%;
+    }
+
+    div.sphinxsidebar,
+    div.related,
+    div.footer,
+    #top-link {
+        display: none;
+    }
+}
\ No newline at end of file
diff --git a/stable/_static/css/badge_only.css b/stable/_static/css/badge_only.css
new file mode 100644
index 00000000..88ba55b9
--- /dev/null
+++ b/stable/_static/css/badge_only.css
@@ -0,0 +1 @@
+.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions .rst-other-versions .rtd-current-item{font-weight:700}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}#flyout-search-form{padding:6px}
\ No newline at end of file
diff --git a/stable/_static/css/fonts/Roboto-Slab-Bold.woff b/stable/_static/css/fonts/Roboto-Slab-Bold.woff
new file mode 100644
index 00000000..6cb60000
Binary files /dev/null and b/stable/_static/css/fonts/Roboto-Slab-Bold.woff differ
diff --git a/stable/_static/css/fonts/Roboto-Slab-Bold.woff2 b/stable/_static/css/fonts/Roboto-Slab-Bold.woff2
new file mode 100644
index 00000000..7059e231
Binary files /dev/null and b/stable/_static/css/fonts/Roboto-Slab-Bold.woff2 differ
diff --git a/stable/_static/css/fonts/Roboto-Slab-Regular.woff b/stable/_static/css/fonts/Roboto-Slab-Regular.woff
new file mode 100644
index 00000000..f815f63f
Binary files /dev/null and b/stable/_static/css/fonts/Roboto-Slab-Regular.woff differ
diff --git a/stable/_static/css/fonts/Roboto-Slab-Regular.woff2 b/stable/_static/css/fonts/Roboto-Slab-Regular.woff2
new file mode 100644
index 00000000..f2c76e5b
Binary files /dev/null and b/stable/_static/css/fonts/Roboto-Slab-Regular.woff2 differ
diff --git a/stable/_static/css/fonts/fontawesome-webfont.eot b/stable/_static/css/fonts/fontawesome-webfont.eot
new file mode 100644
index 00000000..e9f60ca9
Binary files /dev/null and b/stable/_static/css/fonts/fontawesome-webfont.eot differ
diff --git a/stable/_static/css/fonts/fontawesome-webfont.svg b/stable/_static/css/fonts/fontawesome-webfont.svg
new file mode 100644
index 00000000..855c845e
--- /dev/null
+++ b/stable/_static/css/fonts/fontawesome-webfont.svg
@@ -0,0 +1,2671 @@
+
+
+
+
+Created by FontForge 20120731 at Mon Oct 24 17:37:40 2016
+ By ,,,
+Copyright Dave Gandy 2016. All rights reserved.
+
+
+
+  
+
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+  
+
diff --git a/stable/_static/css/fonts/fontawesome-webfont.ttf b/stable/_static/css/fonts/fontawesome-webfont.ttf
new file mode 100644
index 00000000..35acda2f
Binary files /dev/null and b/stable/_static/css/fonts/fontawesome-webfont.ttf differ
diff --git a/stable/_static/css/fonts/fontawesome-webfont.woff b/stable/_static/css/fonts/fontawesome-webfont.woff
new file mode 100644
index 00000000..400014a4
Binary files /dev/null and b/stable/_static/css/fonts/fontawesome-webfont.woff differ
diff --git a/stable/_static/css/fonts/fontawesome-webfont.woff2 b/stable/_static/css/fonts/fontawesome-webfont.woff2
new file mode 100644
index 00000000..4d13fc60
Binary files /dev/null and b/stable/_static/css/fonts/fontawesome-webfont.woff2 differ
diff --git a/stable/_static/css/fonts/lato-bold-italic.woff b/stable/_static/css/fonts/lato-bold-italic.woff
new file mode 100644
index 00000000..88ad05b9
Binary files /dev/null and b/stable/_static/css/fonts/lato-bold-italic.woff differ
diff --git a/stable/_static/css/fonts/lato-bold-italic.woff2 b/stable/_static/css/fonts/lato-bold-italic.woff2
new file mode 100644
index 00000000..c4e3d804
Binary files /dev/null and b/stable/_static/css/fonts/lato-bold-italic.woff2 differ
diff --git a/stable/_static/css/fonts/lato-bold.woff b/stable/_static/css/fonts/lato-bold.woff
new file mode 100644
index 00000000..c6dff51f
Binary files /dev/null and b/stable/_static/css/fonts/lato-bold.woff differ
diff --git a/stable/_static/css/fonts/lato-bold.woff2 b/stable/_static/css/fonts/lato-bold.woff2
new file mode 100644
index 00000000..bb195043
Binary files /dev/null and b/stable/_static/css/fonts/lato-bold.woff2 differ
diff --git a/stable/_static/css/fonts/lato-normal-italic.woff b/stable/_static/css/fonts/lato-normal-italic.woff
new file mode 100644
index 00000000..76114bc0
Binary files /dev/null and b/stable/_static/css/fonts/lato-normal-italic.woff differ
diff --git a/stable/_static/css/fonts/lato-normal-italic.woff2 b/stable/_static/css/fonts/lato-normal-italic.woff2
new file mode 100644
index 00000000..3404f37e
Binary files /dev/null and b/stable/_static/css/fonts/lato-normal-italic.woff2 differ
diff --git a/stable/_static/css/fonts/lato-normal.woff b/stable/_static/css/fonts/lato-normal.woff
new file mode 100644
index 00000000..ae1307ff
Binary files /dev/null and b/stable/_static/css/fonts/lato-normal.woff differ
diff --git a/stable/_static/css/fonts/lato-normal.woff2 b/stable/_static/css/fonts/lato-normal.woff2
new file mode 100644
index 00000000..3bf98433
Binary files /dev/null and b/stable/_static/css/fonts/lato-normal.woff2 differ
diff --git a/stable/_static/css/theme.css b/stable/_static/css/theme.css
new file mode 100644
index 00000000..6843d97b
--- /dev/null
+++ b/stable/_static/css/theme.css
@@ -0,0 +1,4 @@
+html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden],audio:not([controls]){display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;text-decoration:none}ins,mark{color:#000}mark{background:#ff0;font-style:italic;font-weight:700}.rst-content code,.rst-content tt,code,kbd,pre,samp{font-family:monospace,serif;_font-family:courier new,monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:after,q:before{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}dl,ol,ul{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure,form{margin:0}label{cursor:pointer}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}textarea{resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none!important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{body,html,section{background:none!important}*{box-shadow:none!important;text-shadow:none!important;filter:none!important;-ms-filter:none!important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="#"]:after,a[href^="javascript:"]:after{content:""}blockquote,pre{page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}.rst-content .toctree-wrapper>p.caption,h2,h3,p{orphans:3;widows:3}.rst-content .toctree-wrapper>p.caption,h2,h3{page-break-after:avoid}}.btn,.fa:before,.icon:before,.rst-content .admonition,.rst-content .admonition-title:before,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .code-block-caption .headerlink:before,.rst-content .danger,.rst-content .eqno .headerlink:before,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-alert,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before,input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week],select,textarea{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}/*!
+ *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
+ *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
+ */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:""}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:""}.fa-search-plus:before{content:""}.fa-search-minus:before{content:""}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:""}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:""}.fa-map-marker:before{content:""}.fa-adjust:before{content:""}.fa-tint:before{content:""}.fa-edit:before,.fa-pencil-square-o:before{content:""}.fa-share-square-o:before{content:""}.fa-check-square-o:before{content:""}.fa-arrows:before{content:""}.fa-step-backward:before{content:""}.fa-fast-backward:before{content:""}.fa-backward:before{content:""}.fa-play:before{content:""}.fa-pause:before{content:""}.fa-stop:before{content:""}.fa-forward:before{content:""}.fa-fast-forward:before{content:""}.fa-step-forward:before{content:""}.fa-eject:before{content:""}.fa-chevron-left:before{content:""}.fa-chevron-right:before{content:""}.fa-plus-circle:before{content:""}.fa-minus-circle:before{content:""}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:""}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:""}.fa-question-circle:before{content:""}.fa-info-circle:before{content:""}.fa-crosshairs:before{content:""}.fa-times-circle-o:before{content:""}.fa-check-circle-o:before{content:""}.fa-ban:before{content:""}.fa-arrow-left:before{content:""}.fa-arrow-right:before{content:""}.fa-arrow-up:before{content:""}.fa-arrow-down:before{content:""}.fa-mail-forward:before,.fa-share:before{content:""}.fa-expand:before{content:""}.fa-compress:before{content:""}.fa-plus:before{content:""}.fa-minus:before{content:""}.fa-asterisk:before{content:""}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:""}.fa-gift:before{content:""}.fa-leaf:before{content:""}.fa-fire:before,.icon-fire:before{content:""}.fa-eye:before{content:""}.fa-eye-slash:before{content:""}.fa-exclamation-triangle:before,.fa-warning:before{content:""}.fa-plane:before{content:""}.fa-calendar:before{content:""}.fa-random:before{content:""}.fa-comment:before{content:""}.fa-magnet:before{content:""}.fa-chevron-up:before{content:""}.fa-chevron-down:before{content:""}.fa-retweet:before{content:""}.fa-shopping-cart:before{content:""}.fa-folder:before{content:""}.fa-folder-open:before{content:""}.fa-arrows-v:before{content:""}.fa-arrows-h:before{content:""}.fa-bar-chart-o:before,.fa-bar-chart:before{content:""}.fa-twitter-square:before{content:""}.fa-facebook-square:before{content:""}.fa-camera-retro:before{content:""}.fa-key:before{content:""}.fa-cogs:before,.fa-gears:before{content:""}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:""}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:""}.fa-external-link:before{content:""}.fa-sign-in:before{content:""}.fa-trophy:before{content:""}.fa-github-square:before{content:""}.fa-upload:before{content:""}.fa-lemon-o:before{content:""}.fa-phone:before{content:""}.fa-square-o:before{content:""}.fa-bookmark-o:before{content:""}.fa-phone-square:before{content:""}.fa-twitter:before{content:""}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:""}.fa-unlock:before{content:""}.fa-credit-card:before{content:""}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:""}.fa-bullhorn:before{content:""}.fa-bell:before{content:""}.fa-certificate:before{content:""}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:""}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:""}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:""}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:""}.fa-globe:before{content:""}.fa-wrench:before{content:""}.fa-tasks:before{content:""}.fa-filter:before{content:""}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:""}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:""}.fa-table:before{content:""}.fa-magic:before{content:""}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:""}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:""}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:""}.fa-angle-double-right:before{content:""}.fa-angle-double-up:before{content:""}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:""}.fa-angle-right:before{content:""}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:""}.fa-circle-o:before{content:""}.fa-quote-left:before{content:""}.fa-quote-right:before{content:""}.fa-spinner:before{content:""}.fa-circle:before{content:""}.fa-mail-reply:before,.fa-reply:before{content:""}.fa-github-alt:before{content:""}.fa-folder-o:before{content:""}.fa-folder-open-o:before{content:""}.fa-smile-o:before{content:""}.fa-frown-o:before{content:""}.fa-meh-o:before{content:""}.fa-gamepad:before{content:""}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:""}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:""}.fa-code:before{content:""}.fa-mail-reply-all:before,.fa-reply-all:before{content:""}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:""}.fa-location-arrow:before{content:""}.fa-crop:before{content:""}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:""}.fa-question:before{content:""}.fa-info:before{content:""}.fa-exclamation:before{content:""}.fa-superscript:before{content:""}.fa-subscript:before{content:""}.fa-eraser:before{content:""}.fa-puzzle-piece:before{content:""}.fa-microphone:before{content:""}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:""}.fa-rocket:before{content:""}.fa-maxcdn:before{content:""}.fa-chevron-circle-left:before{content:""}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:""}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:""}.fa-ellipsis-h:before{content:""}.fa-ellipsis-v:before{content:""}.fa-rss-square:before{content:""}.fa-play-circle:before{content:""}.fa-ticket:before{content:""}.fa-minus-square:before{content:""}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:""}.fa-level-up:before{content:""}.fa-level-down:before{content:""}.fa-check-square:before{content:""}.fa-pencil-square:before{content:""}.fa-external-link-square:before{content:""}.fa-share-square:before{content:""}.fa-compass:before{content:""}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:""}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:""}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:""}.fa-eur:before,.fa-euro:before{content:""}.fa-gbp:before{content:""}.fa-dollar:before,.fa-usd:before{content:""}.fa-inr:before,.fa-rupee:before{content:""}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:""}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:""}.fa-krw:before,.fa-won:before{content:""}.fa-bitcoin:before,.fa-btc:before{content:""}.fa-file:before{content:""}.fa-file-text:before{content:""}.fa-sort-alpha-asc:before{content:""}.fa-sort-alpha-desc:before{content:""}.fa-sort-amount-asc:before{content:""}.fa-sort-amount-desc:before{content:""}.fa-sort-numeric-asc:before{content:""}.fa-sort-numeric-desc:before{content:""}.fa-thumbs-up:before{content:""}.fa-thumbs-down:before{content:""}.fa-youtube-square:before{content:""}.fa-youtube:before{content:""}.fa-xing:before{content:""}.fa-xing-square:before{content:""}.fa-youtube-play:before{content:""}.fa-dropbox:before{content:""}.fa-stack-overflow:before{content:""}.fa-instagram:before{content:""}.fa-flickr:before{content:""}.fa-adn:before{content:""}.fa-bitbucket:before,.icon-bitbucket:before{content:""}.fa-bitbucket-square:before{content:""}.fa-tumblr:before{content:""}.fa-tumblr-square:before{content:""}.fa-long-arrow-down:before{content:""}.fa-long-arrow-up:before{content:""}.fa-long-arrow-left:before{content:""}.fa-long-arrow-right:before{content:""}.fa-apple:before{content:""}.fa-windows:before{content:""}.fa-android:before{content:""}.fa-linux:before{content:""}.fa-dribbble:before{content:""}.fa-skype:before{content:""}.fa-foursquare:before{content:""}.fa-trello:before{content:""}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:""}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:""}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:""}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:""}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:""}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:""}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:""}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:""}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:""}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:""}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:""}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:""}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:""}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:""}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:""}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:""}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:""}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:""}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:""}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:""}.fa-id-badge:before{content:""}.fa-drivers-license:before,.fa-id-card:before{content:""}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:""}.fa-free-code-camp:before{content:""}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:""}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:""}.fa-podcast:before{content:""}.fa-window-maximize:before{content:""}.fa-window-minimize:before{content:""}.fa-window-restore:before{content:""}.fa-times-rectangle:before,.fa-window-close:before{content:""}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:""}.fa-bandcamp:before{content:""}.fa-grav:before{content:""}.fa-etsy:before{content:""}.fa-imdb:before{content:""}.fa-ravelry:before{content:""}.fa-eercast:before{content:""}.fa-microchip:before{content:""}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:""}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:""}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs>li{display:inline-block;padding-top:5px}.wy-breadcrumbs>li.wy-breadcrumbs-aside{float:right}.rst-content .wy-breadcrumbs>li code,.rst-content .wy-breadcrumbs>li tt,.wy-breadcrumbs>li .rst-content tt,.wy-breadcrumbs>li code{all:inherit;color:inherit}.breadcrumb-item:before{content:"/";color:#bbb;font-size:13px;padding:0 6px 0 3px}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search .wy-dropdown>aactive,.wy-side-nav-search .wy-dropdown>afocus,.wy-side-nav-search>a:hover,.wy-side-nav-search>aactive,.wy-side-nav-search>afocus{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon,.wy-side-nav-search>a.icon{display:block}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.switch-menus{position:relative;display:block;margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-side-nav-search>div.switch-menus>div.language-switch,.wy-side-nav-search>div.switch-menus>div.version-switch{display:inline-block;padding:.2em}.wy-side-nav-search>div.switch-menus>div.language-switch select,.wy-side-nav-search>div.switch-menus>div.version-switch select{display:inline-block;margin-right:-2rem;padding-right:2rem;max-width:240px;text-align-last:center;background:none;border:none;border-radius:0;box-shadow:none;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-size:1em;font-weight:400;color:hsla(0,0%,100%,.3);cursor:pointer;appearance:none;-webkit-appearance:none;-moz-appearance:none}.wy-side-nav-search>div.switch-menus>div.language-switch select:active,.wy-side-nav-search>div.switch-menus>div.language-switch select:focus,.wy-side-nav-search>div.switch-menus>div.language-switch select:hover,.wy-side-nav-search>div.switch-menus>div.version-switch select:active,.wy-side-nav-search>div.switch-menus>div.version-switch select:focus,.wy-side-nav-search>div.switch-menus>div.version-switch select:hover{background:hsla(0,0%,100%,.1);color:hsla(0,0%,100%,.5)}.wy-side-nav-search>div.switch-menus>div.language-switch:has(>select):after,.wy-side-nav-search>div.switch-menus>div.version-switch:has(>select):after{display:inline-block;width:1.5em;height:100%;padding:.1em;content:"\f0d7";font-size:1em;line-height:1.2em;font-family:FontAwesome;text-align:center;pointer-events:none;box-sizing:border-box}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions .rst-other-versions .rtd-current-item{font-weight:700}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}#flyout-search-form{padding:6px}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content p a{overflow-wrap:anywhere}.rst-content .wy-table td p,.rst-content .wy-table td ul,.rst-content .wy-table th p,.rst-content .wy-table th ul,.rst-content table.docutils td p,.rst-content table.docutils td ul,.rst-content table.docutils th p,.rst-content table.docutils th ul,.rst-content table.field-list td p,.rst-content table.field-list td ul,.rst-content table.field-list th p,.rst-content table.field-list th ul{font-size:inherit}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .citation-reference>span.fn-bracket,.rst-content .footnote-reference>span.fn-bracket{display:none}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:auto minmax(80%,95%)}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{display:inline-grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{display:grid;grid-template-columns:auto auto minmax(.65rem,auto) minmax(40%,95%)}html.writer-html5 .rst-content aside.citation>span.label,html.writer-html5 .rst-content aside.footnote>span.label,html.writer-html5 .rst-content div.citation>span.label{grid-column-start:1;grid-column-end:2}html.writer-html5 .rst-content aside.citation>span.backrefs,html.writer-html5 .rst-content aside.footnote>span.backrefs,html.writer-html5 .rst-content div.citation>span.backrefs{grid-column-start:2;grid-column-end:3;grid-row-start:1;grid-row-end:3}html.writer-html5 .rst-content aside.citation>p,html.writer-html5 .rst-content aside.footnote>p,html.writer-html5 .rst-content div.citation>p{grid-column-start:4;grid-column-end:5}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{margin-bottom:24px}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.citation>dt>span.brackets:before,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.citation>dt>span.brackets:after,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a{word-break:keep-all}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a:not(:first-child):before,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.citation>dd p,html.writer-html5 .rst-content dl.footnote>dd p{font-size:.9rem}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{padding-left:1rem;padding-right:1rem;font-size:.9rem;line-height:1.2rem}html.writer-html5 .rst-content aside.citation p,html.writer-html5 .rst-content aside.footnote p,html.writer-html5 .rst-content div.citation p{font-size:.9rem;line-height:1.2rem;margin-bottom:12px}html.writer-html5 .rst-content aside.citation span.backrefs,html.writer-html5 .rst-content aside.footnote span.backrefs,html.writer-html5 .rst-content div.citation span.backrefs{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content aside.citation span.backrefs>a,html.writer-html5 .rst-content aside.footnote span.backrefs>a,html.writer-html5 .rst-content div.citation span.backrefs>a{word-break:keep-all}html.writer-html5 .rst-content aside.citation span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content aside.footnote span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content div.citation span.backrefs>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content aside.citation span.label,html.writer-html5 .rst-content aside.footnote span.label,html.writer-html5 .rst-content div.citation span.label{line-height:1.2rem}html.writer-html5 .rst-content aside.citation-list,html.writer-html5 .rst-content aside.footnote-list,html.writer-html5 .rst-content div.citation-list{margin-bottom:24px}html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content aside.footnote-list aside.footnote,html.writer-html5 .rst-content div.citation-list>div.citation,html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content aside.footnote-list aside.footnote code,html.writer-html5 .rst-content aside.footnote-list aside.footnote tt,html.writer-html5 .rst-content aside.footnote code,html.writer-html5 .rst-content aside.footnote tt,html.writer-html5 .rst-content div.citation-list>div.citation code,html.writer-html5 .rst-content div.citation-list>div.citation tt,html.writer-html5 .rst-content dl.citation code,html.writer-html5 .rst-content dl.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040;overflow-wrap:normal}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}.rst-content dl dd>ol:last-child,.rst-content dl dd>p:last-child,.rst-content dl dd>table:last-child,.rst-content dl dd>ul:last-child{margin-bottom:0}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel,.rst-content .menuselection{font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content .guilabel,.rst-content .menuselection{border:1px solid #7fbbe3;background:#e7f2fa}.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>.kbd,.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>kbd{color:inherit;font-size:80%;background-color:#fff;border:1px solid #a6a6a6;border-radius:4px;box-shadow:0 2px grey;padding:2.4px 6px;margin:auto 0}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block}
\ No newline at end of file
diff --git a/stable/_static/doctools.js b/stable/_static/doctools.js
new file mode 100644
index 00000000..4d67807d
--- /dev/null
+++ b/stable/_static/doctools.js
@@ -0,0 +1,156 @@
+/*
+ * doctools.js
+ * ~~~~~~~~~~~
+ *
+ * Base JavaScript utilities for all Sphinx HTML documentation.
+ *
+ * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+"use strict";
+
+const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([
+  "TEXTAREA",
+  "INPUT",
+  "SELECT",
+  "BUTTON",
+]);
+
+const _ready = (callback) => {
+  if (document.readyState !== "loading") {
+    callback();
+  } else {
+    document.addEventListener("DOMContentLoaded", callback);
+  }
+};
+
+/**
+ * Small JavaScript module for the documentation.
+ */
+const Documentation = {
+  init: () => {
+    Documentation.initDomainIndexTable();
+    Documentation.initOnKeyListeners();
+  },
+
+  /**
+   * i18n support
+   */
+  TRANSLATIONS: {},
+  PLURAL_EXPR: (n) => (n === 1 ? 0 : 1),
+  LOCALE: "unknown",
+
+  // gettext and ngettext don't access this so that the functions
+  // can safely bound to a different name (_ = Documentation.gettext)
+  gettext: (string) => {
+    const translated = Documentation.TRANSLATIONS[string];
+    switch (typeof translated) {
+      case "undefined":
+        return string; // no translation
+      case "string":
+        return translated; // translation exists
+      default:
+        return translated[0]; // (singular, plural) translation tuple exists
+    }
+  },
+
+  ngettext: (singular, plural, n) => {
+    const translated = Documentation.TRANSLATIONS[singular];
+    if (typeof translated !== "undefined")
+      return translated[Documentation.PLURAL_EXPR(n)];
+    return n === 1 ? singular : plural;
+  },
+
+  addTranslations: (catalog) => {
+    Object.assign(Documentation.TRANSLATIONS, catalog.messages);
+    Documentation.PLURAL_EXPR = new Function(
+      "n",
+      `return (${catalog.plural_expr})`
+    );
+    Documentation.LOCALE = catalog.locale;
+  },
+
+  /**
+   * helper function to focus on search bar
+   */
+  focusSearchBar: () => {
+    document.querySelectorAll("input[name=q]")[0]?.focus();
+  },
+
+  /**
+   * Initialise the domain index toggle buttons
+   */
+  initDomainIndexTable: () => {
+    const toggler = (el) => {
+      const idNumber = el.id.substr(7);
+      const toggledRows = document.querySelectorAll(`tr.cg-${idNumber}`);
+      if (el.src.substr(-9) === "minus.png") {
+        el.src = `${el.src.substr(0, el.src.length - 9)}plus.png`;
+        toggledRows.forEach((el) => (el.style.display = "none"));
+      } else {
+        el.src = `${el.src.substr(0, el.src.length - 8)}minus.png`;
+        toggledRows.forEach((el) => (el.style.display = ""));
+      }
+    };
+
+    const togglerElements = document.querySelectorAll("img.toggler");
+    togglerElements.forEach((el) =>
+      el.addEventListener("click", (event) => toggler(event.currentTarget))
+    );
+    togglerElements.forEach((el) => (el.style.display = ""));
+    if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) togglerElements.forEach(toggler);
+  },
+
+  initOnKeyListeners: () => {
+    // only install a listener if it is really needed
+    if (
+      !DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS &&
+      !DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS
+    )
+      return;
+
+    document.addEventListener("keydown", (event) => {
+      // bail for input elements
+      if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return;
+      // bail with special keys
+      if (event.altKey || event.ctrlKey || event.metaKey) return;
+
+      if (!event.shiftKey) {
+        switch (event.key) {
+          case "ArrowLeft":
+            if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break;
+
+            const prevLink = document.querySelector('link[rel="prev"]');
+            if (prevLink && prevLink.href) {
+              window.location.href = prevLink.href;
+              event.preventDefault();
+            }
+            break;
+          case "ArrowRight":
+            if (!DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) break;
+
+            const nextLink = document.querySelector('link[rel="next"]');
+            if (nextLink && nextLink.href) {
+              window.location.href = nextLink.href;
+              event.preventDefault();
+            }
+            break;
+        }
+      }
+
+      // some keyboard layouts may need Shift to get /
+      switch (event.key) {
+        case "/":
+          if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) break;
+          Documentation.focusSearchBar();
+          event.preventDefault();
+      }
+    });
+  },
+};
+
+// quick alias for translations
+const _ = Documentation.gettext;
+
+_ready(Documentation.init);
diff --git a/stable/_static/documentation_options.js b/stable/_static/documentation_options.js
new file mode 100644
index 00000000..54a489bd
--- /dev/null
+++ b/stable/_static/documentation_options.js
@@ -0,0 +1,13 @@
+const DOCUMENTATION_OPTIONS = {
+    VERSION: '1.9.0',
+    LANGUAGE: 'en',
+    COLLAPSE_INDEX: false,
+    BUILDER: 'html',
+    FILE_SUFFIX: '.html',
+    LINK_SUFFIX: '.html',
+    HAS_SOURCE: true,
+    SOURCELINK_SUFFIX: '.txt',
+    NAVIGATION_WITH_KEYS: false,
+    SHOW_SEARCH_SUMMARY: true,
+    ENABLE_SEARCH_SHORTCUTS: true,
+};
\ No newline at end of file
diff --git a/stable/_static/file.png b/stable/_static/file.png
new file mode 100644
index 00000000..a858a410
Binary files /dev/null and b/stable/_static/file.png differ
diff --git a/stable/_static/fonts/Lato/lato-bold.eot b/stable/_static/fonts/Lato/lato-bold.eot
new file mode 100644
index 00000000..3361183a
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bold.eot differ
diff --git a/stable/_static/fonts/Lato/lato-bold.ttf b/stable/_static/fonts/Lato/lato-bold.ttf
new file mode 100644
index 00000000..29f691d5
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bold.ttf differ
diff --git a/stable/_static/fonts/Lato/lato-bold.woff b/stable/_static/fonts/Lato/lato-bold.woff
new file mode 100644
index 00000000..c6dff51f
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bold.woff differ
diff --git a/stable/_static/fonts/Lato/lato-bold.woff2 b/stable/_static/fonts/Lato/lato-bold.woff2
new file mode 100644
index 00000000..bb195043
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bold.woff2 differ
diff --git a/stable/_static/fonts/Lato/lato-bolditalic.eot b/stable/_static/fonts/Lato/lato-bolditalic.eot
new file mode 100644
index 00000000..3d415493
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bolditalic.eot differ
diff --git a/stable/_static/fonts/Lato/lato-bolditalic.ttf b/stable/_static/fonts/Lato/lato-bolditalic.ttf
new file mode 100644
index 00000000..f402040b
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bolditalic.ttf differ
diff --git a/stable/_static/fonts/Lato/lato-bolditalic.woff b/stable/_static/fonts/Lato/lato-bolditalic.woff
new file mode 100644
index 00000000..88ad05b9
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bolditalic.woff differ
diff --git a/stable/_static/fonts/Lato/lato-bolditalic.woff2 b/stable/_static/fonts/Lato/lato-bolditalic.woff2
new file mode 100644
index 00000000..c4e3d804
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-bolditalic.woff2 differ
diff --git a/stable/_static/fonts/Lato/lato-italic.eot b/stable/_static/fonts/Lato/lato-italic.eot
new file mode 100644
index 00000000..3f826421
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-italic.eot differ
diff --git a/stable/_static/fonts/Lato/lato-italic.ttf b/stable/_static/fonts/Lato/lato-italic.ttf
new file mode 100644
index 00000000..b4bfc9b2
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-italic.ttf differ
diff --git a/stable/_static/fonts/Lato/lato-italic.woff b/stable/_static/fonts/Lato/lato-italic.woff
new file mode 100644
index 00000000..76114bc0
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-italic.woff differ
diff --git a/stable/_static/fonts/Lato/lato-italic.woff2 b/stable/_static/fonts/Lato/lato-italic.woff2
new file mode 100644
index 00000000..3404f37e
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-italic.woff2 differ
diff --git a/stable/_static/fonts/Lato/lato-regular.eot b/stable/_static/fonts/Lato/lato-regular.eot
new file mode 100644
index 00000000..11e3f2a5
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-regular.eot differ
diff --git a/stable/_static/fonts/Lato/lato-regular.ttf b/stable/_static/fonts/Lato/lato-regular.ttf
new file mode 100644
index 00000000..74decd9e
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-regular.ttf differ
diff --git a/stable/_static/fonts/Lato/lato-regular.woff b/stable/_static/fonts/Lato/lato-regular.woff
new file mode 100644
index 00000000..ae1307ff
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-regular.woff differ
diff --git a/stable/_static/fonts/Lato/lato-regular.woff2 b/stable/_static/fonts/Lato/lato-regular.woff2
new file mode 100644
index 00000000..3bf98433
Binary files /dev/null and b/stable/_static/fonts/Lato/lato-regular.woff2 differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot
new file mode 100644
index 00000000..79dc8efe
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf
new file mode 100644
index 00000000..df5d1df2
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff
new file mode 100644
index 00000000..6cb60000
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2
new file mode 100644
index 00000000..7059e231
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot
new file mode 100644
index 00000000..2f7ca78a
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf
new file mode 100644
index 00000000..eb52a790
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff
new file mode 100644
index 00000000..f815f63f
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff differ
diff --git a/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2
new file mode 100644
index 00000000..f2c76e5b
Binary files /dev/null and b/stable/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 differ
diff --git a/stable/_static/graphviz.css b/stable/_static/graphviz.css
new file mode 100644
index 00000000..027576e3
--- /dev/null
+++ b/stable/_static/graphviz.css
@@ -0,0 +1,19 @@
+/*
+ * graphviz.css
+ * ~~~~~~~~~~~~
+ *
+ * Sphinx stylesheet -- graphviz extension.
+ *
+ * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+img.graphviz {
+    border: 0;
+    max-width: 100%;
+}
+
+object.graphviz {
+    max-width: 100%;
+}
diff --git a/stable/_static/jquery.js b/stable/_static/jquery.js
new file mode 100644
index 00000000..c4c6022f
--- /dev/null
+++ b/stable/_static/jquery.js
@@ -0,0 +1,2 @@
+/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
+!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="
",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0
"),n("table.docutils.footnote").wrap("
"),n("table.docutils.citation").wrap("
"),n(".wy-menu-vertical ul").not(".simple").siblings("a").each((function(){var t=n(this);expand=n(''),expand.on("click",(function(n){return e.toggleCurrent(t),n.stopPropagation(),!1})),t.prepend(expand)}))},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),t=e.find('[href="'+n+'"]');if(0===t.length){var i=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(t=e.find('[href="#'+i.attr("id")+'"]')).length&&(t=e.find('[href="#"]'))}if(t.length>0){$(".wy-menu-vertical .current").removeClass("current").attr("aria-expanded","false"),t.addClass("current").attr("aria-expanded","true"),t.closest("li.toctree-l1").parent().addClass("current").attr("aria-expanded","true");for(let n=1;n<=10;n++)t.closest("li.toctree-l"+n).addClass("current").attr("aria-expanded","true");t[0].scrollIntoView()}}catch(n){console.log("Error expanding nav for anchor",n)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,t=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(t),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",(function(){this.linkScroll=!1}))},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current").attr("aria-expanded","false"),e.siblings().find("li.current").removeClass("current").attr("aria-expanded","false");var t=e.find("> ul li");t.length&&(t.removeClass("current").attr("aria-expanded","false"),e.toggleClass("current").attr("aria-expanded",(function(n,e){return"true"==e?"false":"true"})))}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:n.exports.ThemeNav,StickyNav:n.exports.ThemeNav}),function(){for(var n=0,e=["ms","moz","webkit","o"],t=0;t
+        
Languages

+        ${config.projects.translations
+          .map(
+            (translation) => `
+        

+          ${translation.language.code}
+        

+        `,
+          )
+          .join("\n")}
+      
+    `;
+    return languagesHTML;
+  }
+
+  function renderVersions(config) {
+    if (!config.versions.active.length) {
+      return "";
+    }
+    const versionsHTML = `
+      

+        
Versions

+        ${config.versions.active
+          .map(
+            (version) => `
+        

+          ${version.slug}
+        

+        `,
+          )
+          .join("\n")}
+      

+    `;
+    return versionsHTML;
+  }
+
+  function renderDownloads(config) {
+    if (!Object.keys(config.versions.current.downloads).length) {
+      return "";
+    }
+    const downloadsNameDisplay = {
+      pdf: "PDF",
+      epub: "Epub",
+      htmlzip: "HTML",
+    };
+
+    const downloadsHTML = `
+      

+        
Downloads

+        ${Object.entries(config.versions.current.downloads)
+          .map(
+            ([name, url]) => `
+          

+            ${downloadsNameDisplay[name]}
+          

+        `,
+          )
+          .join("\n")}
+      

+    `;
+    return downloadsHTML;
+  }
+
+  document.addEventListener("readthedocs-addons-data-ready", function (event) {
+    const config = event.detail.data();
+
+    const flyout = `
+      

+        
+           Read the Docs
+          v: ${config.versions.current.slug}
+          
+        
+        

+          

+            ${renderLanguages(config)}
+            ${renderVersions(config)}
+            ${renderDownloads(config)}
+            

+              
On Read the Docs

+              

+                Project Home
+              

+              

+                Builds
+              

+              

+                Downloads
+              

+            

+            

+              
Search

+              

+                

+                  
+                

+              

+            

+            

+            
+              Hosted by Read the Docs
+            
+          

+        

+    `;
+
+    // Inject the generated flyout into the body HTML element.
+    document.body.insertAdjacentHTML("beforeend", flyout);
+
+    // Trigger the Read the Docs Addons Search modal when clicking on the "Search docs" input from inside the flyout.
+    document
+      .querySelector("#flyout-search-form")
+      .addEventListener("focusin", () => {
+        const event = new CustomEvent("readthedocs-search-show");
+        document.dispatchEvent(event);
+      });
+  })
+}
+
+if (themeLanguageSelector || themeVersionSelector) {
+  function onSelectorSwitch(event) {
+    const option = event.target.selectedIndex;
+    const item = event.target.options[option];
+    window.location.href = item.dataset.url;
+  }
+
+  document.addEventListener("readthedocs-addons-data-ready", function (event) {
+    const config = event.detail.data();
+
+    const versionSwitch = document.querySelector(
+      "div.switch-menus > div.version-switch",
+    );
+    if (themeVersionSelector) {
+      let versions = config.versions.active;
+      if (config.versions.current.hidden || config.versions.current.type === "external") {
+        versions.unshift(config.versions.current);
+      }
+      const versionSelect = `
+    
+  `;
+
+      versionSwitch.innerHTML = versionSelect;
+      versionSwitch.firstElementChild.addEventListener("change", onSelectorSwitch);
+    }
+
+    const languageSwitch = document.querySelector(
+      "div.switch-menus > div.language-switch",
+    );
+
+    if (themeLanguageSelector) {
+      if (config.projects.translations.length) {
+        // Add the current language to the options on the selector
+        let languages = config.projects.translations.concat(
+          config.projects.current,
+        );
+        languages = languages.sort((a, b) =>
+          a.language.name.localeCompare(b.language.name),
+        );
+
+        const languageSelect = `
+      
+    `;
+
+        languageSwitch.innerHTML = languageSelect;
+        languageSwitch.firstElementChild.addEventListener("change", onSelectorSwitch);
+      }
+      else {
+        languageSwitch.remove();
+      }
+    }
+  });
+}
+
+document.addEventListener("readthedocs-addons-data-ready", function (event) {
+  // Trigger the Read the Docs Addons Search modal when clicking on "Search docs" input from the topnav.
+  document
+    .querySelector("[role='search'] input")
+    .addEventListener("focusin", () => {
+      const event = new CustomEvent("readthedocs-search-show");
+      document.dispatchEvent(event);
+    });
+});
\ No newline at end of file
diff --git a/stable/_static/language_data.js b/stable/_static/language_data.js
new file mode 100644
index 00000000..367b8ed8
--- /dev/null
+++ b/stable/_static/language_data.js
@@ -0,0 +1,199 @@
+/*
+ * language_data.js
+ * ~~~~~~~~~~~~~~~~
+ *
+ * This script contains the language-specific data used by searchtools.js,
+ * namely the list of stopwords, stemmer, scorer and splitter.
+ *
+ * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+
+var stopwords = ["a", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "near", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with"];
+
+
+/* Non-minified version is copied as a separate JS file, if available */
+
+/**
+ * Porter Stemmer
+ */
+var Stemmer = function() {
+
+  var step2list = {
+    ational: 'ate',
+    tional: 'tion',
+    enci: 'ence',
+    anci: 'ance',
+    izer: 'ize',
+    bli: 'ble',
+    alli: 'al',
+    entli: 'ent',
+    eli: 'e',
+    ousli: 'ous',
+    ization: 'ize',
+    ation: 'ate',
+    ator: 'ate',
+    alism: 'al',
+    iveness: 'ive',
+    fulness: 'ful',
+    ousness: 'ous',
+    aliti: 'al',
+    iviti: 'ive',
+    biliti: 'ble',
+    logi: 'log'
+  };
+
+  var step3list = {
+    icate: 'ic',
+    ative: '',
+    alize: 'al',
+    iciti: 'ic',
+    ical: 'ic',
+    ful: '',
+    ness: ''
+  };
+
+  var c = "[^aeiou]";          // consonant
+  var v = "[aeiouy]";          // vowel
+  var C = c + "[^aeiouy]*";    // consonant sequence
+  var V = v + "[aeiou]*";      // vowel sequence
+
+  var mgr0 = "^(" + C + ")?" + V + C;                      // [C]VC... is m>0
+  var meq1 = "^(" + C + ")?" + V + C + "(" + V + ")?$";    // [C]VC[V] is m=1
+  var mgr1 = "^(" + C + ")?" + V + C + V + C;              // [C]VCVC... is m>1
+  var s_v   = "^(" + C + ")?" + v;                         // vowel in stem
+
+  this.stemWord = function (w) {
+    var stem;
+    var suffix;
+    var firstch;
+    var origword = w;
+
+    if (w.length < 3)
+      return w;
+
+    var re;
+    var re2;
+    var re3;
+    var re4;
+
+    firstch = w.substr(0,1);
+    if (firstch == "y")
+      w = firstch.toUpperCase() + w.substr(1);
+
+    // Step 1a
+    re = /^(.+?)(ss|i)es$/;
+    re2 = /^(.+?)([^s])s$/;
+
+    if (re.test(w))
+      w = w.replace(re,"$1$2");
+    else if (re2.test(w))
+      w = w.replace(re2,"$1$2");
+
+    // Step 1b
+    re = /^(.+?)eed$/;
+    re2 = /^(.+?)(ed|ing)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      re = new RegExp(mgr0);
+      if (re.test(fp[1])) {
+        re = /.$/;
+        w = w.replace(re,"");
+      }
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1];
+      re2 = new RegExp(s_v);
+      if (re2.test(stem)) {
+        w = stem;
+        re2 = /(at|bl|iz)$/;
+        re3 = new RegExp("([^aeiouylsz])\\1$");
+        re4 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+        if (re2.test(w))
+          w = w + "e";
+        else if (re3.test(w)) {
+          re = /.$/;
+          w = w.replace(re,"");
+        }
+        else if (re4.test(w))
+          w = w + "e";
+      }
+    }
+
+    // Step 1c
+    re = /^(.+?)y$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(s_v);
+      if (re.test(stem))
+        w = stem + "i";
+    }
+
+    // Step 2
+    re = /^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step2list[suffix];
+    }
+
+    // Step 3
+    re = /^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      suffix = fp[2];
+      re = new RegExp(mgr0);
+      if (re.test(stem))
+        w = stem + step3list[suffix];
+    }
+
+    // Step 4
+    re = /^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/;
+    re2 = /^(.+?)(s|t)(ion)$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      if (re.test(stem))
+        w = stem;
+    }
+    else if (re2.test(w)) {
+      var fp = re2.exec(w);
+      stem = fp[1] + fp[2];
+      re2 = new RegExp(mgr1);
+      if (re2.test(stem))
+        w = stem;
+    }
+
+    // Step 5
+    re = /^(.+?)e$/;
+    if (re.test(w)) {
+      var fp = re.exec(w);
+      stem = fp[1];
+      re = new RegExp(mgr1);
+      re2 = new RegExp(meq1);
+      re3 = new RegExp("^" + C + v + "[^aeiouwxy]$");
+      if (re.test(stem) || (re2.test(stem) && !(re3.test(stem))))
+        w = stem;
+    }
+    re = /ll$/;
+    re2 = new RegExp(mgr1);
+    if (re.test(w) && re2.test(w)) {
+      re = /.$/;
+      w = w.replace(re,"");
+    }
+
+    // and turn initial Y back to y
+    if (firstch == "y")
+      w = firstch.toLowerCase() + w.substr(1);
+    return w;
+  }
+}
+
diff --git a/stable/_static/minus.png b/stable/_static/minus.png
new file mode 100644
index 00000000..d96755fd
Binary files /dev/null and b/stable/_static/minus.png differ
diff --git a/stable/_static/plus.png b/stable/_static/plus.png
new file mode 100644
index 00000000..7107cec9
Binary files /dev/null and b/stable/_static/plus.png differ
diff --git a/stable/_static/pygments.css b/stable/_static/pygments.css
new file mode 100644
index 00000000..0d49244e
--- /dev/null
+++ b/stable/_static/pygments.css
@@ -0,0 +1,75 @@
+pre { line-height: 125%; }
+td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+.highlight .hll { background-color: #ffffcc }
+.highlight { background: #eeffcc; }
+.highlight .c { color: #408090; font-style: italic } /* Comment */
+.highlight .err { border: 1px solid #FF0000 } /* Error */
+.highlight .k { color: #007020; font-weight: bold } /* Keyword */
+.highlight .o { color: #666666 } /* Operator */
+.highlight .ch { color: #408090; font-style: italic } /* Comment.Hashbang */
+.highlight .cm { color: #408090; font-style: italic } /* Comment.Multiline */
+.highlight .cp { color: #007020 } /* Comment.Preproc */
+.highlight .cpf { color: #408090; font-style: italic } /* Comment.PreprocFile */
+.highlight .c1 { color: #408090; font-style: italic } /* Comment.Single */
+.highlight .cs { color: #408090; background-color: #fff0f0 } /* Comment.Special */
+.highlight .gd { color: #A00000 } /* Generic.Deleted */
+.highlight .ge { font-style: italic } /* Generic.Emph */
+.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
+.highlight .gr { color: #FF0000 } /* Generic.Error */
+.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
+.highlight .gi { color: #00A000 } /* Generic.Inserted */
+.highlight .go { color: #333333 } /* Generic.Output */
+.highlight .gp { color: #c65d09; font-weight: bold } /* Generic.Prompt */
+.highlight .gs { font-weight: bold } /* Generic.Strong */
+.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
+.highlight .gt { color: #0044DD } /* Generic.Traceback */
+.highlight .kc { color: #007020; font-weight: bold } /* Keyword.Constant */
+.highlight .kd { color: #007020; font-weight: bold } /* Keyword.Declaration */
+.highlight .kn { color: #007020; font-weight: bold } /* Keyword.Namespace */
+.highlight .kp { color: #007020 } /* Keyword.Pseudo */
+.highlight .kr { color: #007020; font-weight: bold } /* Keyword.Reserved */
+.highlight .kt { color: #902000 } /* Keyword.Type */
+.highlight .m { color: #208050 } /* Literal.Number */
+.highlight .s { color: #4070a0 } /* Literal.String */
+.highlight .na { color: #4070a0 } /* Name.Attribute */
+.highlight .nb { color: #007020 } /* Name.Builtin */
+.highlight .nc { color: #0e84b5; font-weight: bold } /* Name.Class */
+.highlight .no { color: #60add5 } /* Name.Constant */
+.highlight .nd { color: #555555; font-weight: bold } /* Name.Decorator */
+.highlight .ni { color: #d55537; font-weight: bold } /* Name.Entity */
+.highlight .ne { color: #007020 } /* Name.Exception */
+.highlight .nf { color: #06287e } /* Name.Function */
+.highlight .nl { color: #002070; font-weight: bold } /* Name.Label */
+.highlight .nn { color: #0e84b5; font-weight: bold } /* Name.Namespace */
+.highlight .nt { color: #062873; font-weight: bold } /* Name.Tag */
+.highlight .nv { color: #bb60d5 } /* Name.Variable */
+.highlight .ow { color: #007020; font-weight: bold } /* Operator.Word */
+.highlight .w { color: #bbbbbb } /* Text.Whitespace */
+.highlight .mb { color: #208050 } /* Literal.Number.Bin */
+.highlight .mf { color: #208050 } /* Literal.Number.Float */
+.highlight .mh { color: #208050 } /* Literal.Number.Hex */
+.highlight .mi { color: #208050 } /* Literal.Number.Integer */
+.highlight .mo { color: #208050 } /* Literal.Number.Oct */
+.highlight .sa { color: #4070a0 } /* Literal.String.Affix */
+.highlight .sb { color: #4070a0 } /* Literal.String.Backtick */
+.highlight .sc { color: #4070a0 } /* Literal.String.Char */
+.highlight .dl { color: #4070a0 } /* Literal.String.Delimiter */
+.highlight .sd { color: #4070a0; font-style: italic } /* Literal.String.Doc */
+.highlight .s2 { color: #4070a0 } /* Literal.String.Double */
+.highlight .se { color: #4070a0; font-weight: bold } /* Literal.String.Escape */
+.highlight .sh { color: #4070a0 } /* Literal.String.Heredoc */
+.highlight .si { color: #70a0d0; font-style: italic } /* Literal.String.Interpol */
+.highlight .sx { color: #c65d09 } /* Literal.String.Other */
+.highlight .sr { color: #235388 } /* Literal.String.Regex */
+.highlight .s1 { color: #4070a0 } /* Literal.String.Single */
+.highlight .ss { color: #517918 } /* Literal.String.Symbol */
+.highlight .bp { color: #007020 } /* Name.Builtin.Pseudo */
+.highlight .fm { color: #06287e } /* Name.Function.Magic */
+.highlight .vc { color: #bb60d5 } /* Name.Variable.Class */
+.highlight .vg { color: #bb60d5 } /* Name.Variable.Global */
+.highlight .vi { color: #bb60d5 } /* Name.Variable.Instance */
+.highlight .vm { color: #bb60d5 } /* Name.Variable.Magic */
+.highlight .il { color: #208050 } /* Literal.Number.Integer.Long */
\ No newline at end of file
diff --git a/stable/_static/searchtools.js b/stable/_static/searchtools.js
new file mode 100644
index 00000000..b08d58c9
--- /dev/null
+++ b/stable/_static/searchtools.js
@@ -0,0 +1,620 @@
+/*
+ * searchtools.js
+ * ~~~~~~~~~~~~~~~~
+ *
+ * Sphinx JavaScript utilities for the full-text search.
+ *
+ * :copyright: Copyright 2007-2024 by the Sphinx team, see AUTHORS.
+ * :license: BSD, see LICENSE for details.
+ *
+ */
+"use strict";
+
+/**
+ * Simple result scoring code.
+ */
+if (typeof Scorer === "undefined") {
+  var Scorer = {
+    // Implement the following function to further tweak the score for each result
+    // The function takes a result array [docname, title, anchor, descr, score, filename]
+    // and returns the new score.
+    /*
+    score: result => {
+      const [docname, title, anchor, descr, score, filename] = result
+      return score
+    },
+    */
+
+    // query matches the full name of an object
+    objNameMatch: 11,
+    // or matches in the last dotted part of the object name
+    objPartialMatch: 6,
+    // Additive scores depending on the priority of the object
+    objPrio: {
+      0: 15, // used to be importantResults
+      1: 5, // used to be objectResults
+      2: -5, // used to be unimportantResults
+    },
+    //  Used when the priority is not in the mapping.
+    objPrioDefault: 0,
+
+    // query found in title
+    title: 15,
+    partialTitle: 7,
+    // query found in terms
+    term: 5,
+    partialTerm: 2,
+  };
+}
+
+const _removeChildren = (element) => {
+  while (element && element.lastChild) element.removeChild(element.lastChild);
+};
+
+/**
+ * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#escaping
+ */
+const _escapeRegExp = (string) =>
+  string.replace(/[.*+\-?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string
+
+const _displayItem = (item, searchTerms, highlightTerms) => {
+  const docBuilder = DOCUMENTATION_OPTIONS.BUILDER;
+  const docFileSuffix = DOCUMENTATION_OPTIONS.FILE_SUFFIX;
+  const docLinkSuffix = DOCUMENTATION_OPTIONS.LINK_SUFFIX;
+  const showSearchSummary = DOCUMENTATION_OPTIONS.SHOW_SEARCH_SUMMARY;
+  const contentRoot = document.documentElement.dataset.content_root;
+
+  const [docName, title, anchor, descr, score, _filename] = item;
+
+  let listItem = document.createElement("li");
+  let requestUrl;
+  let linkUrl;
+  if (docBuilder === "dirhtml") {
+    // dirhtml builder
+    let dirname = docName + "/";
+    if (dirname.match(/\/index\/$/))
+      dirname = dirname.substring(0, dirname.length - 6);
+    else if (dirname === "index/") dirname = "";
+    requestUrl = contentRoot + dirname;
+    linkUrl = requestUrl;
+  } else {
+    // normal html builders
+    requestUrl = contentRoot + docName + docFileSuffix;
+    linkUrl = docName + docLinkSuffix;
+  }
+  let linkEl = listItem.appendChild(document.createElement("a"));
+  linkEl.href = linkUrl + anchor;
+  linkEl.dataset.score = score;
+  linkEl.innerHTML = title;
+  if (descr) {
+    listItem.appendChild(document.createElement("span")).innerHTML =
+      " (" + descr + ")";
+    // highlight search terms in the description
+    if (SPHINX_HIGHLIGHT_ENABLED)  // set in sphinx_highlight.js
+      highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted"));
+  }
+  else if (showSearchSummary)
+    fetch(requestUrl)
+      .then((responseData) => responseData.text())
+      .then((data) => {
+        if (data)
+          listItem.appendChild(
+            Search.makeSearchSummary(data, searchTerms, anchor)
+          );
+        // highlight search terms in the summary
+        if (SPHINX_HIGHLIGHT_ENABLED)  // set in sphinx_highlight.js
+          highlightTerms.forEach((term) => _highlightText(listItem, term, "highlighted"));
+      });
+  Search.output.appendChild(listItem);
+};
+const _finishSearch = (resultCount) => {
+  Search.stopPulse();
+  Search.title.innerText = _("Search Results");
+  if (!resultCount)
+    Search.status.innerText = Documentation.gettext(
+      "Your search did not match any documents. Please make sure that all words are spelled correctly and that you've selected enough categories."
+    );
+  else
+    Search.status.innerText = _(
+      "Search finished, found ${resultCount} page(s) matching the search query."
+    ).replace('${resultCount}', resultCount);
+};
+const _displayNextItem = (
+  results,
+  resultCount,
+  searchTerms,
+  highlightTerms,
+) => {
+  // results left, load the summary and display it
+  // this is intended to be dynamic (don't sub resultsCount)
+  if (results.length) {
+    _displayItem(results.pop(), searchTerms, highlightTerms);
+    setTimeout(
+      () => _displayNextItem(results, resultCount, searchTerms, highlightTerms),
+      5
+    );
+  }
+  // search finished, update title and status message
+  else _finishSearch(resultCount);
+};
+// Helper function used by query() to order search results.
+// Each input is an array of [docname, title, anchor, descr, score, filename].
+// Order the results by score (in opposite order of appearance, since the
+// `_displayNextItem` function uses pop() to retrieve items) and then alphabetically.
+const _orderResultsByScoreThenName = (a, b) => {
+  const leftScore = a[4];
+  const rightScore = b[4];
+  if (leftScore === rightScore) {
+    // same score: sort alphabetically
+    const leftTitle = a[1].toLowerCase();
+    const rightTitle = b[1].toLowerCase();
+    if (leftTitle === rightTitle) return 0;
+    return leftTitle > rightTitle ? -1 : 1; // inverted is intentional
+  }
+  return leftScore > rightScore ? 1 : -1;
+};
+
+/**
+ * Default splitQuery function. Can be overridden in ``sphinx.search`` with a
+ * custom function per language.
+ *
+ * The regular expression works by splitting the string on consecutive characters
+ * that are not Unicode letters, numbers, underscores, or emoji characters.
+ * This is the same as ``\W+`` in Python, preserving the surrogate pair area.
+ */
+if (typeof splitQuery === "undefined") {
+  var splitQuery = (query) => query
+      .split(/[^\p{Letter}\p{Number}_\p{Emoji_Presentation}]+/gu)
+      .filter(term => term)  // remove remaining empty strings
+}
+
+/**
+ * Search Module
+ */
+const Search = {
+  _index: null,
+  _queued_query: null,
+  _pulse_status: -1,
+
+  htmlToText: (htmlString, anchor) => {
+    const htmlElement = new DOMParser().parseFromString(htmlString, 'text/html');
+    for (const removalQuery of [".headerlink", "script", "style"]) {
+      htmlElement.querySelectorAll(removalQuery).forEach((el) => { el.remove() });
+    }
+    if (anchor) {
+      const anchorContent = htmlElement.querySelector(`[role="main"] ${anchor}`);
+      if (anchorContent) return anchorContent.textContent;
+
+      console.warn(
+        `Anchored content block not found. Sphinx search tries to obtain it via DOM query '[role=main] ${anchor}'. Check your theme or template.`
+      );
+    }
+
+    // if anchor not specified or not found, fall back to main content
+    const docContent = htmlElement.querySelector('[role="main"]');
+    if (docContent) return docContent.textContent;
+
+    console.warn(
+      "Content block not found. Sphinx search tries to obtain it via DOM query '[role=main]'. Check your theme or template."
+    );
+    return "";
+  },
+
+  init: () => {
+    const query = new URLSearchParams(window.location.search).get("q");
+    document
+      .querySelectorAll('input[name="q"]')
+      .forEach((el) => (el.value = query));
+    if (query) Search.performSearch(query);
+  },
+
+  loadIndex: (url) =>
+    (document.body.appendChild(document.createElement("script")).src = url),
+
+  setIndex: (index) => {
+    Search._index = index;
+    if (Search._queued_query !== null) {
+      const query = Search._queued_query;
+      Search._queued_query = null;
+      Search.query(query);
+    }
+  },
+
+  hasIndex: () => Search._index !== null,
+
+  deferQuery: (query) => (Search._queued_query = query),
+
+  stopPulse: () => (Search._pulse_status = -1),
+
+  startPulse: () => {
+    if (Search._pulse_status >= 0) return;
+
+    const pulse = () => {
+      Search._pulse_status = (Search._pulse_status + 1) % 4;
+      Search.dots.innerText = ".".repeat(Search._pulse_status);
+      if (Search._pulse_status >= 0) window.setTimeout(pulse, 500);
+    };
+    pulse();
+  },
+
+  /**
+   * perform a search for something (or wait until index is loaded)
+   */
+  performSearch: (query) => {
+    // create the required interface elements
+    const searchText = document.createElement("h2");
+    searchText.textContent = _("Searching");
+    const searchSummary = document.createElement("p");
+    searchSummary.classList.add("search-summary");
+    searchSummary.innerText = "";
+    const searchList = document.createElement("ul");
+    searchList.classList.add("search");
+
+    const out = document.getElementById("search-results");
+    Search.title = out.appendChild(searchText);
+    Search.dots = Search.title.appendChild(document.createElement("span"));
+    Search.status = out.appendChild(searchSummary);
+    Search.output = out.appendChild(searchList);
+
+    const searchProgress = document.getElementById("search-progress");
+    // Some themes don't use the search progress node
+    if (searchProgress) {
+      searchProgress.innerText = _("Preparing search...");
+    }
+    Search.startPulse();
+
+    // index already loaded, the browser was quick!
+    if (Search.hasIndex()) Search.query(query);
+    else Search.deferQuery(query);
+  },
+
+  _parseQuery: (query) => {
+    // stem the search terms and add them to the correct list
+    const stemmer = new Stemmer();
+    const searchTerms = new Set();
+    const excludedTerms = new Set();
+    const highlightTerms = new Set();
+    const objectTerms = new Set(splitQuery(query.toLowerCase().trim()));
+    splitQuery(query.trim()).forEach((queryTerm) => {
+      const queryTermLower = queryTerm.toLowerCase();
+
+      // maybe skip this "word"
+      // stopwords array is from language_data.js
+      if (
+        stopwords.indexOf(queryTermLower) !== -1 ||
+        queryTerm.match(/^\d+$/)
+      )
+        return;
+
+      // stem the word
+      let word = stemmer.stemWord(queryTermLower);
+      // select the correct list
+      if (word[0] === "-") excludedTerms.add(word.substr(1));
+      else {
+        searchTerms.add(word);
+        highlightTerms.add(queryTermLower);
+      }
+    });
+
+    if (SPHINX_HIGHLIGHT_ENABLED) {  // set in sphinx_highlight.js
+      localStorage.setItem("sphinx_highlight_terms", [...highlightTerms].join(" "))
+    }
+
+    // console.debug("SEARCH: searching for:");
+    // console.info("required: ", [...searchTerms]);
+    // console.info("excluded: ", [...excludedTerms]);
+
+    return [query, searchTerms, excludedTerms, highlightTerms, objectTerms];
+  },
+
+  /**
+   * execute search (requires search index to be loaded)
+   */
+  _performSearch: (query, searchTerms, excludedTerms, highlightTerms, objectTerms) => {
+    const filenames = Search._index.filenames;
+    const docNames = Search._index.docnames;
+    const titles = Search._index.titles;
+    const allTitles = Search._index.alltitles;
+    const indexEntries = Search._index.indexentries;
+
+    // Collect multiple result groups to be sorted separately and then ordered.
+    // Each is an array of [docname, title, anchor, descr, score, filename].
+    const normalResults = [];
+    const nonMainIndexResults = [];
+
+    _removeChildren(document.getElementById("search-progress"));
+
+    const queryLower = query.toLowerCase().trim();
+    for (const [title, foundTitles] of Object.entries(allTitles)) {
+      if (title.toLowerCase().trim().includes(queryLower) && (queryLower.length >= title.length/2)) {
+        for (const [file, id] of foundTitles) {
+          const score = Math.round(Scorer.title * queryLower.length / title.length);
+          const boost = titles[file] === title ? 1 : 0;  // add a boost for document titles
+          normalResults.push([
+            docNames[file],
+            titles[file] !== title ? `${titles[file]} > ${title}` : title,
+            id !== null ? "#" + id : "",
+            null,
+            score + boost,
+            filenames[file],
+          ]);
+        }
+      }
+    }
+
+    // search for explicit entries in index directives
+    for (const [entry, foundEntries] of Object.entries(indexEntries)) {
+      if (entry.includes(queryLower) && (queryLower.length >= entry.length/2)) {
+        for (const [file, id, isMain] of foundEntries) {
+          const score = Math.round(100 * queryLower.length / entry.length);
+          const result = [
+            docNames[file],
+            titles[file],
+            id ? "#" + id : "",
+            null,
+            score,
+            filenames[file],
+          ];
+          if (isMain) {
+            normalResults.push(result);
+          } else {
+            nonMainIndexResults.push(result);
+          }
+        }
+      }
+    }
+
+    // lookup as object
+    objectTerms.forEach((term) =>
+      normalResults.push(...Search.performObjectSearch(term, objectTerms))
+    );
+
+    // lookup as search terms in fulltext
+    normalResults.push(...Search.performTermsSearch(searchTerms, excludedTerms));
+
+    // let the scorer override scores with a custom scoring function
+    if (Scorer.score) {
+      normalResults.forEach((item) => (item[4] = Scorer.score(item)));
+      nonMainIndexResults.forEach((item) => (item[4] = Scorer.score(item)));
+    }
+
+    // Sort each group of results by score and then alphabetically by name.
+    normalResults.sort(_orderResultsByScoreThenName);
+    nonMainIndexResults.sort(_orderResultsByScoreThenName);
+
+    // Combine the result groups in (reverse) order.
+    // Non-main index entries are typically arbitrary cross-references,
+    // so display them after other results.
+    let results = [...nonMainIndexResults, ...normalResults];
+
+    // remove duplicate search results
+    // note the reversing of results, so that in the case of duplicates, the highest-scoring entry is kept
+    let seen = new Set();
+    results = results.reverse().reduce((acc, result) => {
+      let resultStr = result.slice(0, 4).concat([result[5]]).map(v => String(v)).join(',');
+      if (!seen.has(resultStr)) {
+        acc.push(result);
+        seen.add(resultStr);
+      }
+      return acc;
+    }, []);
+
+    return results.reverse();
+  },
+
+  query: (query) => {
+    const [searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms] = Search._parseQuery(query);
+    const results = Search._performSearch(searchQuery, searchTerms, excludedTerms, highlightTerms, objectTerms);
+
+    // for debugging
+    //Search.lastresults = results.slice();  // a copy
+    // console.info("search results:", Search.lastresults);
+
+    // print the results
+    _displayNextItem(results, results.length, searchTerms, highlightTerms);
+  },
+
+  /**
+   * search for object names
+   */
+  performObjectSearch: (object, objectTerms) => {
+    const filenames = Search._index.filenames;
+    const docNames = Search._index.docnames;
+    const objects = Search._index.objects;
+    const objNames = Search._index.objnames;
+    const titles = Search._index.titles;
+
+    const results = [];
+
+    const objectSearchCallback = (prefix, match) => {
+      const name = match[4]
+      const fullname = (prefix ? prefix + "." : "") + name;
+      const fullnameLower = fullname.toLowerCase();
+      if (fullnameLower.indexOf(object) < 0) return;
+
+      let score = 0;
+      const parts = fullnameLower.split(".");
+
+      // check for different match types: exact matches of full name or
+      // "last name" (i.e. last dotted part)
+      if (fullnameLower === object || parts.slice(-1)[0] === object)
+        score += Scorer.objNameMatch;
+      else if (parts.slice(-1)[0].indexOf(object) > -1)
+        score += Scorer.objPartialMatch; // matches in last name
+
+      const objName = objNames[match[1]][2];
+      const title = titles[match[0]];
+
+      // If more than one term searched for, we require other words to be
+      // found in the name/title/description
+      const otherTerms = new Set(objectTerms);
+      otherTerms.delete(object);
+      if (otherTerms.size > 0) {
+        const haystack = `${prefix} ${name} ${objName} ${title}`.toLowerCase();
+        if (
+          [...otherTerms].some((otherTerm) => haystack.indexOf(otherTerm) < 0)
+        )
+          return;
+      }
+
+      let anchor = match[3];
+      if (anchor === "") anchor = fullname;
+      else if (anchor === "-") anchor = objNames[match[1]][1] + "-" + fullname;
+
+      const descr = objName + _(", in ") + title;
+
+      // add custom score for some objects according to scorer
+      if (Scorer.objPrio.hasOwnProperty(match[2]))
+        score += Scorer.objPrio[match[2]];
+      else score += Scorer.objPrioDefault;
+
+      results.push([
+        docNames[match[0]],
+        fullname,
+        "#" + anchor,
+        descr,
+        score,
+        filenames[match[0]],
+      ]);
+    };
+    Object.keys(objects).forEach((prefix) =>
+      objects[prefix].forEach((array) =>
+        objectSearchCallback(prefix, array)
+      )
+    );
+    return results;
+  },
+
+  /**
+   * search for full-text terms in the index
+   */
+  performTermsSearch: (searchTerms, excludedTerms) => {
+    // prepare search
+    const terms = Search._index.terms;
+    const titleTerms = Search._index.titleterms;
+    const filenames = Search._index.filenames;
+    const docNames = Search._index.docnames;
+    const titles = Search._index.titles;
+
+    const scoreMap = new Map();
+    const fileMap = new Map();
+
+    // perform the search on the required terms
+    searchTerms.forEach((word) => {
+      const files = [];
+      const arr = [
+        { files: terms[word], score: Scorer.term },
+        { files: titleTerms[word], score: Scorer.title },
+      ];
+      // add support for partial matches
+      if (word.length > 2) {
+        const escapedWord = _escapeRegExp(word);
+        if (!terms.hasOwnProperty(word)) {
+          Object.keys(terms).forEach((term) => {
+            if (term.match(escapedWord))
+              arr.push({ files: terms[term], score: Scorer.partialTerm });
+          });
+        }
+        if (!titleTerms.hasOwnProperty(word)) {
+          Object.keys(titleTerms).forEach((term) => {
+            if (term.match(escapedWord))
+              arr.push({ files: titleTerms[term], score: Scorer.partialTitle });
+          });
+        }
+      }
+
+      // no match but word was a required one
+      if (arr.every((record) => record.files === undefined)) return;
+
+      // found search word in contents
+      arr.forEach((record) => {
+        if (record.files === undefined) return;
+
+        let recordFiles = record.files;
+        if (recordFiles.length === undefined) recordFiles = [recordFiles];
+        files.push(...recordFiles);
+
+        // set score for the word in each file
+        recordFiles.forEach((file) => {
+          if (!scoreMap.has(file)) scoreMap.set(file, {});
+          scoreMap.get(file)[word] = record.score;
+        });
+      });
+
+      // create the mapping
+      files.forEach((file) => {
+        if (!fileMap.has(file)) fileMap.set(file, [word]);
+        else if (fileMap.get(file).indexOf(word) === -1) fileMap.get(file).push(word);
+      });
+    });
+
+    // now check if the files don't contain excluded terms
+    const results = [];
+    for (const [file, wordList] of fileMap) {
+      // check if all requirements are matched
+
+      // as search terms with length < 3 are discarded
+      const filteredTermCount = [...searchTerms].filter(
+        (term) => term.length > 2
+      ).length;
+      if (
+        wordList.length !== searchTerms.size &&
+        wordList.length !== filteredTermCount
+      )
+        continue;
+
+      // ensure that none of the excluded terms is in the search result
+      if (
+        [...excludedTerms].some(
+          (term) =>
+            terms[term] === file ||
+            titleTerms[term] === file ||
+            (terms[term] || []).includes(file) ||
+            (titleTerms[term] || []).includes(file)
+        )
+      )
+        break;
+
+      // select one (max) score for the file.
+      const score = Math.max(...wordList.map((w) => scoreMap.get(file)[w]));
+      // add result to the result list
+      results.push([
+        docNames[file],
+        titles[file],
+        "",
+        null,
+        score,
+        filenames[file],
+      ]);
+    }
+    return results;
+  },
+
+  /**
+   * helper function to return a node containing the
+   * search summary for a given text. keywords is a list
+   * of stemmed words.
+   */
+  makeSearchSummary: (htmlText, keywords, anchor) => {
+    const text = Search.htmlToText(htmlText, anchor);
+    if (text === "") return null;
+
+    const textLower = text.toLowerCase();
+    const actualStartPosition = [...keywords]
+      .map((k) => textLower.indexOf(k.toLowerCase()))
+      .filter((i) => i > -1)
+      .slice(-1)[0];
+    const startWithContext = Math.max(actualStartPosition - 120, 0);
+
+    const top = startWithContext === 0 ? "" : "...";
+    const tail = startWithContext + 240 < text.length ? "..." : "";
+
+    let summary = document.createElement("p");
+    summary.classList.add("context");
+    summary.textContent = top + text.substr(startWithContext, 240).trim() + tail;
+
+    return summary;
+  },
+};
+
+_ready(Search.init);
diff --git a/stable/_static/sphinx_highlight.js b/stable/_static/sphinx_highlight.js
new file mode 100644
index 00000000..8a96c69a
--- /dev/null
+++ b/stable/_static/sphinx_highlight.js
@@ -0,0 +1,154 @@
+/* Highlighting utilities for Sphinx HTML documentation. */
+"use strict";
+
+const SPHINX_HIGHLIGHT_ENABLED = true
+
+/**
+ * highlight a given string on a node by wrapping it in
+ * span elements with the given class name.
+ */
+const _highlight = (node, addItems, text, className) => {
+  if (node.nodeType === Node.TEXT_NODE) {
+    const val = node.nodeValue;
+    const parent = node.parentNode;
+    const pos = val.toLowerCase().indexOf(text);
+    if (
+      pos >= 0 &&
+      !parent.classList.contains(className) &&
+      !parent.classList.contains("nohighlight")
+    ) {
+      let span;
+
+      const closestNode = parent.closest("body, svg, foreignObject");
+      const isInSVG = closestNode && closestNode.matches("svg");
+      if (isInSVG) {
+        span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");
+      } else {
+        span = document.createElement("span");
+        span.classList.add(className);
+      }
+
+      span.appendChild(document.createTextNode(val.substr(pos, text.length)));
+      const rest = document.createTextNode(val.substr(pos + text.length));
+      parent.insertBefore(
+        span,
+        parent.insertBefore(
+          rest,
+          node.nextSibling
+        )
+      );
+      node.nodeValue = val.substr(0, pos);
+      /* There may be more occurrences of search term in this node. So call this
+       * function recursively on the remaining fragment.
+       */
+      _highlight(rest, addItems, text, className);
+
+      if (isInSVG) {
+        const rect = document.createElementNS(
+          "http://www.w3.org/2000/svg",
+          "rect"
+        );
+        const bbox = parent.getBBox();
+        rect.x.baseVal.value = bbox.x;
+        rect.y.baseVal.value = bbox.y;
+        rect.width.baseVal.value = bbox.width;
+        rect.height.baseVal.value = bbox.height;
+        rect.setAttribute("class", className);
+        addItems.push({ parent: parent, target: rect });
+      }
+    }
+  } else if (node.matches && !node.matches("button, select, textarea")) {
+    node.childNodes.forEach((el) => _highlight(el, addItems, text, className));
+  }
+};
+const _highlightText = (thisNode, text, className) => {
+  let addItems = [];
+  _highlight(thisNode, addItems, text, className);
+  addItems.forEach((obj) =>
+    obj.parent.insertAdjacentElement("beforebegin", obj.target)
+  );
+};
+
+/**
+ * Small JavaScript module for the documentation.
+ */
+const SphinxHighlight = {
+
+  /**
+   * highlight the search words provided in localstorage in the text
+   */
+  highlightSearchWords: () => {
+    if (!SPHINX_HIGHLIGHT_ENABLED) return;  // bail if no highlight
+
+    // get and clear terms from localstorage
+    const url = new URL(window.location);
+    const highlight =
+        localStorage.getItem("sphinx_highlight_terms")
+        || url.searchParams.get("highlight")
+        || "";
+    localStorage.removeItem("sphinx_highlight_terms")
+    url.searchParams.delete("highlight");
+    window.history.replaceState({}, "", url);
+
+    // get individual terms from highlight string
+    const terms = highlight.toLowerCase().split(/\s+/).filter(x => x);
+    if (terms.length === 0) return; // nothing to do
+
+    // There should never be more than one element matching "div.body"
+    const divBody = document.querySelectorAll("div.body");
+    const body = divBody.length ? divBody[0] : document.querySelector("body");
+    window.setTimeout(() => {
+      terms.forEach((term) => _highlightText(body, term, "highlighted"));
+    }, 10);
+
+    const searchBox = document.getElementById("searchbox");
+    if (searchBox === null) return;
+    searchBox.appendChild(
+      document
+        .createRange()
+        .createContextualFragment(
+          '
' +
+            '' +
+            _("Hide Search Matches") +
+            "
"
+        )
+    );
+  },
+
+  /**
+   * helper function to hide the search marks again
+   */
+  hideSearchWords: () => {
+    document
+      .querySelectorAll("#searchbox .highlight-link")
+      .forEach((el) => el.remove());
+    document
+      .querySelectorAll("span.highlighted")
+      .forEach((el) => el.classList.remove("highlighted"));
+    localStorage.removeItem("sphinx_highlight_terms")
+  },
+
+  initEscapeListener: () => {
+    // only install a listener if it is really needed
+    if (!DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS) return;
+
+    document.addEventListener("keydown", (event) => {
+      // bail for input elements
+      if (BLACKLISTED_KEY_CONTROL_ELEMENTS.has(document.activeElement.tagName)) return;
+      // bail with special keys
+      if (event.shiftKey || event.altKey || event.ctrlKey || event.metaKey) return;
+      if (DOCUMENTATION_OPTIONS.ENABLE_SEARCH_SHORTCUTS && (event.key === "Escape")) {
+        SphinxHighlight.hideSearchWords();
+        event.preventDefault();
+      }
+    });
+  },
+};
+
+_ready(() => {
+  /* Do not call highlightSearchWords() when we are on the search page.
+   * It will highlight words from the *previous* search query.
+   */
+  if (typeof Search === "undefined") SphinxHighlight.highlightSearchWords();
+  SphinxHighlight.initEscapeListener();
+});
diff --git a/stable/basic-tutorial.html b/stable/basic-tutorial.html
new file mode 100644
index 00000000..a31ec590
--- /dev/null
+++ b/stable/basic-tutorial.html
@@ -0,0 +1,319 @@
+
+
+
+
+
+  
+
+  
+  A Basic Introduction to GSSAPI — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
A Basic Introduction to GSSAPI

+
GSSAPI (which stands for “Generic Security Service API”) is an
+standard layer for interfacing with security services.  While it
+supports multiple different mechanisms, it is most commonly used
+with Kerberos 5 (“krb5” for short).

+
This tutorial will provide a basic introduction to interacting with
+GSSAPI through Python.

+
Note: This file is designed to be runnable using
+YALPT.  You can also just
+read it normally.

+
To start out, we’ll import python-gssapi, and save the current FQDN
+for later:

+
>>> import gssapi, socket
+>>> FQDN = socket.getfqdn()
+>>>
+

+

+
Note that this assumes you have a KRB5 realm set up, and some relevant
+functions available in the REALM object (see gssapi-console.py in
+gssapi_console), or
+try $ run-lit -e gssapi basic-tutorial.md when you have both
+gssapi_console and yalpt installed).  Any actions performed using the
+REALM object are not part of the GSSAPI library; the REALM object
+simply contains wrappers to krb5 commands generally run separately from
+the application using GSSAPI.

+

+
Names and Credentials

+
Two important concepts in GSSAPI are names and credentials.

+
Names, as the name suggests, identify different entities, be they
+users or services.  GSSAPI has the concept of different name types.
+These represent different types of names and corresponding syntax
+for representing names as strings.

+
Suppose we wanted to refer to an HTTP server on the current host.
+We could refer to it as a host-based service, or in the default
+mechanism form (in this case, for krb5):

+
>>> server_hostbased_name = gssapi.Name(f"HTTP@{FQDN}", name_type=gssapi.NameType.hostbased_service)
+>>> server_hostbased_name
+Name(b'HTTP@seton.mivehind.net', <OID 1.2.840.113554.1.2.1.4>)
+>>> server_name = gssapi.Name(f"HTTP/{FQDN}@")
+>>> server_name
+Name(b'HTTP/seton.mivehind.net@', None)
+>>>
+

+

+
These are both effectively the same, but if we canonicalize both
+names with respect to krb5, we’ll see that GSSAPI knows they’re the
+same:

+
>>> server_name == server_hostbased_name
+False
+>>> server_canon_name = server_name.canonicalize(gssapi.MechType.kerberos)
+>>> server_hostbased_canon_name = server_hostbased_name.canonicalize(gssapi.MechType.kerberos)
+>>> server_canon_name == server_hostbased_canon_name
+True
+>>>
+

+

+
To compare two names of different name types, you should canonicalize
+them first.

+
Credentials represent identification for a user or service.  In
+order to establish secure communication with other entities, a user
+or service first needs credentials.  For the krb5 mechanism,
+credentials generally represent a handle to the TGT.

+
Credentials may be acquired for a particular name, or the default set
+of credentials may be acquired.

+
For instance, suppose that we are writing a server, and wish to
+communicate accept connections as the ‘HTTP’ service.  We would need
+to acquire credentials as such:

+
>>> REALM.addprinc('HTTP/%s@%s' % (FQDN, REALM.realm))
+>>> REALM.extract_keytab('HTTP/%s@%s' % (FQDN, REALM.realm), REALM.keytab)
+>>> server_creds = gssapi.Credentials(usage='accept', name=server_name)
+>>>
+

+

+
Note that for the krb5 mechanism, in order to acquire credentials with
+the GSSAPI, the system must already have a way to access those credentials.
+For users, this generally means that they have already performed a kinit
+(i.e. have cached a TGT), while for services (like above), having a keytab
+is sufficient.  This process is generally performed outside the application
+using the GSSAPI.

+
Credentials have a usage: ‘accept’ for accepting security contexts,
+‘initiate’ for initiating security contexts, or ‘both’ for
+credentials used for both initiating and accepting security contexts.

+
Credentials also have an associated name, lifetime (which may
+be None for indefinite), and set of mechanisms with which the
+credentials are usable:

+
>>> server_creds.usage
+'accept'
+>>> server_creds.name == server_name
+True
+>>> server_creds.lifetime is None
+True
+>>> gssapi.MechType.kerberos in server_creds.mechs
+True
+>>> gssapi.MechType.kerberos in server_creds.mechs
+True
+>>>
+

+

+
Each of these settings is setable from the constructor as usage,
+name, lifetime, and mechs.

+

+

+
Security Contexts

+
Security contexts represent active sessions between two different
+entities.  Security contexts are used to verify identities, as well
+as ensure integrity (message signing), confidentiality (message
+encryption), or both for messages exchanged between the two parties.

+
When establishing a security context, the default credentials are
+used unless otherwise specified.  This allows applications to use
+the user’s already acquired credentials:

+
>>> client_ctx = gssapi.SecurityContext(name=server_name, usage='initiate')
+>>> initial_client_token = client_ctx.step()
+>>> client_ctx.complete
+False
+>>>
+

+

+
Just like credentials, security contexts are either initiating
+contexts, or accepting contexts (they cannot be both).  Initiating
+contexts must specify at least a target name.  In this case,
+we indicate that we wish to establish a context with the HTTP server
+from above.  The http server can then accept that context:

+
>>> server_ctx = gssapi.SecurityContext(creds=server_creds, usage='accept')
+>>> initial_server_token = server_ctx.step(initial_client_token)
+>>>
+

+

+
As you can see, creating an accepting security context is similar.
+Here, we specify a set of accepting credentials to use, although
+this is optional (the defaults will be used if no credentials are
+specified).

+
Let’s finish up the exchange:

+
>>> server_tok = initial_server_token
+>>>
+>>> while not (client_ctx.complete and server_ctx.complete):
+...     client_tok = client_ctx.step(server_tok)
+...     if not client_tok:
+...         break
+...     server_tok = server_ctx.step(client_tok)
+...
+>>> client_ctx.complete and server_ctx.complete
+True
+>>>
+

+

+
We can now wrap and unwrap messages, using the wrap and unwrap methods
+on SecurityContext:

+
>>> message = b'some message here'
+>>> wrapped_message, msg_encrypted = client_ctx.wrap(message, True)
+>>> message not in wrapped_message
+True
+>>> msg_encrypted
+True
+>>> server_ctx.unwrap(wrapped_message)
+UnwrapResult(message=b'some message here', encrypted=True, qop=0)
+>>>
+

+

+
We can use the second parameter to control whether or not we encrypt the
+messages, or just sign them:

+
>>> signed_message, msg_encrypted = client_ctx.wrap(message, False)
+>>> msg_encrypted
+False
+>>> message in signed_message
+True
+>>> server_ctx.unwrap(signed_message)
+UnwrapResult(message=b'some message here', encrypted=False, qop=0)
+>>>
+

+

+
Manually passing in a second parameter and checking whether or not encryption
+was used can get tedious, so python-gssapi provides two convenience methods
+to help with this: encrypt and decrypt.  If the context is set up to use
+encryption, they will call wrap with encryption.  If not, they will
+call wrap without encryption.

+
>>> encrypted_message = client_ctx.encrypt(message)
+>>> encrypted_message != message
+True
+>>> server_ctx.decrypt(encrypted_message)
+b'some message here'
+>>>
+

+

+
Notice that if we try to use decrypt a signed message, and exception will be raised,
+since the context was set up to use encryption (the default):

+
>>> signed_message, _ = client_ctx.wrap(message, False)
+>>> server_ctx.decrypt(signed_message)
+Traceback (most recent call last):
+  File "<stdin>", line 1, in <module>
+  File "<string>", line 2, in decrypt
+  File "/usr/lib/python3.4/site-packages/gssapi/_utils.py", line 167, in check_last_err
+    return func(self, *args, **kwargs)
+  File "/usr/lib/python3.4/site-packages/gssapi/sec_contexts.py", line 295, in decrypt
+    unwrapped_message=res.message)
+gssapi.exceptions.EncryptionNotUsed: Confidentiality was requested, but not used: The context was established with encryption, but unwrapped message was not encrypted.
+>>>
+

+

+
There you have it: the basics of GSSAPI.  You can use the help function
+at the interpreter, or check the docs
+for more information.

+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/credstore.html b/stable/credstore.html
new file mode 100644
index 00000000..cee6527f
--- /dev/null
+++ b/stable/credstore.html
@@ -0,0 +1,192 @@
+
+
+
+
+
+  
+
+  
+  Common Values for Credentials Store Extensions — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Common Values for Credentials Store Extensions

+
The credentials store extension is an extension introduced by the MIT krb5
+library implementation of GSSAPI.  It allows for finer control of credentials
+from within a GSSAPI application.  Each mechanism can define keywords to
+manipulate various aspects of their credentials for storage or retrieval
+operations.

+

+
The krb5 mechanism in MIT libraries

+
The krb5 mechanism as implemented by MIT libraries supports the credentials
+store extension with a number of keywords.

+

+
client_keytab

+
The client_keytab keyword can be used in a credential store when it is used
+with the gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions to indicate a custom
+location for a keytab containing client keys.  It is not used in the context
+of calls used to store credentials.

+
The value is a string in the form type:residual where type can be any
+keytab storage type understood by the implementation and residual is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to FILE.

+

+

+
keytab

+
The keytab keyword can be used in a credential store when it is used with
+the gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions to indicate a custom
+location for a keytab containing service keys.  It is not used in the context
+of calls used to store credentials.

+
The value is a string in the form type:residual where type can be any
+keytab storage type understood by the implementation and residual is the
+keytab identifier (usually something like a path).  If the string is a path,
+then the type is defaulted to FILE.

+

+

+
ccache

+
The ccache keyword can be used to reference a specific credential storage.
+It can be used both to indicate the source of existing credentials for the
+gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions, as well as the
+destination storage for the gssapi.raw.ext_cred_store.store_cred_into()
+function.

+
The value is a string in the form type:residual where type can be any
+credential cache storage type understood by the implementation and
+residual is the ccache identifier.  If the string is a path, then the type
+is defaulted to FILE.  Other commonly used types are DIR, KEYRING,
+KCM, and MEMORY.  Each type has a different format for the residual;
+refer to the MIT krb5 documentation for more details.

+

+

+
rcache

+
The rcache keyword can be used to reference a custom replay cache storage.
+It is used only with the gssapi.raw.ext_cred_store.acquire_cred_from() /
+gssapi.raw.ext_cred_store.add_cred_from() functions for credentials used
+to accept context establishments, not to initiate contexts.

+
The value is a string in the form type:residual where type can be any
+replay cache storage type understood by the implementation and residual is
+the cache identifier (usually something like a path).  If the string is a
+path, then the type is defaulted to FILE.

+

+

+

+
The krb5 mechanism in Heimdal

+
Heimdal has recently implemented the credential store extensions with the same
+interface as MIT krb5.  However, it is not yet present in any released
+version.

+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/genindex.html b/stable/genindex.html
new file mode 100644
index 00000000..3e075812
--- /dev/null
+++ b/stable/genindex.html
@@ -0,0 +1,1440 @@
+
+
+
+
+
+  
+  
+  Index — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Index
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+
+
Index

+
+

+ A
+ | B
+ | C
+ | D
+ | E
+ | F
+ | G
+ | H
+ | I
+ | K
+ | L
+ | M
+ | N
+ | O
+ | P
+ | Q
+ | R
+ | S
+ | T
+ | U
+ | V
+ | W
+ | X
+ 
+

+
A

+
+  
+  
+

+
+
B

+
+  
+  
+

+
+
C

+
+  
+  
+

+
+
D

+
+  
+  
+

+
+
E

+
+  
+  
+

+
+
F

+
+  
+  
+

+
+
G

+
+  
+  
+
    
+      
  • 
+    gssapi.raw.ext_krb5
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_password
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_password_add
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc4178
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5587
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5588
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc5801
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_rfc6680
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_s4u
+
+      
    • 
+      
  • 
+    gssapi.raw.ext_set_cred_opt
+
+      
    • 
+      
  • 
+    gssapi.raw.message
+
+      
    • 
+      
  • 
+    gssapi.raw.misc
+
+      
    • 
+      
  • 
+    gssapi.raw.named_tuples
+
+      
    • 
+      
  • 
+    gssapi.raw.names
+
+      
    • 
+      
  • 
+    gssapi.raw.oids
+
+      
    • 
+      
  • 
+    gssapi.raw.sec_contexts
+
+      
    • 
+      
  • 
+    gssapi.raw.types
+
+      
    • 
+      
  • 
+    gssapi.sec_contexts
+
+      
    • 
+      
  • GSSError, [1], [2]
+
    • 
+  

+
+
H

+
+  
+  
+

+
+
I

+
+  
+  
+

+
+
K

+
+  
+  
+

+
+
L

+
+  
+  
+

+
+
M

+
+  
+  
+

+
+
N

+
+  
+  
+

+
+
O

+
+  
+  
+

+
+
P

+
+  
+  
+

+
+
Q

+
+  
+

+
+
R

+
+  
+  
+

+
+
S

+
+  
+  
+

+
+
T

+
+  
+  
+

+
+
U

+
+  
+  
+

+
+
V

+
+  
+  
+

+
+
W

+
+  
+  
+

+
+
X

+
+  
+  
+

+
+
+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/gssapi.html b/stable/gssapi.html
new file mode 100644
index 00000000..b6bd30ba
--- /dev/null
+++ b/stable/gssapi.html
@@ -0,0 +1,1729 @@
+
+
+
+
+
+  
+
+  
+  High-Level API — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
High-Level API

+
The high-level API contains three main classes for interacting with GSSAPI,
+representing the primary abstractions that GSSAPI provides:
+Name, Credentials, and
+SecurityContext.

+

+
Note

+
Classes in the high-level API inherit from the corresponding classes in the
+low-level API, and thus may be passed in to low-level API functions.

+

+

+
Warning

+
All methods in both the high-level and low-level APIs may throw the generic
+GSSError exception.

+

+

+
Main Classes

+

+
Names

+

+

+class Name(base: Name | bytes | str | None = None, name_type: OID | None = None, token: bytes | None = None, composite: bool = False)[source]

+
A GSSAPI Name

+
This class represents a GSSAPI name which may be used with and/or returned
+by other GSSAPI methods.

+
It inherits from the low-level GSSAPI Name
+class, and thus may used with both low-level and high-level API methods.

+
This class may be pickled and unpickled, as well as copied.

+
The str and bytes methods may be used to retrieve the
+text of the name.

+

+
Note

+
Name strings will be automatically converted to and from unicode
+strings as appropriate.  If a method is listed as returning a
+str object, it will return a unicode string.

+
The encoding used will be python-gssapi’s current encoding, which
+defaults to UTF-8.

+

+
The constructor can be used to “import” a name from a human readable
+representation, or from a token, and can also be used to convert a
+low-level gssapi.raw.names.Name object into a high-level
+object.

+
If a Name object from the low-level API
+is passed as the base argument, it will be converted into a
+high-level object.

+
If the token argument is used, the name will be imported using
+the token.  If the token was exported as a composite token,
+pass composite=True.

+
Otherwise, a new name will be created, using the base argument as
+the human-readable string and the name_type argument to denote the
+name type.

+

+
Raises:

+

+

+

+

+

+display_as(name_type: OID)  str[source]

+
Display this name as the given name type.

+
This method attempts to display the current Name
+using the syntax of the given NameType, if
+possible.

+

+
Warning

+
In MIT krb5 versions below 1.13.3, this method can segfault if
+the name was not originally created with a name_type that was
+not None (even in cases when a name_type
+is later “added”, such as via canonicalize()).
+Do not use this method unless you are sure the above
+conditions can never happen in your code.

+

+

+
Warning

+
In addition to the above warning, current versions of MIT krb5 do
+not actually fully implement this method, and it may return
+incorrect results in the case of canonicalized names.

+

+
requires the RFC 6680 extension

+

+
Parameters:

+
name_type (OID) – the NameType to
+use to display the given name

+

+
Returns:

+
the displayed name

+

+
Return type:

+
str

+

+
Raises:

+
OperationUnavailableError

+

+

+

+
+

+

+property name_type: OID | None

+
The NameType of this name

+

+
+

+

+export(composite: bool = False)  bytes[source]

+
Export this name as a token.

+
This method exports the name into a byte string which can then be
+imported by using the token argument of the constructor.

+

+
Parameters:

+
composite (bool) – whether or not use to a composite token –
+requires the RFC 6680 extension

+

+
Returns:

+
the exported name in token form

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+canonicalize(mech: OID)  Name[source]

+
Canonicalize a name with respect to a mechanism.

+
This method returns a new Name that is canonicalized according
+to the given mechanism.

+

+
Parameters:

+
mech (OID) – the MechType to use

+

+
Returns:

+
the canonicalized name

+

+
Return type:

+
Name

+

+
Raises:

+

+

+

+

+
+

+

+property is_mech_name: bool

+
Whether or not this name is a mechanism name
+(requires the RFC 6680 extension)

+

+
+

+

+property mech: OID

+
The mechanism associated with this name (requires the RFC 6680 extension)

+

+
+

+

+property attributes: MutableMapping | None

+
The attributes of this name (requires the RFC 6680 extension)

+
The attributes are presenting in the form of a
+MutableMapping (a dict-like object).

+
Retrieved values will always be in the form of frozenset.

+
When assigning values, if iterables are used, they be considered to be
+the set of values for the given attribute.  If a non-iterable is used,
+it will be considered a single value, and automatically wrapped in an
+iterable.

+

+
Note

+
String types (includes bytes) are not considered to
+be iterables in this case.

+

+

+
+

+
+

+

+
Credentials

+

+

+class Credentials(base: Creds | None = None, token: bytes | None = None, name: Name | None = None, lifetime: int | None = None, mechs: Iterable[OID] | None = None, usage: str = 'both', store: Dict[bytes | str, bytes | str] | None = None)[source]

+
GSSAPI Credentials

+
This class represents a set of GSSAPI credentials which may
+be used with and/or returned by other GSSAPI methods.

+
It inherits from the low-level GSSAPI Creds
+class, and thus may used with both low-level and high-level API methods.

+
If your implementation of GSSAPI supports the credentials import-export
+extension, you may pickle and unpickle this object.

+
The constructor either acquires or imports a set of GSSAPI
+credentials.

+
If the base argument is used, an existing
+Creds object from the low-level API is
+converted into a high-level object.

+
If the token argument is used, the credentials
+are imported using the token, if the credentials import-export
+extension is supported (requires the cred_imp_exp extension).

+
Otherwise, the credentials are acquired as per the
+acquire() method.

+

+
Raises:

+

+

+

+

+

+property name: Name

+
Get the name associated with these credentials

+

+
+

+

+property lifetime: int

+
Get the remaining lifetime of these credentials, in seconds

+

+
+

+

+property mechs: Set[OID]

+
Get the mechanisms for these credentials

+

+
+

+

+property usage: str

+
Get the usage (initiate, accept, or both) of these credentials

+

+
+

+

+classmethod acquire(name: Name | None = None, lifetime: int | None = None, mechs: Iterable[OID] | None = None, usage: str = 'both', store: Dict[bytes | str, bytes | str] | None = None)  AcquireCredResult[source]

+
Acquire GSSAPI credentials

+
This method acquires credentials.  If the store argument is
+used, the credentials will be acquired from the given
+credential store (if supported).  Otherwise, the credentials are
+acquired from the default store.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+
Using a non-default store requires support for the credentials store
+extension.

+

+
Parameters:

+
    
+
  • name (Name) – the name associated with the
+credentials, or None for the default name
    • 
+
  • lifetime (int) – the desired lifetime of the credentials in seconds,
+or None for indefinite
    • 
+
  • mechs (list) – the desired MechType OIDs to be used
+with the credentials, or None for the default set
    • 
+
  • usage (str) – the usage for the credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials,
+or None for the default store (requires the cred_store extension)
    • 
+

+

+
Returns:

+
the acquired credentials and information about
+them

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+store(store: Dict[bytes | str, bytes | str] | None = None, usage: str = 'both', mech: OID | None = None, overwrite: bool = False, set_default: bool = False)  StoreCredResult[source]

+
Store these credentials into the given store

+
This method stores the current credentials into the specified
+credentials store.  If the default store is used, support for
+RFC 5588 is required.  Otherwise, support for the credentials
+store extension is required.

+
requires the RFC 5588 extension or requires the cred_store extension

+

+
Parameters:

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the MechType to associate with the
+stored credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns:

+
the results of the credential storing operation

+

+
Return type:

+
StoreCredResult

+

+
Raises:

+

+

+

+

+
+

+

+impersonate(name: Name | None = None, lifetime: int | None = None, mechs: Iterable[OID] | None = None, usage: str = 'initiate')  Credentials[source]

+
Impersonate a name using the current credentials

+
This method acquires credentials by impersonating another
+name using the current credentials.

+
requires the s4u extension

+

+
Parameters:

+
    
+
  • name (Name) – the name to impersonate
    • 
+
  • lifetime (int) – the desired lifetime of the new credentials in
+seconds, or None for indefinite
    • 
+
  • mechs (list) – the desired MechType OIDs for the new
+credentials
    • 
+
  • usage (str) – the desired usage for the new credentials – either
+‘both’, ‘initiate’, or ‘accept’.  Note that some mechanisms
+may only support ‘initiate’.
    • 
+

+

+
Returns:

+
the new credentials impersonating the given name

+

+
Return type:

+
Credentials

+

+

+

+
+

+

+inquire(name: bool = True, lifetime: bool = True, usage: bool = True, mechs: bool = True)  InquireCredResult[source]

+
Inspect these credentials for information

+
This method inspects these credentials for information about them.

+

+
Parameters:

+
    
+
  • name (bool) – get the name associated with the credentials
    • 
+
  • lifetime (bool) – get the remaining lifetime for the credentials
    • 
+
  • usage (bool) – get the usage for the credentials
    • 
+
  • mechs (bool) – get the mechanisms associated with the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with None used when the corresponding argument was False

+

+
Return type:

+
InquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_by_mech(mech: OID, name: bool = True, init_lifetime: bool = True, accept_lifetime: bool = True, usage: bool = True)  InquireCredByMechResult[source]

+
Inspect these credentials for per-mechanism information

+
This method inspects these credentials for per-mechanism information
+about them.

+

+
Parameters:

+
    
+
  • mech (OID) – the mechanism for which to retrieve the
+information
    • 
+
  • name (bool) – get the name associated with the credentials
    • 
+
  • init_lifetime (bool) – get the remaining initiate lifetime for
+the credentials in seconds
    • 
+
  • accept_lifetime (bool) – get the remaining accept lifetime for
+the credentials in seconds
    • 
+
  • usage (bool) – get the usage for the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with None used when the corresponding argument was False

+

+
Return type:

+
InquireCredByMechResult

+

+

+

+
+

+

+add(name: Name, mech: OID, usage: str = 'both', init_lifetime: int | None = None, accept_lifetime: int | None = None, impersonator: Creds | None = None, store: Dict[bytes | str, bytes | str] | None = None)  Credentials[source]

+
Acquire more credentials to add to the current set

+
This method works like acquire(), except that it adds the
+acquired credentials for a single mechanism to a copy of the current
+set, instead of creating a new set for multiple mechanisms.
+Unlike acquire(), you cannot pass None desired name or
+mechanism.

+
If the impersonator argument is used, the credentials will
+impersonate the given name using the impersonator credentials
+(requires the s4u extension).

+
If the store argument is used, the credentials will be acquired
+from the given credential store (requires the cred_store extension).
+Otherwise, the credentials are acquired from the default store.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+
Note that the store argument is not compatible with the
+impersonator argument.

+

+
Parameters:

+
    
+
  • name (Name) – the name associated with the
+credentials
    • 
+
  • mech (OID) – the desired MechType to be used with
+the credentials
    • 
+
  • usage (str) – the usage for the credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • init_lifetime (int) – the desired initiate lifetime of the
+credentials in seconds, or None for indefinite
    • 
+
  • accept_lifetime (int) – the desired accept lifetime of the
+credentials in seconds, or None for indefinite
    • 
+
  • impersonator (Credentials) – the credentials to use to impersonate
+the given name, or None to not acquire normally
+(requires the s4u extension)
    • 
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials,
+or None for the default store (requires the cred_store extension)
    • 
+

+

+
Returns:

+
the credentials set containing the current credentials
+and the newly acquired ones.

+

+
Return type:

+
Credentials

+

+
Raises:

+

+

+

+

+
+

+

+export()  bytes[source]

+
Export these credentials into a token

+
This method exports the current credentials to a token that can
+then be imported by passing the token argument to the constructor.

+
This is often used to pass credentials between processes.

+
requires the cred_imp_exp extension

+

+
Returns:

+
the exported credentials in token form

+

+
Return type:

+
bytes

+

+

+

+
+

+
+

+

+
Security Contexts

+

+

+class SecurityContext(base: SecurityContext | None = None, token: bytes | None = None, name: Name | None = None, creds: Credentials | None = None, lifetime: int | None = None, flags: int | None = None, mech: OID | None = None, channel_bindings: ChannelBindings | None = None, usage: str | None = None)[source]

+
A GSSAPI Security Context

+
This class represents a GSSAPI security context that may be used
+with and/or returned by other GSSAPI methods.

+
It inherits from the low-level GSSAPI
+SecurityContext class,
+and thus may used with both low-level and high-level API methods.

+
This class may be pickled and unpickled (the attached delegated
+credentials object will not be preserved, however).

+
The constructor creates a new security context, but does not begin
+the initiate or accept process.

+
If the base argument is used, an existing
+SecurityContext object from
+the low-level API is converted into a high-level object.

+
If the token argument is passed, the security context is imported
+using the token.

+
Otherwise, a new security context is created.

+
If the usage argument is not passed, the constructor will attempt
+to detect what the appropriate usage is based on either the existing
+security context (if base or token are used) or the argument set.

+
For a security context of the initiate usage, the name argument
+must be used, and the creds, mech, flags,
+lifetime, and channel_bindings arguments may be
+used as well.

+
For a security context of the accept usage, the creds and
+channel_bindings arguments may optionally be used.

+

+

+get_signature(message: bytes)  bytes[source]

+
Calculate the signature for a message.

+
This method calculates the signature (called a MIC) for
+the given message, which may be then used with
+verify_signature() to confirm the validity of the
+signature.  This is useful if you wish to transmit the
+message signature and message in your own format.

+

+
Parameters:

+
message (bytes) – the input message

+

+
Returns:

+
the message signature

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+verify_signature(message: bytes, mic: bytes)  int[source]

+
Verify the signature for a message.

+
This method verifies that a signature (generated by
+get_signature() is valid for the given message.

+
If the signature is valid, the method will return.
+Otherwise, it will raise an error.

+

+
Parameters:

+
    
+
  • message (bytes) – the message
    • 
+
  • mic (bytes) – the signature to verify
    • 
+

+

+
Returns:

+
the QoP used.

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+wrap(message: bytes, encrypt: bool)  WrapResult[source]

+
Wrap a message, optionally with encryption

+
This wraps a message, signing it and optionally
+encrypting it.

+

+
Parameters:

+
    
+
  • message (bytes) – the message to wrap
    • 
+
  • encrypt (bool) – whether or not to encrypt the message
    • 
+

+

+
Returns:

+
the wrapped message and details about it
+(e.g. whether encryption was used succesfully)

+

+
Return type:

+
WrapResult

+

+
Raises:

+

+

+

+

+
+

+

+unwrap(message: bytes)  UnwrapResult[source]

+
Unwrap a wrapped message.

+
This method unwraps/unencrypts a wrapped message,
+verifying the signature along the way.

+

+
Parameters:

+
message (bytes) – the message to unwrap/decrypt

+

+
Returns:

+
the unwrapped message and details about it
+(e.g. wheter encryption was used)

+

+
Return type:

+
UnwrapResult

+

+
Raises:

+

+

+

+

+
+

+

+encrypt(message: bytes)  bytes[source]

+
Encrypt a message.

+
This method wraps and encrypts a message, similarly to
+wrap().  The difference is that encryption is always
+used, and the method will raise an exception if this is
+not possible.  Additionally, this method simply returns
+the encrypted message directly.

+

+
Parameters:

+
message (bytes) – the message to encrypt

+

+
Returns:

+
the encrypted message

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+decrypt(message: bytes)  bytes[source]

+
Decrypt a message.

+
This method decrypts and unwraps a message, verifying the signature
+along the way, similarly to unwrap().  The difference is that
+this method will raise an exception if encryption was established
+by the context and not used, and simply returns the decrypted
+message directly.

+

+
Parameters:

+
message (bytes) – the encrypted message

+

+
Returns:

+
the decrypted message

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+get_wrap_size_limit(desired_output_size: int, encrypted: bool = True)  int[source]

+
Calculate the maximum message size for a given wrapped message size.

+
This method calculates the maximum input message size for a given
+maximum wrapped/encrypted message size.

+

+
Parameters:

+
    
+
  • desired_output_size (int) – the maximum output message size
    • 
+
  • encrypted (bool) – whether or not encryption should be taken
+into account
    • 
+

+

+
Returns:

+
the maximum input message size

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+process_token(token: bytes)  None[source]

+
Process an output token asynchronously.

+
This method processes an output token even when the security context
+was not expecting it.

+

+
Warning

+
This method is deprecated.

+

+

+
Parameters:

+
token (bytes) – the token to process

+

+
Raises:

+

+

+

+

+
+

+

+export()  bytes[source]

+
Export a security context.

+
This method exports a security context, allowing it to be passed
+between processes.

+

+
Returns:

+
the exported security context

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+property lifetime: int

+
The amount of time for which this context remains valid

+

+
+

+

+property delegated_creds: Credentials | None

+
The credentials delegated from the initiator to the acceptor

+

+
Warning

+
This value will not be preserved across picklings.  These should
+be separately exported and transferred.

+

+

+
+

+

+property initiator_name: Any

+
The Name of the initiator of this context

+

+
+

+

+property target_name: Any

+
The Name of the target of this context

+

+
+

+

+property mech: Any

+
The mechanism (MechType) in use by this context

+

+
+

+

+property actual_flags: Any

+
The flags set on this context

+

+
+

+

+property locally_initiated: Any

+
Whether this context was locally intiated

+

+
+

+

+property complete: bool

+
Whether negotiation for this context has been completed

+

+
+

+

+step(token: bytes | None = None)  bytes | None[source]

+
Perform a negotation step.

+
This method performs a negotiation step based on the usage type
+of this context.  If __DEFER_STEP_ERRORS__ is set to True on
+the class, this method will return a token, even when exceptions
+would be thrown.  The generated exception will be thrown on the next
+method call or property lookup on the context.
+This is the default behavior.

+
This method should be used in a while loop, as such:

+
input_token = None
+try:
+    while not ctx.complete:
+        output_token = ctx.step(input_token)
+        if not output_token:
+            break
+        input_token = send_and_receive(output_token)
+except GSSError as e:
+     handle_the_issue()
+

+

+

+
Tip

+
Disabling __DEFER_STEP_ERRORS__ is rarely necessary.
+When this method is used in a loop (as above),
+__DEFER_STEP_ERRORS__ will ensure that you always
+send an error token when it’s available,
+keeping the other end of the security context updated
+with the status of the negotiation.

+

+

+
Parameters:

+
token (bytes) – the input token from the other participant’s step

+

+
Returns:

+
the output token to send to the other participant

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+
+

+

+

+
Enums and Helper Classes

+
The following enumerations from the low-level API are also
+used with the high-level API.  For convenience, they are
+imported in the high-level API gssapi module:

+

+

+class NameType[source]

+
Bases: object

+

+

+anonymous = <OID 1.3.6.1.5.6.3>

+

+
+

+

+composite_export = <OID 1.3.6.1.5.6.6>

+

+
+

+

+export = <OID 1.3.6.1.5.6.4>

+

+
+

+

+hostbased_service = <OID 1.2.840.113554.1.2.1.4>

+

+
+

+

+kerberos_principal = <OID 1.2.840.113554.1.2.2.1>

+

+
+

+

+krb5_nt_principal_name = <OID 1.2.840.113554.1.2.2.1>

+

+
+

+

+machine_uid = <OID 1.2.840.113554.1.2.1.2>

+

+
+

+

+string_uid = <OID 1.2.840.113554.1.2.1.3>

+

+
+

+

+user = <OID 1.2.840.113554.1.2.1.1>

+

+
+

+
+

+

+class MechType[source]

+
Bases: object

+

+

+kerberos = <OID 1.2.840.113554.1.2.2>

+

+
+

+
+

+

+class RequirementFlag(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

+
Bases: IntEnum

+

+
+
The ok_as_delegate flag corresponds to the C level flag
+GSS_C_DELEG_POLICY_FLAG. This flag is similar to delegate_to_peer
+except it only delegates if the KDC delegation policies for the service
+principal allow it to use delegation. This is typically used on Microsoft
+domain environments to control whether constrained or unconstrained delegation
+is allowed for a service principal. By setting this flag, the delegation
+process follows the same behaviour as delegation on SSPI/Windows.

+
Here are the four cases when either of these flags are set or not.

+

+
Neither flag set
No delegation occurs.

+

+
delegate_to_peer
Always try to delegate regardless of the KDC delegation policies.
+delegate_to_peer is set in the return flags if successful.

+

+
ok_as_delegate
Try to delegate but only if the KDC trusts the service principal for
+delegation. delegate_to_peer and ok_as_delegate are set in the
+return flags if successful.

+

+
delegate_to_peer | ok_as_delegate
Acts like delegate_to_peer being set but will also set
+ok_as_delegate in the return flags if the service principal was trusted
+for delegation by the KDC.

+

+

+

+

+class AddressType(value, names=<not given>, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]

+
Bases: IntEnum

+

+
+
Similarly, there are a couple classes from the low-level API
+that are imported into the high-level API module.  These classes
+are less likely to be used directly by a user, but are returned
+by several methods:

+

+

+class OID[source]

+

+
+

+

+class IntEnumFlagSet(enum, flags=None)[source]

+
Bases: GenericFlagSet

+

+
+

+

+
Exceptions

+
The high-level API can raise all of the exceptions that the low-level API
+can raise in addition to several other high-level-specific exceptions:

+

+

+exception GSSError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: Exception

+

+

+MESSAGE = 'Major ({maj_stat}): {maj_str}, Minor ({min_stat}): {min_str}'

+

+
+

+

+gen_message()[source]

+

+
+

+

+get_all_statuses(code, is_maj)[source]

+

+
+

+
+

+

+exception GeneralError(minor_message: str, **kwargs: str)[source]

+
Bases: Exception

+
A General High-Level API Error

+

+

+MAJOR_MESSAGE = 'General error'

+

+
+

+

+FMT_STR = '{maj}: {min}.'

+

+
+

+
+

+

+exception UnknownUsageError(minor_message: str, **kwargs: str)[source]

+
Bases: GeneralError

+
An Error indicating an unknown usage type

+

+

+MAJOR_MESSAGE = 'Unable to determine {obj} usage'

+

+
+

+
+

+

+exception EncryptionNotUsed(minor_message: str, unwrapped_message: bytes | None = None, **kwargs: str)[source]

+
Bases: GeneralError

+
An Error indicating that encryption was requested, but not used

+

+

+MAJOR_MESSAGE = 'Confidentiality was requested, but not used'

+

+
+

+
+

+

+exception BadChannelBindingsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 262144

+

+
+

+
+

+

+exception BadMICError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 393216

+

+
+

+
+

+

+exception BadMechanismError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 65536

+

+
+

+
+

+

+exception BadNameError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 131072

+

+
+

+
+

+

+exception BadNameTypeError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 196608

+

+
+

+
+

+

+exception BadQoPError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 917504

+

+
+

+
+

+

+exception BadStatusError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 327680

+

+
+

+
+

+

+exception ContextReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, MissingContextError

+

+
+

+

+exception ContextWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterWriteError, MissingContextError

+

+
+

+

+exception CredentialsReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, MissingCredentialsError

+

+
+

+

+exception CredentialsWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterWriteError, MissingCredentialsError

+

+
+

+

+exception DuplicateCredentialsElementError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1114112

+

+
+

+
+

+

+exception DuplicateTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+

+SUPPLEMENTARY_CODE = 2

+

+
+

+
+

+

+exception ExpiredContextError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 786432

+

+
+

+
+

+

+exception ExpiredCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 720896

+

+
+

+
+

+

+exception ExpiredTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+

+SUPPLEMENTARY_CODE = 4

+

+
+

+
+

+

+exception InvalidCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 655360

+

+
+

+
+

+

+exception InvalidTokenError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 589824

+

+
+

+
+

+

+exception MalformedParameterError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 50331648

+

+
+

+
+

+

+exception MechanismNameRequiredError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1179648

+

+
+

+
+

+

+exception MissingContextError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 524288

+

+
+

+
+

+

+exception MissingCredentialsError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 458752

+

+
+

+
+

+

+exception NameReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, BadNameError

+

+
+

+

+exception NameTypeReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, BadNameTypeError

+

+
+

+

+exception OperationUnavailableError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 1048576

+

+
+

+
+

+

+exception ParameterReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 16777216

+

+
+

+
+

+

+exception ParameterWriteError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+CALLING_CODE = 33554432

+

+
+

+
+

+

+exception SupplementaryError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+
+

+

+exception TokenOutOfSequenceError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: SupplementaryError

+

+
+

+

+exception TokenReadError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: ParameterReadError, InvalidTokenError

+

+
+

+

+exception TokenTooEarlyError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: TokenOutOfSequenceError

+

+

+SUPPLEMENTARY_CODE = 16

+

+
+

+
+

+

+exception TokenTooLateError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: TokenOutOfSequenceError

+

+

+SUPPLEMENTARY_CODE = 8

+

+
+

+
+

+

+exception UnauthorizedError(maj_code, min_code, *args, **kwargs)[source]

+
Bases: GSSError

+

+

+ROUTINE_CODE = 983040

+

+
+

+
+

+

+
Utilities

+

+

+set_encoding(enc: str)  None[source]

+
Sets the current encoding used for strings

+
This value is used to encode and decode string
+values like names.

+

+
Parameters:

+
enc – the encoding to use

+

+

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/gssapi.raw.html b/stable/gssapi.raw.html
new file mode 100644
index 00000000..7fa09710
--- /dev/null
+++ b/stable/gssapi.raw.html
@@ -0,0 +1,4501 @@
+
+
+
+
+
+  
+
+  
+  Low-Level API — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Low-Level API

+
The low-level API contains a variety of Python functions that map directly
+to the corresponding C functions.  Additionally, it contains several basic
+wrapper classes that wrap underlying C structs and automatically deallocate
+them when the Python object itself is deallocated.

+

+
Warning

+
All methods in both the high-level and low-level APIs may throw the generic
+GSSError exception.

+

+

+
Core RFC 2744

+

+
Names

+

+
Note

+
Some functions in the following section will refer to
+“mechanism names”.  These are not names of mechanisms.
+Instead, they are a special form of name specific to
+a given mechanism.

+

+

+

+class Name[source]

+
A GSSAPI Name

+

+
+

+

+import_name(name: bytes, name_type: gssapi.raw.oids.OID | None = None)  Name[source]

+
Convert a string and a name type into a GSSAPI name.

+
This method takes a string name and a name type and converts
+them into a GSSAPI Name.

+

+
Parameters:

+
    
+
  • name (Name) – the string version of the name
    • 
+
  • name_type (MechType) – the type of this name
    • 
+

+

+
Returns:

+
the GSSAPI version of the name

+

+
Return type:

+
Name

+

+
Raises:

+

+

+

+

+
+

+

+display_name(name: Name, name_type: bool = True)  gssapi.raw.named_tuples.DisplayNameResult[source]

+
Convert a GSSAPI name into its components.

+
This method converts a GSSAPI Name back into its
+text form.  If name_type is True, it also attempts to
+retrieve the NameType of the name (otherwise the
+returned name type will be None).

+

+
Parameters:

+
    
+
  • name (Name) – the name in question
    • 
+
  • name_type (MechType) – whether or not to retrieve the
+name type
    • 
+

+

+
Returns:

+
the text part of the name and its type

+

+
Return type:

+
DisplayNameResult

+

+
Raises:

+
BadNameError

+

+

+

+
+

+

+compare_name(name1: Name, name2: Name)  bool[source]

+
Check two GSSAPI names to see if they are the same.

+
This method compares two GSSAPI names, checking to
+see if they are equivalent.

+

+
Parameters:

+
    
+
  • name1 (Name) – the first name to compare
    • 
+
  • name2 (Name) – the second name to compare
    • 
+

+

+
Returns:

+
whether or not the names are equal

+

+
Return type:

+
bool

+

+
Raises:

+

+

+

+

+
+

+

+export_name(name: Name)  bytes[source]

+
Export a GSSAPI name.

+
This method “produces a canonical contigous string representation
+of a mechanism name, suitable for direct comparison for use in
+authorization functions”.

+
The input name must be a valid GSSAPI mechanism name, as generated by
+canonicalize_name() or
+accept_sec_context().

+

+
Parameters:

+
name (Name) – the name to export

+

+
Returns:

+
the exported name

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+canonicalize_name(name: Name, mech: gssapi.raw.oids.OID)  Name[source]

+
Canonicalize an arbitrary GSSAPI Name into a Mechanism Name

+
This method turns any GSSAPI name into a “mechanism name” –
+a full form name specific to a mechanism.

+

+
Parameters:

+
    
+
  • name (Name) – the name to canonicalize
    • 
+
  • mech (MechType) – the mechanism type to use to
+canonicalize the name
    • 
+

+

+
Returns:

+
a canonicalized version of the input name

+

+
Return type:

+
Name

+

+
Raises:

+

+

+

+

+
+

+

+duplicate_name(name: Name)  Name[source]

+
Duplicate a GSSAPI name.

+

+
Parameters:

+
name (Name) – the name to duplicate

+

+
Returns:

+
a duplicate of the input name

+

+
Return type:

+
Name

+

+
Raises:

+
BadNameError

+

+

+

+
+

+

+release_name(name: Name)  None[source]

+
Release a GSSAPI name.

+
This method frees a GSSAPI Name.
+You probably won’t have to do this.

+

+
Warning

+
This method is deprecated.  Names are
+automatically freed by Python.

+

+

+
Parameters:

+
name (Name) – the name in question

+

+
Raises:

+
BadNameError

+

+

+

+
+

+

+
Credentials

+

+

+class Creds[source]

+
GSSAPI Credentials

+

+
+

+

+acquire_cred(name: gssapi.raw.names.Name | None, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'both')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Get GSSAPI credentials for the given name and mechanisms.

+
This method gets GSSAPI credentials corresponding to the given name
+and mechanims.  The desired TTL and usage for the the credential may also
+be specified.

+

+
Parameters:

+
    
+
  • name (Name) – the name for which to acquire the
+credentials (or None for the “no name” functionality)
    • 
+
  • lifetime (int) – the lifetime in seconds for the credentials (or None
+for indefinite)
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work, or None for the default set
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+

+

+
Returns:

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not supported)

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+release_cred(creds: Creds)  None[source]

+
release_cred(creds)
+Release GSSAPI Credentials.

+
This method releases GSSAPI credentials.

+

+
Warning

+
This method is deprecated.  Credentials are
+automatically freed by Python.

+

+

+
Parameters:

+
creds (Creds) – the credentials in question

+

+
Raises:

+
MissingCredentialsError

+

+

+

+
+

+

+add_cred(input_cred: Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'initiate', init_lifetime: int | None = None, accept_lifetime: int | None = None, mutate_input: bool = False)  gssapi.raw.named_tuples.AddCredResult[source]

+
Add a credential element to a credential.

+
This method can be used to either compose two credentials (i.e., original
+and new credential), or to add a new element to an existing credential.

+

+
Parameters:

+
    
+
  • input_cred (Creds) – the set of credentials to which to add the new
+credentials
    • 
+
  • name (Name) – name of principal to acquire a
+credential for
    • 
+
  • mech (MechType) – the desired security mechanism
+(required).
    • 
+
  • usage (str) – usage type for credentials.  Possible values:
+‘initiate’ (default), ‘accept’, ‘both’ (failsafe).
    • 
+
  • init_lifetime (int) – lifetime of credentials for use in initiating
+security contexts in seconds (None for indefinite)
    • 
+
  • accept_lifetime (int) – lifetime of credentials for use in accepting
+security contexts in seconds (None for indefinite)
    • 
+
  • mutate_input (bool) – whether to mutate the input credentials (True)
+or produce a new set of credentials (False).  Defaults to False
    • 
+

+

+
Returns:

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL, and the actual acceptor TTL (None for
+either indefinite or not supported).  Note that the credentials may
+be set to None if mutate_input is set to True.

+

+
Return type:

+
AddCredResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_cred(creds: Creds, name: bool = True, lifetime: bool = True, usage: bool = True, mechs: bool = True)  gssapi.raw.named_tuples.InquireCredResult[source]

+
Inspect credentials for information.

+
This method inspects a Creds object for information.

+

+
Parameters:

+
    
+
  • creds (Creds) – the credentials to inspect
    • 
+
  • name (bool) – get the Name associated with the credentials
    • 
+
  • lifetime (bool) – get the TTL for the credentials
    • 
+
  • usage (bool) – get the usage type of the credentials
    • 
+
  • mechs (bool) – the mechanims used with the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with unused fields set to None

+

+
Return type:

+
InquireCredResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_cred_by_mech(creds: Creds, mech: gssapi.raw.oids.OID, name: bool = True, init_lifetime: bool = True, accept_lifetime: bool = True, usage: bool = True)  gssapi.raw.named_tuples.InquireCredByMechResult[source]

+
Inspect credentials for mechanism-specific information.

+
This method inspects a Creds object for information
+specific to a particular mechanism.  It functions similarly
+to inquire_cred().

+

+
Parameters:

+
    
+
  • creds (Creds) – the credentials to inspect
    • 
+
  • mech (OID) – the desired mechanism
    • 
+
  • name (bool) – get the Name associated with the credentials
    • 
+
  • init_lifetime (bool) – get the initiator TTL for the credentials (in
+seconds)
    • 
+
  • accept_lifetime (bool) – get the acceptor TTL for the credentials (in
+seconds)
    • 
+
  • usage (bool) – get the usage type of the credentials
    • 
+

+

+
Returns:

+
the information about the credentials,
+with unused fields set to None

+

+
Return type:

+
InquireCredByMechResult

+

+
Raises:

+

+

+

+

+
+

+

+
Security Contexts

+

+

+class SecurityContext[source]

+
A GSSAPI Security Context

+

+
+

+

+init_sec_context(name: gssapi.raw.names.Name, creds: gssapi.raw.creds.Creds | None = None, context: SecurityContext | None = None, mech: gssapi.raw.oids.OID | None = None, flags: int | gssapi.raw.types.RequirementFlag | Iterable[int] | Iterable[gssapi.raw.types.RequirementFlag] | None = None, lifetime: int | None = None, channel_bindings: gssapi.raw.chan_bindings.ChannelBindings | None = None, input_token: bytes | None = None)  gssapi.raw.named_tuples.InitSecContextResult[source]

+
Initiate a GSSAPI security context.

+
This method initiates a GSSAPI security context, targeting the given
+target name.  To create a basic context, just provide the target name.
+Further calls used to update the context should pass in the output context
+of the last call, as well as the input token received from the acceptor.

+

+
Warning

+
This changes the input context!

+

+

+
Parameters:

+
    
+
  • target_name (Name) – the target for the security
+context
    • 
+
  • creds (Creds) – the credentials to use to initiate the context,
+or None to use the default credentials
    • 
+
  • context (SecurityContext) – the security
+context to update, or None to create a new context
    • 
+
  • mech (MechType) – the mechanism type for this security
+context, or None for the default mechanism type
    • 
+
  • flags (list) – the flags to request for the security context, or
+None to use the default set: mutual_authentication and
+out_of_sequence_detection.  This may also be an
+IntEnumFlagSet
    • 
+
  • lifetime (int) – the request lifetime of the security context in seconds
+(a value of 0 or None means indefinite)
    • 
+
  • channel_bindings (ChannelBindings) – The channel bindings (or None for
+no channel bindings)
    • 
+
  • input_token (bytes) – the token to use to update the security context,
+or None if you are creating a new context
    • 
+

+

+
Returns:

+
the output security context, the actual mech
+type, the actual flags used, the output token to send to the acceptor,
+the actual lifetime of the context in seconds (or None if not supported
+or indefinite), and whether or not more calls are needed to finish the
+initiation.

+

+
Return type:

+
InitSecContextResult

+

+
Raises:

+

+

+

+

+
+

+

+accept_sec_context(input_token: bytes, acceptor_creds: gssapi.raw.creds.Creds | None = None, context: SecurityContext | None = None, channel_bindings: gssapi.raw.chan_bindings.ChannelBindings | None = None)  gssapi.raw.named_tuples.AcceptSecContextResult[source]

+
Accept a GSSAPI security context.

+
This method accepts a GSSAPI security context using a token sent by the
+initiator, using the given credentials.  It can either be used to accept a
+security context and create a new security context object, or to update an
+existing security context object.

+

+
Warning

+
This changes the input context!

+

+

+
Parameters:

+
    
+
  • input_token (bytes) – the token sent by the context initiator
    • 
+
  • acceptor_creds (Creds) – the credentials to be used to accept the
+context (or None to use the default credentials)
    • 
+
  • context (SecurityContext) – the security
+context to update (or None to create a new security context object)
    • 
+
  • channel_bindings (ChannelBindings) – The channel bindings (or None for
+no channel bindings)
    • 
+

+

+
Returns:

+
the resulting security context, the initiator
+name, the mechanism being used, the output token, the flags in use,
+the lifetime of the context in seconds (or None for indefinite or not
+supported), the delegated credentials (valid only if the
+delegate_to_peer flag is set), and whether or not further token
+exchanges are needed to finalize the security context.

+

+
Return type:

+
AcceptSecContextResult

+

+
Raises:

+

+

+

+

+
+

+

+inquire_context(context: SecurityContext, initiator_name: bool = True, target_name: bool = True, lifetime: bool = True, mech: bool = True, flags: bool = True, locally_init: bool = True, complete: bool = True)  gssapi.raw.named_tuples.InquireContextResult[source]

+
Get information about a security context.

+
This method obtains information about a security context, including
+the initiator and target names, as well as the TTL, mech,
+flags, and its current state (open vs closed).

+

+
Note

+
the target name may be None if it would have been GSS_C_NO_NAME

+

+

+
Parameters:

+
context (SecurityContext) – the context in
+question

+

+
Returns:

+
the initiator name, the target name, the TTL
+(can be None for indefinite or not supported), the mech type, the
+flags, whether or not the context was locally initiated,
+and whether or not the context is currently fully established

+

+
Return type:

+
InquireContextResult

+

+
Raises:

+
MissingContextError

+

+

+

+
+

+

+context_time(context: SecurityContext)  int[source]

+
Get the amount of time for which the given context will remain valid.

+
This method determines the amount of time for which the given
+security context will remain valid.  An expired context will
+give a result of 0.

+

+
Parameters:

+
context (SecurityContext) – the security
+context in question

+

+
Returns:

+
the number of seconds for which the context will be valid

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+process_context_token(context: SecurityContext, token: bytes)  None[source]

+
Process a token asynchronously.

+
This method provides a way to process a token, even if the
+given security context is not expecting one.  For example,
+if the initiator has the initSecContext return that the context
+is complete, but the acceptor is unable to accept the context,
+and wishes to send a token to the initiator, letting the
+initiator know of the error.

+

+
Warning

+
This method has been essentially deprecated by RFC 2744.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the security
+context against which to process the token
    • 
+
  • token (bytes) – the token to process
    • 
+

+

+
Raises:

+

+

+

+

+
+

+

+import_sec_context(token: bytes)  SecurityContext[source]

+
Import a context from another process.

+
This method imports a security context established in another process
+by reading the specified token which was output by
+export_sec_context().

+

+
Raises:

+

+

+

+

+
+

+

+export_sec_context(context: SecurityContext)  bytes[source]

+
Export a context for use in another process.

+
This method exports a security context, deactivating in the current process
+and creating a token which can then be imported into another process
+with import_sec_context().

+
Warning: this modifies the input context

+

+
Parameters:

+
context (SecurityContext) – the context to send
+to another process

+

+
Returns:

+
the output token to be imported

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+delete_sec_context(context: SecurityContext, local_only: bool = True)  bytes[source]

+
Delete a GSSAPI security context.

+
This method deletes a GSSAPI security context,
+returning an output token to send to the other
+holder of the security context to notify them
+of the deletion.

+

+
Note

+
This method generally should not be used.  SecurityContext
+objects will automatically be freed by Python.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the security
+context in question
    • 
+
  • local_only (bool) – should we request local deletion (True), or also
+remote deletion (False), in which case a token is also returned
    • 
+

+

+
Returns:

+

+
the output token (if remote deletion is requested).  Generally
this is None, but bytes for compatibility.

+

+

+

+

+
Return type:

+
bytes

+

+
Raises:

+
MissingContextError

+

+

+

+
+

+

+get_mic(context: gssapi.sec_contexts.SecurityContext, message: bytes, qop: int | None = None)  bytes[source]

+
Generate a MIC for a message.

+
This method generates a Message Integrity Check token for the
+given message.  This can be separately trasmitted to the other
+entity, unlike wrap, which bundles the MIC and the message
+together.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message for which to generate the MIC
    • 
+
  • qop (int) – the requested Quality of Protection
+(or None to use the default)
    • 
+

+

+
Returns:

+
the generated MIC token

+

+
Return type:

+
bytes

+

+
Raises:

+

+

+

+

+
+

+

+verify_mic(context: gssapi.sec_contexts.SecurityContext, message: bytes, token: bytes)  int[source]

+
Verify that a MIC matches a message.

+
This method verifies that the given MIC matches the given message.
+If the MIC does not match the given message, an exception will
+be raised.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message in question
    • 
+
  • token (bytes) – the MIC token in question
    • 
+

+

+
Returns:

+
the QoP used.

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+wrap_size_limit(context: gssapi.sec_contexts.SecurityContext, output_size: int, confidential: bool = True, qop: int | None = None)  int[source]

+
Calculate the max message size.

+
This method calculates the unwrapped/unencrypted message size for
+the given maximum wrapped/encrypted message size.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • output_size (int) – the maximum desired wrapped/encrypted message size
    • 
+
  • confidential (bool) – whether or not confidentiality is being used
    • 
+
  • qop (int) – the QoP that will be when you actually call wrap
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
the maximum unencrypted/unwrapped message size

+

+
Return type:

+
int

+

+
Raises:

+

+

+

+

+
+

+

+wrap(context: gssapi.sec_contexts.SecurityContext, message: bytes, confidential: bool = True, qop: int | None = None)  gssapi.raw.named_tuples.WrapResult[source]

+
Wrap/Encrypt a message.

+
This method wraps or encrypts a message (depending on the value
+of confidential) with the given Quality of Protection.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to wrap or encrypt
    • 
+
  • confidential (bool) – whether or not to encrypt the message (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+

+
the wrapped/encrypted message, and whether or not
encryption was actually used

+

+

+

+

+
Return type:

+
WrapResult

+

+
Raises:

+

+

+

+

+
+

+

+unwrap(context: gssapi.sec_contexts.SecurityContext, message: bytes)  gssapi.raw.named_tuples.UnwrapResult[source]

+
Unwrap/Decrypt a message.

+
This method unwraps or decrypts a message, depending
+on whether the sender used confidentiality.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to unwrap/decrypt
    • 
+

+

+
Returns:

+

+
the unwrapped/decrypted message, whether or on
encryption was used, and the QoP used

+

+

+

+

+
Return type:

+
UnwrapResult

+

+
Raises:

+

+

+

+

+
+

+

+
Misc

+

+

+class OID[source]

+
A GSSAPI OID

+
A new OID may be created by passing the elements argument
+to the constructor.  The elements argument should be a
+bytes consisting of the BER-encoded values in the OID.

+
To retrieve the underlying bytes, use the bytes
+function in Python 3.

+
This object is hashable, and may be compared using equality
+operators.

+

+

+classmethod from_int_seq(integer_sequence: str | Iterable[int])  OID[source]

+
Create a OID from a sequence of integers.

+
This method creates an OID from a sequence of integers.
+The sequence can either be in dotted form as a string,
+or in list form.

+
This method is not for BER-encoded byte strings, which
+can be passed directly to the OID constructor.

+

+
Parameters:

+
integer_sequence – either a list of integers or
+a string in dotted form

+

+
Returns:

+
the OID represented by the given integer sequence

+

+
Return type:

+
OID

+

+
Raises:

+
ValueError – the sequence is less than two elements long

+

+

+

+
+

+

+property dotted_form: str[source]

+

+
+

+
+

+

+class Name[source]

+
A GSSAPI Name

+

+
+

+

+class OID[source]

+
A GSSAPI OID

+
A new OID may be created by passing the elements argument
+to the constructor.  The elements argument should be a
+bytes consisting of the BER-encoded values in the OID.

+
To retrieve the underlying bytes, use the bytes
+function in Python 3.

+
This object is hashable, and may be compared using equality
+operators.

+

+

+classmethod from_int_seq(integer_sequence: str | Iterable[int])  OID[source]

+
Create a OID from a sequence of integers.

+
This method creates an OID from a sequence of integers.
+The sequence can either be in dotted form as a string,
+or in list form.

+
This method is not for BER-encoded byte strings, which
+can be passed directly to the OID constructor.

+

+
Parameters:

+
integer_sequence – either a list of integers or
+a string in dotted form

+

+
Returns:

+
the OID represented by the given integer sequence

+

+
Return type:

+
OID

+

+
Raises:

+
ValueError – the sequence is less than two elements long

+

+

+

+
+

+

+property dotted_form: str

+

+
+

+
+

+

+class MechType[source]

+
GSSAPI Mechanism Types

+
This enum-like object contains any mechanism OID
+values registered by imported mechanisms.

+

+

+kerberos: gssapi.raw.oids.OID

+

+
+

+
+

+

+indicate_mechs()  Set[gssapi.raw.oids.OID][source]

+
Get the currently supported mechanisms.

+
This method retrieves the currently supported GSSAPI mechanisms.
+Note that if unknown mechanims are found, those will be skipped.

+

+
+

+

+inquire_names_for_mech(mech: gssapi.raw.oids.OID)  Set[gssapi.raw.oids.OID][source]

+
inquire_names_for_mech(mech)
+Get the name types supported by a mechanism.

+
This method retrieves the different name types supported by
+the given mechanism.

+

+
Parameters:

+
mech (OID) – the mechanism in question

+

+
Returns:

+
the name type OIDs supported by the given mechanism

+

+
Return type:

+
list

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+inquire_mechs_for_name(name: gssapi.raw.names.Name)  Set[gssapi.raw.oids.OID][source]

+
inquire_mechs_for_name(name)
+List the mechanisms which can process a name.

+
This method lists the mechanisms which may be able to
+process the given name.

+

+
Parameters:

+
name (Name) – the name in question

+

+
Returns:

+
The mechanism OIDs able to process the given name

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+exception GSSError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+

+maj_code: int[source]

+

+
+

+

+min_code: int[source]

+

+
+

+

+token: bytes | None[source]

+

+
+

+

+calling_code: int[source]

+

+
+

+

+routine_code: int[source]

+

+
+

+

+supplementary_code: int[source]

+

+
+

+

+get_all_statuses(code: int, is_maj: bool)  List[str][source]

+
Retrieve all messages for a status code.

+
This method retrieves all human-readable messages
+available for the given status code.

+

+
Parameters:

+
    
+
  • code – the status code in question
    • 
+
  • is_maj – whether this is a major status code (True)
+or minor status code (False)
    • 
+

+

+
Returns:

+

+
A list of string messages associated with the
given code

+

+

+

+

+
Return type:

+
[str]

+

+

+

+
+

+

+gen_message()  str[source]

+
Retrieves all messages for this error’s status codes

+
This method retrieves all messages for this error’s status codes,
+and forms them into a string for use as an exception message

+

+
Returns:

+
a string for use as this error’s message

+

+
Return type:

+
str

+

+

+

+
+

+
+

+

+class NameType[source]

+
GSSAPI Name Types

+
This enum-like object represents GSSAPI name
+types (to be used with import_name(), etc)

+

+

+anonymous: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+export: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+hostbased_service: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+machine_uid: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+string_uid: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+user: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+composite_export: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+kerberos_principal: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+

+krb5_nt_principal_name: gssapi.raw.oids.OID = Ellipsis[source]

+

+
+

+
+

+

+class RequirementFlag[source]

+
GSSAPI Requirement Flags

+
This IntEnum represents flags used with the
+SecurityContext-related methods (e.g.
+init_sec_context())

+
The numbers behind the values correspond directly
+to their C counterparts.

+

+

+delegate_to_peer = 1[source]

+

+
+

+

+mutual_authentication = 2[source]

+

+
+

+

+replay_detection = 4[source]

+

+
+

+

+out_of_sequence_detection = 8[source]

+

+
+

+

+confidentiality = 16[source]

+

+
+

+

+integrity = 32[source]

+

+
+

+

+anonymity = 64[source]

+

+
+

+

+protection_ready = 128[source]

+

+
+

+

+transferable = 256[source]

+

+
+

+

+channel_bound = 2048[source]

+

+
+

+

+dce_style = 4096[source]

+

+
+

+

+identify = 8192[source]

+

+
+

+

+extended_error = 16384[source]

+

+
+

+

+ok_as_delegate = 32768[source]

+

+
+

+
+

+

+class AddressType[source]

+
GSSAPI Channel Bindings Address Types

+
This IntEnum represents the various address
+types used with the ChannelBindings
+structure.

+
The numbers behind the values correspond directly
+to their C counterparts.  There is no value for
+GSS_C_AF_UNSPEC, since this is represented
+by None.

+

+

+local = 1[source]

+

+
+

+

+ip = 2[source]

+

+
+

+

+arpanet = 3[source]

+

+
+

+

+pup = 4[source]

+

+
+

+

+chaos = 5[source]

+

+
+

+

+xerox_ns = 6[source]

+

+
+

+

+nbs = 7[source]

+

+
+

+

+ecma = 8[source]

+

+
+

+

+datakit = 9[source]

+

+
+

+

+ccitt = 10[source]

+

+
+

+

+ibm_sna = 11[source]

+

+
+

+

+decnet = 12[source]

+

+
+

+

+dli = 13[source]

+

+
+

+

+lat = 14[source]

+

+
+

+

+hyperchannel = 15[source]

+

+
+

+

+appletalk = 16[source]

+

+
+

+

+bisync = 17[source]

+

+
+

+

+dss = 18[source]

+

+
+

+

+osi_tp4 = 19[source]

+

+
+

+

+x25 = 21[source]

+

+
+

+

+null = 255[source]

+

+
+

+
+

+

+class MechType[source]

+
GSSAPI Mechanism Types

+
This enum-like object contains any mechanism OID
+values registered by imported mechanisms.

+

+

+kerberos: gssapi.raw.oids.OID[source]

+

+
+

+
+

+

+class GenericFlagSet(flags: GenericFlagSet | numbers.Integral | int | None = None)[source]

+
A set backed by a 32-bit integer

+
This is a set backed by a 32 bit integer.
+the members are integers where only one
+bit is set.

+
The class supports normal set operations,
+as well as traditional “flag set” operations,
+such as bitwise AND, OR, and XOR.

+

+

+MAX_VAL: int[source]

+

+
+

+

+add(flag: int)  None[source]

+
Add an element.

+

+
+

+

+discard(flag: int)  None[source]

+
Remove an element.  Do not raise an exception if absent.

+

+
+

+
+

+

+class IntEnumFlagSet(enum: Type[enum.IntEnum], flags: GenericFlagSet | numbers.Integral | int | None = None)[source]

+
A set backed by a 32-bit integer with enum members

+
This class is a GenericFlagSet where the returned
+members are values in an IntEnum.

+
It functions exactly like a GenericFlagSet, except that
+it also supports bitwise operations with the enum values.

+

+
+

+

+class ChannelBindings(initiator_address_type: int | None = None, initiator_address: bytes | None = None, acceptor_address_type: int | None = None, acceptor_address: bytes | None = None, application_data: bytes | None = None)[source]

+
GSSAPI Channel Bindings

+
This class represents a set of GSSAPI channel bindings.

+

+
Parameters:

+
    
+
  • initiator_address_type – the initiator address type
    • 
+
  • initiator_address – the initiator address
    • 
+
  • acceptor_address_type – the acceptor address type
    • 
+
  • acceptor_address – the acceptor address
    • 
+
  • application_data – additional application-specific data
    • 
+

+

+

+

+

+initiator_address_type: int | None[source]

+

+
+

+

+initiator_address: bytes | None[source]

+

+
+

+

+acceptor_address_type: int | None[source]

+

+
+

+

+acceptor_address: bytes | None[source]

+

+
+

+

+application_data: bytes | None[source]

+

+
+

+
+

+

+

+
Additional RFCs and Extensions

+
The following is a list of GSSAPI extensions supported by the low-level API.

+

+
Note

+
While all of these extensions have bindings, they may not be supported
+by your particularly GSSAPI implementation.  In this case, they will not
+be compiled, and will simply not be available in the gssapi.raw
+namespace.

+

+

+
RFC 4178 (GSS-API Negotiation Mechanism)

+

+

+set_neg_mechs(cred_handle: gssapi.raw.creds.Creds, mech_set: Iterable[gssapi.raw.oids.OID])  None[source]

+
Specify the set of security mechanisms that may be negotiated with
+the credential identified by cred_handle.
+If more than one mechanism is specified in mech_set, the order in
+which those mechanisms are specified implies a relative preference.

+

+
Parameters:

+
    
+
  • cred_handle (Creds) – credentials to set negotiable mechanisms for
    • 
+
  • mech_set (MechType) – negotiable mechanisms to be set
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
RFC 5587 (GSS-API Extension for Mech Attributes)

+

+

+indicate_mechs_by_attrs(desired_mech_attrs: Iterable[gssapi.raw.oids.OID] | None = None, except_mech_attrs: Iterable[gssapi.raw.oids.OID] | None = None, critical_mech_attrs: Iterable[gssapi.raw.oids.OID] | None = None)  Set[gssapi.raw.oids.OID][source]

+
Get a set of mechanisms that have the specified attributes.

+

+
Parameters:

+
    
+
  • desired_mech_attrs (OID) – Attributes that the output mechs MUST
+offer
    • 
+
  • except_mech_attrs (OID) – Attributes that the output mechs MUST
+NOT offer
    • 
+
  • critical_mech_attrs (OID) – Attributes that the output mechs
+MUST understand and offer
    • 
+

+

+
Returns:

+
a set of mechs which satisfy the given criteria

+

+
Return type:

+
MechType

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+inquire_attrs_for_mech(mech: gssapi.raw.oids.OID)  gssapi.raw.named_tuples.InquireAttrsResult[source]

+
Gets the set of attrs supported and known by a mechanism.

+

+
Parameters:

+
mech (MechType) – Mechanism to inquire about

+

+
Returns:

+
the results of inquiry; a mech’s attributes and
+known attributes

+

+
Return type:

+
InquireAttrsResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+display_mech_attr(attr: gssapi.raw.oids.OID)  gssapi.raw.named_tuples.DisplayAttrResult[source]

+
Returns information about attributes in human readable form.

+

+
Parameters:

+
attr (OID) – Mechanism attribute to retrieve names and
+descriptions of

+

+
Returns:

+
the results of displaying the attribute; mech name,
+short description, and long description.

+

+
Return type:

+
DisplayAttrResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
RFC 5588 (GSS-API Extension for Storing Delegated Credentials)

+

+

+store_cred(creds: gssapi.raw.creds.Creds, usage: str = 'both', mech: gssapi.raw.oids.OID | None = None, overwrite: bool = False, set_default: bool = False)  gssapi.raw.named_tuples.StoreCredResult[source]

+
Store credentials into the default store.

+
This method stores the given credentials into the default store.
+They may then be retrieved later using
+acquire_cred().

+

+
Parameters:

+
    
+
  • creds (Creds) – the credentials to store
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the mechansim to associate with the stored
+credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns:

+
the results of the credential storing operation

+

+
Return type:

+
StoreCredResult

+

+
Raises:

+

+

+

+

+
+

+

+
RFC 5801 (GSS-API SASL Extensions)

+

+

+inquire_saslname_for_mech(mech: gssapi.raw.oids.OID)  gssapi.raw.named_tuples.InquireSASLNameResult[source]

+
Gets information about a specified mech, including the SASL name,
+the mech name, and the mech description.

+

+
Parameters:

+
mech (OID) – Mechanism to inquire about

+

+
Returns:

+
the results of inquiry; a mech’s SASL name,
+name, and description.

+

+
Return type:

+
InquireSASLNameResult

+

+
Raises:

+
GSSError – an unknown failure occurred

+

+

+

+
+

+

+inquire_mech_for_saslname(sasl_name: bytes)  gssapi.raw.oids.OID[source]

+
Gets the OID for the mech specified by SASL name.

+

+
Parameters:

+
sasl_name (bytes) – SASL name of the mechanism

+

+
Returns:

+
the mechanism with corresponding SASL name.

+

+
Return type:

+
OID

+

+
Raises:

+
GSSError – An unknown failure occurred

+

+

+

+
+

+

+
Credential Store Extensions

+
Credential Store Extension

+

+

+acquire_cred_from(dict_store: Dict[bytes | str, bytes | str] | None = None, name: gssapi.raw.names.Name | None = None, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'both')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials from the given store.

+
This method acquires credentials from the store specified by the
+given credential store information.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters:

+
    
+
  • store (dict) – the credential store information pointing to the
+credential store from which to acquire the credentials.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • name (Name) – the name associated with the
+credentials, or None for the default name
    • 
+
  • lifetime (int) – the desired lifetime of the credentials in seconds, or
+None for indefinite
    • 
+
  • mechs (list) – the desired mechanisms to be used with these
+credentials, or None for the default set
    • 
+
  • usage (str) – the usage for these credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+

+

+
Returns:

+
the acquired credentials and information about
+them

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+add_cred_from(dict_store: Dict[bytes | str, bytes | str] | None, input_creds: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'both', init_lifetime: int | None = None, accept_lifetime: int | None = None)  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials to add to the current set from the given store.

+
This method works like acquire_cred_from(), except that it
+adds the acquired credentials for a single mechanism to a copy of
+the current set, instead of creating a new set for multiple mechanisms.
+Unlike acquire_cred(), you cannot pass None for the
+desired name or mechanism.

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters:

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • name (Name) – the name associated with the credentials
    • 
+
  • mech (OID) – the desired mechanism to be used with these
+credentials
    • 
+
  • usage (str) – the usage for these credentials – either ‘both’,
+‘initiate’, or ‘accept’
    • 
+
  • init_lifetime (int) – the desired initiate lifetime of the credentials
+in seconds, or None for indefinite
    • 
+
  • accept_lifetime (int) – the desired accept lifetime of the credentials
+in seconds, or None for indefinite
    • 
+

+

+
Returns:

+
the new credentials set and information about
+it

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+store_cred_into(dict_store: Dict[bytes | str, bytes | str] | None, creds: gssapi.raw.creds.Creds, usage: str = 'both', mech: gssapi.raw.oids.OID | None = None, overwrite: bool = False, set_default: bool = False)  gssapi.raw.named_tuples.StoreCredResult[source]

+
Store credentials into the given store.

+
This method stores the given credentials into the store specified
+by the given store information.  They may then be retrieved later using
+acquire_cred_from() or add_cred_from().

+
The credential store information is a dictionary containing
+mechanisms-specific keys and values pointing to a credential store
+or stores.

+

+
Parameters:

+
    
+
  • store (dict) – the store into which to store the credentials,
+or None for the default store.
+See Common Values for Credentials Store Extensions for valid values
    • 
+
  • creds (Creds) – the credentials to store
    • 
+
  • usage (str) – the usage to store the credentials with – either
+‘both’, ‘initiate’, or ‘accept’
    • 
+
  • mech (OID) – the mechansim to associate with the stored
+credentials
    • 
+
  • overwrite (bool) – whether or not to overwrite existing credentials
+stored with the same name, etc
    • 
+
  • set_default (bool) – whether or not to set these credentials as
+the default credentials for the given store.
    • 
+

+

+
Returns:

+
the results of the credential storing operation

+

+
Return type:

+
StoreCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
RFC 6680 (GSS-API Naming Extensions)

+

+

+display_name_ext(name: gssapi.raw.names.Name, name_type: gssapi.raw.oids.OID)  bytes[source]

+
Display the given Name using the given name type.

+
This method attempts to display the given Name using the syntax of
+the given name type.  If this is not possible, an appropriate error
+will be raised.

+

+
Parameters:

+
    
+
  • name (Name) – the name to display
    • 
+
  • name_type (OID) – the name type (see NameType) to use to
+display the given name
    • 
+

+

+
Returns:

+
the displayed name

+

+
Return type:

+
bytes

+

+
Raises:

+
OperationUnavailableError – the given name could not
+be displayed using the given name type

+

+

+

+
+

+

+inquire_name(name: gssapi.raw.names.Name, mech_name: bool = True, attrs: bool = True)  gssapi.raw.named_tuples.InquireNameResult[source]

+
Get information about a Name.

+
This method retrieves information about the given name, including
+the set of attribute names for the given name, as well as whether or
+not the name is a mechanism name.  Additionally, if the given name is
+a mechanism name, the associated mechansim is returned as well.

+

+
Parameters:

+
    
+
  • name (Name) – the name about which to inquire
    • 
+
  • mech_name (bool) – whether or not to retrieve if this name
+is a mech_name (and the associate mechanism)
    • 
+
  • attrs (bool) – whether or not to retrieve the attribute name list
    • 
+

+

+
Returns:

+
the set of attribute names for the given name,
+whether or not the name is a Mechanism Name, and potentially
+the associated mechanism if it is a Mechanism Name

+

+
Return type:

+
InquireNameResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+set_name_attribute(name: gssapi.raw.names.Name, attr: bytes, value: Iterable[bytes], complete: bool = False)  None[source]

+
Set the value(s) of a name attribute.

+
This method sets the value(s) of the given attribute on the given name.

+
Note that this functionality more closely matches the pseudo-API
+presented in RFC 6680, not the C API (which uses multiple calls to
+add multiple values).  However, multiple calls to this method will
+continue adding values, so delete_name_attribute() must be
+used in between calls to “clear” the values.

+

+
Parameters:

+
    
+
  • name (Name) – the Name on which to set the attribute
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+
  • value (list) – a list of bytes objects to use as the value(s)
    • 
+
  • complete (bool) – whether or not to mark this attribute’s value
+set as being “complete”
    • 
+

+

+
Raises:

+
OperationUnavailableError – the given attribute name
+is unknown or could not be set

+

+

+

+
+

+

+get_name_attribute(name: gssapi.raw.names.Name, attr: bytes, more: int | None = None)  gssapi.raw.named_tuples.GetNameAttributeResult[source]

+
Get the value(s) of a name attribute.

+
This method retrieves the value(s) of the given attribute
+for the given Name.

+
Note that this functionality matches pseudo-API presented
+in RFC 6680, not the C API (which uses a state variable and
+multiple calls to retrieve multiple values).

+

+
Parameters:

+
    
+
  • name (Name) – the Name from which to get the attribute
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+

+

+
Returns:

+
the raw version of the value(s),
+the human-readable version of the value(s), whether
+or not the attribute was authenticated, and whether or
+not the attribute’s value set was marked as complete

+

+
Return type:

+
GetNameAttributeResult

+

+
Raises:

+
OperationUnavailableError – the given attribute is
+unknown or unset

+

+

+

+
+

+

+delete_name_attribute(name: gssapi.raw.names.Name, attr: bytes)  None[source]

+
Remove an attribute from a name.

+
This method removes an attribute from a Name.  This method may be
+used before set_name_attribute() clear the values of an attribute
+before setting a new value (making the latter method work like a ‘set’
+operation instead of an ‘add’ operation).

+
Note that the removal of certain attributes may not be allowed.

+

+
Parameters:

+
    
+
  • name (Name) – the name to remove the attribute from
    • 
+
  • attr (bytes) – the name of the attribute
    • 
+

+

+
Raises:

+

+

+

+

+
+

+

+export_name_composite(name: gssapi.raw.names.Name)  bytes[source]

+
Export a name, preserving attribute information.

+
This method functions similarly to export_name(),
+except that it preserves attribute information.  The resulting bytes may be
+imported using import_name() with the
+composite_export name type.

+

+
Note

+
Some versions of MIT Kerberos require you to either canonicalize a name
+once it has been imported with composite-export name type, or to import
+using the normal export name type.

+

+

+
Parameters:

+
name (Name) – the name to export

+

+
Returns:

+
the exported composite name

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Credentials Import-Export Extensions

+
Credentials Import/Export Extension

+

+

+export_cred(creds: gssapi.raw.creds.Creds)  bytes[source]

+
Export GSSAPI credentials.

+
This method exports GSSSAPI credentials into a token
+which may be transmitted between different processes.

+

+
Parameters:

+
creds (Creds) – the credentials object to be exported

+

+
Returns:

+
the exported token representing the given credentials object

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+import_cred(token: bytes)  gssapi.raw.creds.Creds[source]

+
Import GSSAPI credentials from a token.

+
This method imports a credentials object from a token
+previously exported by export_cred().

+

+
Parameters:

+
token (bytes) – the token to import

+

+
Returns:

+
the imported credentials object

+

+
Return type:

+
Creds

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
DCE (IOV/AEAD) Extensions

+

+

+wrap_aead(context: gssapi.raw.sec_contexts.SecurityContext, message: bytes, associated: bytes | None = None, confidential: bool = True, qop: int | None = None)  gssapi.raw.named_tuples.WrapResult[source]

+
Wrap/Encrypt an AEAD message.

+
This method takes an input message and associated data,
+and outputs and AEAD message.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the message to wrap or encrypt
    • 
+
  • associated (bytes) – associated data to go with the message
    • 
+
  • confidential (bool) – whether or not to encrypt the message (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
the wrapped/encrypted total message, and whether or not
+encryption was actually used

+

+
Return type:

+
WrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+unwrap_aead(context: gssapi.raw.sec_contexts.SecurityContext, message: bytes, associated: bytes | None = None)  gssapi.raw.named_tuples.UnwrapResult[source]

+
Unwrap/Decrypt an AEAD message.

+
This method takes an encrpyted/wrapped AEAD message and some associated
+data, and returns an unwrapped/decrypted message.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (bytes) – the AEAD message to unwrap or decrypt
    • 
+
  • associated (bytes) – associated data that goes with the message
    • 
+

+

+
Returns:

+
the unwrapped/decrypted message, whether or on
+encryption was used, and the QoP used

+

+
Return type:

+
UnwrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+class IOVBufferType[source]

+
IOV Buffer Types

+
This IntEnum represent GSSAPI IOV buffer
+types to be used with the IOV methods.

+
The numbers behind the values correspond directly
+to their C counterparts.

+

+

+empty = 0[source]

+

+
+

+

+data = 1[source]

+

+
+

+

+header = 2[source]

+

+
+

+

+mech_params = 3[source]

+

+
+

+

+trailer = 7[source]

+

+
+

+

+padding = 9[source]

+

+
+

+

+stream = 10[source]

+

+
+

+

+sign_only = 11[source]

+

+
+

+

+mic_token = 12[source]

+

+
+

+
+

+

+class IOVBuffer[source]

+

+

+type: IOVBufferType[source]

+

+
+

+

+allocate: bool | None[source]

+

+
+

+

+value: bytes | None[source]

+

+
+

+
+

+

+class IOV(*args: IOVBuffer | Tuple[IOVBufferType | int, bool | None, bytes | None] | Tuple[IOVBufferType | int, bool | bytes | None] | bytes | IOVBufferType | int, std_layout: bool = True, auto_alloc: bool = True)[source]

+
A GSSAPI IOV

+

+

+index(value: Any)  int[source]

+

+
+

+

+count(value: Any)  int[source]

+

+
+

+
+

+

+wrap_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV, confidential: bool = True, qop: int | None = None)  bool[source]

+
Wrap/Encrypt an IOV message.

+
This method wraps or encrypts an IOV message.  The allocate
+parameter of the IOVBuffer objects in the IOV
+indicates whether or not that particular buffer should be
+automatically allocated (for use with padding, header, and
+trailer buffers).

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+
  • confidential (bool) – whether or not to encrypt the miovessage (True),
+or just wrap it with a MIC (False)
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
whether or not confidentiality was actually used

+

+
Return type:

+
bool

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+unwrap_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV)  gssapi.raw.named_tuples.IOVUnwrapResult[source]

+
Unwrap/Decrypt an IOV message.

+
This method uwraps or decrypts an IOV message.  The allocate
+parameter of the IOVBuffer objects in the IOV
+indicates whether or not that particular buffer should be
+automatically allocated (for use with padding, header, and
+trailer buffers).

+
As a special case, you may pass an entire IOV message
+as a single ‘stream’.  In this case, pass a buffer type
+of IOVBufferType.stream followed by a buffer type of
+IOVBufferType.data.  The former should contain the
+entire IOV message, while the latter should be empty.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+

+

+
Returns:

+
whether or not confidentiality was used,
+and the QoP used.

+

+
Return type:

+
IOVUnwrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+wrap_iov_length(context: gssapi.raw.sec_contexts.SecurityContext, message: IOV, confidential: bool = True, qop: int | None = None)  gssapi.raw.named_tuples.WrapResult[source]

+
Appropriately size padding, trailer, and header IOV buffers.

+
This method sets the length values on the IOV buffers.  You
+should already have data provided for the data (and sign-only)
+buffer(s) so that padding lengths can be appropriately computed.

+
In Python terms, this will result in an appropriately sized
+bytes object consisting of all zeros.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – an IOV containing the message
    • 
+

+

+
Returns:

+
a list of :class:IOVBuffer` objects, and whether or not
+encryption was actually used

+

+
Return type:

+
WrapResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
IOV MIC Extensions

+

+

+get_mic_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: int | None = None)  None[source]

+
Generate MIC tokens for the given IOV message.

+
This method generates a MIC token for the given IOV message, and places it
+in the mic_token buffer in the
+IOV. This method operates entirely in-place, and returns nothing.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+get_mic_iov_length(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: int | None = None)  None[source]

+
Allocate space for the MIC buffer in the given IOV message.

+
This method allocates space for the MIC token buffer
+(mic_token) in the given IOV
+message.

+

+
Warning

+
This modifies the input IOV.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+
  • qop (int) – the desired Quality of Protection
+(or None for the default QoP)
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+verify_mic_iov(context: gssapi.raw.sec_contexts.SecurityContext, message: gssapi.raw.ext_dce.IOV, qop: int | None = None)  int[source]

+
Verify that the MIC matches the data in the given IOV message.

+
This method verifies that the MIC token in the MIC buffer
+(mic_token) match the data
+buffer(s) in the given IOV method.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • message (IOV) – the IOV containing the
+message
    • 
+

+

+
Returns:

+
the QoP used to generate the MIC token

+

+
Return type:

+
int

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Global Grid Forum (GGF) Extensions

+
GGF Extensions

+
GGF provides extended credential and security context inquiry that allows
+application to retrieve more information about the client’s credentials and
+security context. One common use case is to use
+inquire_sec_context_by_oid() to retrieve the “session” key that is
+required by the SMB protocol for signing and encrypting a message.

+
Draft IETF document for these extensions can be found at
+https://tools.ietf.org/html/draft-engert-ggf-gss-extensions-00

+

+

+inquire_cred_by_oid(cred_handle: gssapi.raw.creds.Creds, desired_aspect: gssapi.raw.oids.OID)  List[bytes][source]

+
This method inspects a Creds object for
+information specific to a particular desired aspect as an OID.

+

+
Parameters:

+
    
+
  • cred_handle (Creds) – the Credentials to query
    • 
+
  • desired_aspect (OID) – the desired aspect of the
+Credentials to inquire about.
    • 
+

+

+
Returns:

+
A list of zero or more pieces of data (as bytes objects)

+

+
Return type:

+
list

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+inquire_sec_context_by_oid(context: gssapi.raw.sec_contexts.SecurityContext, desired_aspect: gssapi.raw.oids.OID)  List[bytes][source]

+
This method inspects a SecurityContext
+object for information specific to a particular desired aspect as an OID.

+
This method can be used with the GSS_KRB5_INQ_SSPI_SESSION_KEY_OID OID to
+retrieve the required key that is used to derive the SMB/SAMBA signing and
+encryption keys.

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the Security
+Context to query
    • 
+
  • desired_aspect (OID) – the desired aspect of the
+Security Context to inquire about.
    • 
+

+

+
Returns:

+
A list of zero or more pieces of data (as bytes objects)

+

+
Return type:

+
list

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+set_sec_context_option(desired_aspect: gssapi.raw.oids.OID, context: gssapi.raw.sec_contexts.SecurityContext, value: bytes | None = None)  None[source]

+
This method is used to set a value for a specific OID of a
+SecurityContext object. The OID and value
+to pass in depends on the mech the SecurityContext backs.

+
An example of how this can be used would be to reset the NTLM crypto engine
+used in gss-ntlmssp. The OID that controls this value is
+‘1.3.6.1.4.1.7165.655.1.3’ and it takes it a byte value that represents
+an int32 where 1 resets the verifier handle and any other int resets the
+sender handle.

+

+
Parameters:

+
    
+
  • desired_aspect (OID) – the desired aspect of the
+Security Context to set the value for.
    • 
+
  • context (SecurityContext) – the Security
+Context to set, or None to create a new context.
    • 
+
  • value (bytes) – the value to set on the desired aspect of the Security
+Context or None to send GSS_C_EMPTY_BUFFER.
    • 
+

+

+
Returns:

+
The output security context.

+

+
Return type:

+
SecurityContext

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Services4User Extensions

+
Service4User Extension

+

+

+acquire_cred_impersonate_name(impersonator_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'initiate')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials by impersonating another name.

+
This method is one of the ways to use S4U2Self.  It acquires credentials
+by impersonating another name using a set of proxy credentials.  The
+impersonator credentials must have a usage of ‘both’ or ‘initiate’.

+

+
Parameters:

+
    
+
  • impersonator_cred (Creds) – the credentials with
+permissions to impersonate the target name
    • 
+
  • name (Name) – the name to impersonate
    • 
+
  • lifetime (int) – the lifetime for the credentials (or None for
+indefinite) in seconds
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work (or None for the default set)
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+

+

+
Returns:

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not support)

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+add_cred_impersonate_name(input_cred: gssapi.raw.creds.Creds, impersonator_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, usage: str = 'initiate', init_lifetime: int | None = None, accept_lifetime: int | None = None)  gssapi.raw.named_tuples.AddCredResult[source]

+
Add a credentials element to a credential by impersonating another name.

+
This method is one of the ways to use S4U2Self.  It adds credentials
+to the input credentials by impersonating another name using a set of
+proxy credentials.  The impersonator credentials must have a usage of
+‘both’ or ‘initiate’.

+

+
Parameters:

+
    
+
  • input_cred (Creds) – the set of credentials to which
+to add the new credentials
    • 
+
  • impersonator_cred (Creds) – the credentials with
+permissions to impersonate the target name
    • 
+
  • name (Name) – the name to impersonate
    • 
+
  • mech (MechType) – the desired mechanism. Note that
+this is both
+singular and required, unlike acquireCredImpersonateName
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+
  • init_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to initiate security contexts (or None
+for indefinite)
    • 
+
  • accept_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to accept security contexts (or None
+for indefinite)
    • 
+

+

+
Returns:

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL in seconds, and the actual acceptor TTL
+in seconds (the TTLs may be None for indefinite or not supported)

+

+
Return type:

+
AddCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Acquiring Credentials With a Password Extensions

+

+

+acquire_cred_with_password(name: gssapi.raw.names.Name, password: bytes, lifetime: int | None = None, mechs: Iterable[gssapi.raw.oids.OID] | None = None, usage: str = 'initiate')  gssapi.raw.named_tuples.AcquireCredResult[source]

+
Acquire credentials through provided password.

+
This function is originally from Solaris and is not documented by either
+MIT or Heimdal.

+
In general, it functions similarly to
+acquire_cred().

+

+
Parameters:

+
    
+
  • name (Name) – the name to acquire credentials for
    • 
+
  • password (bytes) – the password used to acquire credentialss with
    • 
+
  • lifetime (int) – the lifetime for the credentials in seconds (or None
+for indefinite)
    • 
+
  • mechs (MechType) – the desired mechanisms for which
+the credentials should work (or None for the default set)
    • 
+
  • usage (str) – usage type for credentials.  Possible values:
+‘initiate’ (default), ‘accept’, ‘both’ (failsafe).
    • 
+

+

+
Returns:

+
the resulting credentials, the actual mechanisms
+with which they may be used, and their actual lifetime in seconds (or
+None for indefinite or not supported)

+

+
Return type:

+
AcquireCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+add_cred_with_password(input_cred: gssapi.raw.creds.Creds, name: gssapi.raw.names.Name, mech: gssapi.raw.oids.OID, password: bytes, usage: str = 'initiate', init_lifetime: int | None = None, accept_lifetime: int | None = None)  gssapi.raw.named_tuples.AddCredResult[source]

+
Add a credential-element to a credential using provided password.

+
This function is originally from Solaris and is not documented by either
+MIT or Heimdal.

+
In general, it functions similarly to add_cred().

+

+
Parameters:

+
    
+
  • input_cred (Creds) – the credentials to add to
    • 
+
  • name (Name) – the name to acquire credentials for
    • 
+
  • mech (MechType) – the desired mechanism.  Note that
+this is both singular and required
    • 
+
  • password (bytes) – the password used to acquire credentialss with
    • 
+
  • usage (str) – the usage type for the credentials: may be
+‘initiate’, ‘accept’, or ‘both’
    • 
+
  • init_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to initiate security contexts (or None
+for indefinite)
    • 
+
  • accept_lifetime (int) – the lifetime, in seconds, for the credentials to
+remain valid when using them to accept security contexts (or None
+for indefinite)
    • 
+

+

+
Returns:

+
the actual mechanisms with which the credentials may be
+used, the actual initiator TTL in seconds, and the actual acceptor TTL
+in seconds (the TTLs may be None for indefinite or not supported)

+

+
Return type:

+
AddCredResult

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Kerberos Specific Extensions

+

+

+class Krb5LucidContext[source]

+
The base container returned by krb5_export_lucid_sec_context() when
+an unknown version was requested.

+

+
+

+

+class Krb5LucidContextV1[source]

+
Kerberos context data returned by krb5_export_lucid_sec_context()
+when version 1 was requested.

+

+

+property version: int | None[source]

+
The structure version number

+

+
Returns:

+
the structure version number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property is_initiator: bool | None[source]

+
Whether the context was the initiator

+

+
Returns:

+
True when the exported context was the
+initiator

+

+
Return type:

+
Optional[bool]

+

+

+

+
+

+

+property endtime: int | None[source]

+
Expiration time of the context

+

+
Returns:

+
the expiration time of the context

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property send_seq: int | None[source]

+
Sender sequence number

+

+
Returns:

+
the sender sequence number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property recv_seq: int | None[source]

+
Receiver sequence number

+

+
Returns:

+
the receiver sequence number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property protocol: int | None[source]

+
The protocol number

+
If the protocol number is 0 then rfc1964_kd is set and
+cfx_kd is None. If the protocol number is 1 then the opposite
+is true.

+
Protocol 0 refers to RFC1964 and 1 refers to RFC4121.

+

+
Returns:

+
the protocol number

+

+
Return type:

+
Optional[int]

+

+

+

+
+

+

+property rfc1964_kd: gssapi.raw.named_tuples.Rfc1964KeyData | None[source]

+
Keydata for protocol 0 (RFC1964)

+
This will be set when protocol is 0.

+

+
Returns:

+
the RFC1964 key data

+

+
Return type:

+
Optional[Rfc1964KeyData]

+

+

+

+
+

+

+property cfx_kd: gssapi.raw.named_tuples.CfxKeyData | None[source]

+
Key data for protocol 1 (RFC4121)

+
This will be set when protocol is 1.

+

+
Returns:

+
the RFC4121 key data

+

+
Return type:

+
Optional[CfxKeyData]

+

+

+

+
+

+
+

+

+krb5_ccache_name(name: bytes | None)  bytes[source]

+
Set the default Kerberos Protocol credentials cache name.

+
This method sets the default credentials cache name for use by he Kerberos
+mechanism. The default credentials cache is used by
+acquire_cred() to create a GSS-API credential. It
+is also used by init_sec_context() when
+GSS_C_NO_CREDENTIAL is specified.

+

+
Note

+
Heimdal does not return the old name when called. It also does not
+reset the ccache lookup behaviour when setting to None.

+

+

+
Note

+
The return value may not be thread safe.

+

+

+
Parameters:

+
name (Optional[bytes]) – the name to set as the new thread specific
+ccache name. Set to None to revert back to getting the ccache
+from the config/environment settings.

+

+
Returns:

+
the old name that was previously set

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_export_lucid_sec_context(context: gssapi.raw.sec_contexts.SecurityContext, version: int)  Krb5LucidContext[source]

+
Returns a non-opaque version of the internal context info.

+
Gets information about the Kerberos security context passed in. Currently
+only version 1 is known and supported by this library.

+

+
Note

+
The context handle must not be used again by the caller after this
+call.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • version (int) – the output structure version to export.  Currently
+only 1 is supported.
    • 
+

+

+
Returns:

+
the non-opaque version context info

+

+
Return type:

+
Krb5LucidContext

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_extract_authtime_from_sec_context(context: gssapi.raw.sec_contexts.SecurityContext)  int[source]

+
Get the auth time for the security context.

+
Gets the auth time for the established security context.

+

+
Note

+
Heimdal can only get the authtime on the acceptor security context.
+MIT is able to get the authtime on both initiators and acceptors.

+

+

+
Parameters:

+
context (SecurityContext) – the current
+security context

+

+
Returns:

+
the authtime

+

+
Return type:

+
int

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_extract_authz_data_from_sec_context(context: gssapi.raw.sec_contexts.SecurityContext, ad_type: int)  bytes[source]

+
Extracts Kerberos authorization data.

+
Extracts authorization data that may be stored within the context.

+

+
Note

+
Only operates on acceptor contexts.

+

+

+
Parameters:

+
    
+
  • context (SecurityContext) – the current
+security context
    • 
+
  • ad_type (int) – the type of data to extract
    • 
+

+

+
Returns:

+
the raw authz data from the sec context

+

+
Return type:

+
bytes

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_import_cred(cred_handle: gssapi.raw.creds.Creds, cache: int | None = None, keytab_principal: int | None = None, keytab: int | None = None)  None[source]

+
Import Krb5 credentials into GSSAPI credential.

+
Imports the krb5 credentials (either or both of the keytab and cache) into
+the GSSAPI credential so it can be used within GSSAPI. The ccache is
+copied by reference and thus shared, so if the credential is destroyed,
+all users of cred_handle will fail.

+

+
Parameters:

+
    
+
  • cred_handle (Creds) – the credential handle to import into
    • 
+
  • cache (int) – the krb5_ccache address pointer, as an int, to import
+from
    • 
+
  • keytab_principal (int) – the krb5_principal address pointer, as an int,
+of the credential to import
    • 
+
  • keytab (int) – the krb5_keytab address pointer, as an int, of the
+keytab to import
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_get_tkt_flags(context: gssapi.raw.sec_contexts.SecurityContext)  int[source]

+
Return ticket flags for the kerberos ticket.

+
Return the ticket flags for the kerberos ticket received when
+authenticating the initiator.

+

+
Note

+
Heimdal can only get the tkt flags on the acceptor security context.
+MIT is able to get the tkt flags on initiators and acceptors.

+

+

+
Parameters:

+
context (SecurityContext) – the security
+context

+

+
Returns:

+
the ticket flags for the received kerberos ticket

+

+
Return type:

+
int

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+krb5_set_allowable_enctypes(cred_handle: gssapi.raw.creds.Creds, ktypes: Iterable[int])  None[source]

+
Limits the keys that can be exported.

+
Called by a context initiator after acquiring the creds but before calling
+init_sec_context() to restrict the set of
+enctypes which will be negotiated during context establisment to those in
+the provided list.

+

+
Warning

+
The cred_handle should not be GSS_C_NO_CREDENTIAL.

+

+

+
Parameters:

+
    
+
  • cred_hande (Creds) – the credential handle
    • 
+
  • ktypes (List[int]) – list of enctypes allowed
    • 
+

+

+
Returns:

+
None

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+
Other Extensions

+
gss_set_cred_option

+
Provides a way to set options on a credential based on the OID specified. A
+common use case is to set the GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos
+credential. This is used for interoperability with Microsoft’s SSPI.

+
Note this function is commonly lumped with the GGF extensions but they are not
+part of the GGF IETF draft so it’s separated into it’s own file.

+
Closest draft IETF document for the gss_set_cred_option can be found at
+https://tools.ietf.org/html/draft-williams-kitten-channel-bound-flag-01

+

+

+set_cred_option(desired_aspect: gssapi.raw.oids.OID, creds: gssapi.raw.creds.Creds | None = None, value: bytes | None = None)  gssapi.raw.creds.Creds[source]

+
This method is used to set options of a Creds
+object based on an OID key. The options that can be set depends on the mech
+the credentials were created with.

+
An example of how this can be used would be to set the
+GSS_KRB5_CRED_NO_CI_FLAGS_X on a Kerberos credential. The OID string for
+this flag is ‘1.2.752.43.13.29’ and it requires no value to be set. This
+must be set before the SecurityContext was initialised with the
+credentials.

+

+
Parameters:

+
    
+
  • desired_aspect (OID) – the desired aspect of the
+Credential to set.
    • 
+
  • cred_handle (Creds) – the Credentials to set, or None
+to create a new credential.
    • 
+
  • value (bytes) – the value to set on the desired aspect of the Credential
+or None to send GSS_C_EMPTY_BUFFER.
    • 
+

+

+
Returns:

+
The output credential.

+

+
Return type:

+
Creds

+

+
Raises:

+
GSSError

+

+

+

+
+

+

+

+
Results

+

+

+class AcquireCredResult(creds: gssapi.raw.creds.Creds, mechs: Set[OID], lifetime: int)[source]

+
Credential result when acquiring a GSSAPI credential.

+
Create new instance of AcquireCredResult(creds, mechs, lifetime)

+

+

+creds: gssapi.raw.creds.Creds

+
GSSAPI credentials that were acquired

+

+
+

+

+mechs: Set[OID]

+
Set of mechs the cred is for

+

+
+

+

+lifetime: int

+
Number of seconds for which the cred will remain valid

+

+
+

+
+

+

+class InquireCredResult(name: gssapi.raw.names.Name | None, lifetime: int | None, usage: str | None, mechs: Set[OID] | None)[source]

+
Information about the credential.

+
Create new instance of InquireCredResult(name, lifetime, usage, mechs)

+

+

+name: gssapi.raw.names.Name | None

+
The principal associated with the credential

+

+
+

+

+lifetime: int | None

+
Number of seconds which the cred is valid for

+

+
+

+

+usage: str | None

+
How the credential can be used

+

+
+

+

+mechs: Set[OID] | None

+
Set of mechs the cred is for

+

+
+

+
+

+

+class InquireCredByMechResult(name: gssapi.raw.names.Name | None, init_lifetime: int | None, accept_lifetime: int | None, usage: str | None)[source]

+
Information about the credential for a specific mechanism.

+
Create new instance of InquireCredByMechResult(name, init_lifetime, accept_lifetime, usage)

+

+

+name: gssapi.raw.names.Name | None

+
The principal associated with the credential

+

+
+

+

+init_lifetime: int | None

+
Time valid for initiation, in seconds

+

+
+

+

+accept_lifetime: int | None

+
Time valid for accepting, in seconds

+

+
+

+

+usage: str | None

+
How the credential can be used

+

+
+

+
+

+

+class AddCredResult(creds: gssapi.raw.creds.Creds | None, mechs: Set[OID], init_lifetime: int, accept_lifetime: int)[source]

+
Result of adding to a GSSAPI credential.

+
Create new instance of AddCredResult(creds, mechs, init_lifetime, accept_lifetime)

+

+

+creds: gssapi.raw.creds.Creds | None

+
The credential that was generated

+

+
+

+

+mechs: Set[OID]

+
Set of mechs the cred is for

+

+
+

+

+init_lifetime: int

+
Time valid for initiation, in seconds

+

+
+

+

+accept_lifetime: int

+
Time valid for accepting, in seconds

+

+
+

+
+

+

+class DisplayNameResult(name: bytes, name_type: OID | None)[source]

+
Textual representation of a GSSAPI name.

+
Create new instance of DisplayNameResult(name, name_type)

+

+

+name: bytes

+
The representation of the GSSAPI name

+

+
+

+

+name_type: OID | None

+
The type of GSSAPI name

+

+
+

+
+

+

+class WrapResult(message: bytes, encrypted: bool)[source]

+
Wrapped message result.

+
Create new instance of WrapResult(message, encrypted)

+

+

+message: bytes

+
The wrapped message

+

+
+

+

+encrypted: bool

+
Whether the message is encrypted and not just signed

+

+
+

+
+

+

+class UnwrapResult(message: bytes, encrypted: bool, qop: int)[source]

+
Unwrapped message result.

+
Create new instance of UnwrapResult(message, encrypted, qop)

+

+

+message: bytes

+
The unwrapped message

+

+
+

+

+encrypted: bool

+
Whether the message was encrypted and not just signed

+

+
+

+

+qop: int

+
The quality of protection applied to the message

+

+
+

+
+

+

+class AcceptSecContextResult(context: gssapi.raw.sec_contexts.SecurityContext, initiator_name: gssapi.raw.names.Name, mech: OID, token: bytes | None, flags: RequirementFlag, lifetime: int, delegated_creds: gssapi.raw.creds.Creds | None, more_steps: bool)[source]

+
Result when accepting a security context by an initiator.

+
Create new instance of AcceptSecContextResult(context, initiator_name, mech, token, flags, lifetime, delegated_creds, more_steps)

+

+

+context: gssapi.raw.sec_contexts.SecurityContext

+
The acceptor security context

+

+
+

+

+initiator_name: gssapi.raw.names.Name

+
The authenticated name of the initiator

+

+
+

+

+mech: OID

+
Mechanism with which the context was established

+

+
+

+

+token: bytes | None

+
Token to be returned to the initiator

+

+
+

+

+flags: RequirementFlag

+
Services requested by the initiator

+

+
+

+

+lifetime: int

+
Seconds for which the context is valid for

+

+
+

+

+delegated_creds: gssapi.raw.creds.Creds | None

+
Delegated credentials

+

+
+

+

+more_steps: bool

+
More input is required to complete the exchange

+

+
+

+
+

+

+class InitSecContextResult(context: gssapi.raw.sec_contexts.SecurityContext, mech: OID, flags: RequirementFlag, token: bytes | None, lifetime: int, more_steps: bool)[source]

+
Result when initiating a security context

+
Create new instance of InitSecContextResult(context, mech, flags, token, lifetime, more_steps)

+

+

+context: gssapi.raw.sec_contexts.SecurityContext

+
The initiator security context

+

+
+

+

+mech: OID

+
Mechanism used in the security context

+

+
+

+

+flags: RequirementFlag

+
Services available for the context

+

+
+

+

+token: bytes | None

+
Token to be sent to the acceptor

+

+
+

+

+lifetime: int

+
Seconds for which the context is valid for

+

+
+

+

+more_steps: bool

+
More input is required to complete the exchange

+

+
+

+
+

+

+class InquireContextResult(initiator_name: gssapi.raw.names.Name | None, target_name: gssapi.raw.names.Name | None, lifetime: int | None, mech: OID | None, flags: RequirementFlag | None, locally_init: bool | None, complete: bool | None)[source]

+
Information about the security context.

+
Create new instance of InquireContextResult(initiator_name, target_name, lifetime, mech, flags, locally_init, complete)

+

+

+initiator_name: gssapi.raw.names.Name | None

+
Name of the initiator

+

+
+

+

+target_name: gssapi.raw.names.Name | None

+
Name of the acceptor

+

+
+

+

+lifetime: int | None

+
Time valid for the security context, in seconds

+

+
+

+

+mech: OID | None

+
Mech used to create the security context

+

+
+

+

+flags: RequirementFlag | None

+
Services available for the context

+

+
+

+

+locally_init: bool | None

+
Context was initiated locally

+

+
+

+

+complete: bool | None

+
Context has been established and ready to use

+

+
+

+
+

+

+class StoreCredResult(mechs: List[OID], usage: str)[source]

+
Result of the credential storing operation.

+
Create new instance of StoreCredResult(mechs, usage)

+

+

+mechs: List[OID]

+
Mechs that were stored in the credential store

+

+
+

+

+usage: str

+
How the credential can be used

+

+
+

+
+

+

+class IOVUnwrapResult(encrypted: bool, qop: int)[source]

+
Unwrapped IOV message result.

+
Create new instance of IOVUnwrapResult(encrypted, qop)

+

+

+encrypted: bool

+
Whether the message was encrypted and not just signed

+

+
+

+

+qop: int

+
The quality of protection applied to the message

+

+
+

+
+

+

+class InquireNameResult(attrs: List[bytes], is_mech_name: bool, mech: OID)[source]

+
Information about a GSSAPI Name.

+
Create new instance of InquireNameResult(attrs, is_mech_name, mech)

+

+

+attrs: List[bytes]

+
Set of attribute names

+

+
+

+

+is_mech_name: bool

+
Name is a mechanism name

+

+
+

+

+mech: OID

+
The mechanism if is_name_mech is True

+

+
+

+
+

+

+class GetNameAttributeResult(values: List[bytes], display_values: List[bytes], authenticated: bool, complete: bool)[source]

+
GSSAPI Name attribute values.

+
Create new instance of GetNameAttributeResult(values, display_values, authenticated, complete)

+

+

+values: List[bytes]

+
Raw values

+

+
+

+

+display_values: List[bytes]

+
Human-readable values

+

+
+

+

+authenticated: bool

+
Attribute has been authenticated

+

+
+

+

+complete: bool

+
Attribute value is marked as complete

+

+
+

+
+

+

+class InquireAttrsResult(mech_attrs: Set[OID], known_mech_attrs: Set[OID])[source]

+
Set of attributes supported and known by a mechanism.

+
Create new instance of InquireAttrsResult(mech_attrs, known_mech_attrs)

+

+

+mech_attrs: Set[OID]

+
The mechanisms attributes

+

+
+

+

+known_mech_attrs: Set[OID]

+
Known attributes of the mechanism

+

+
+

+
+

+

+class DisplayAttrResult(name: bytes, short_desc: bytes, long_desc: bytes)[source]

+
Information about an attribute.

+
Create new instance of DisplayAttrResult(name, short_desc, long_desc)

+

+

+name: bytes

+
The mechanism name

+

+
+

+

+short_desc: bytes

+
Short description of the mechanism

+

+
+

+

+long_desc: bytes

+
Long description of the mechanism

+

+
+

+
+

+

+class InquireSASLNameResult(sasl_mech_name: bytes, mech_name: bytes, mech_description: bytes)[source]

+
SASL informmation about a GSSAPI Name.

+
Create new instance of InquireSASLNameResult(sasl_mech_name, mech_name, mech_description)

+

+

+sasl_mech_name: bytes

+
The SASL name

+

+
+

+

+mech_name: bytes

+
The mechanism name

+

+
+

+

+mech_description: bytes

+
The mechanism description

+

+
+

+
+

+

+class Rfc1964KeyData(sign_alg: int, seal_alg: int, key_type: int, key: bytes)[source]

+
Security context key data based on RFC1964.

+
Create new instance of Rfc1964KeyData(sign_alg, seal_alg, key_type, key)

+

+

+sign_alg: int

+
Signing algorithm identifier

+

+
+

+

+seal_alg: int

+
Sealing algorithm identifier

+

+
+

+

+key_type: int

+
Key encryption type identifier

+

+
+

+

+key: bytes

+
Encryption key data

+

+
+

+
+

+

+class CfxKeyData(ctx_key_type: int, ctx_key: bytes, acceptor_subkey_type: int | None, acceptor_subkey: bytes | None)[source]

+
Securty context key data.

+
Create new instance of CfxKeyData(ctx_key_type, ctx_key, acceptor_subkey_type, acceptor_subkey)

+

+

+ctx_key_type: int

+
Context key encryption type identifier

+

+
+

+

+ctx_key: bytes

+
Context key data - session or sub-session key

+

+
+

+

+acceptor_subkey_type: int | None

+
Acceptor key enc type identifier

+

+
+

+

+acceptor_subkey: bytes | None

+
Acceptor key data

+

+
+

+
+

+

+
Exceptions

+

+

+exception GSSError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: Exception

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+

+maj_code: int

+

+
+

+

+min_code: int

+

+
+

+

+token: bytes | None

+

+
+

+

+calling_code: int

+

+
+

+

+routine_code: int

+

+
+

+

+supplementary_code: int

+

+
+

+

+get_all_statuses(code: int, is_maj: bool)  List[str][source]

+
Retrieve all messages for a status code.

+
This method retrieves all human-readable messages
+available for the given status code.

+

+
Parameters:

+
    
+
  • code – the status code in question
    • 
+
  • is_maj – whether this is a major status code (True)
+or minor status code (False)
    • 
+

+

+
Returns:

+

+
A list of string messages associated with the
given code

+

+

+

+

+
Return type:

+
[str]

+

+

+

+
+

+

+gen_message()  str[source]

+
Retrieves all messages for this error’s status codes

+
This method retrieves all messages for this error’s status codes,
+and forms them into a string for use as an exception message

+

+
Returns:

+
a string for use as this error’s message

+

+
Return type:

+
str

+

+

+

+
+

+
+

+

+exception ParameterReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ParameterWriteError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MalformedParameterError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadMechanismError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadNameError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadNameTypeError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadChannelBindingsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadStatusError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadMICError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MissingCredentialsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MissingContextError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception InvalidTokenError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception InvalidCredentialsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredCredentialsError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredContextError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception BadQoPError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception UnauthorizedError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception OperationUnavailableError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception DuplicateCredentialsElementError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception MechanismNameRequiredError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception NameReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, BadNameError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception NameTypeReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, BadNameTypeError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, InvalidTokenError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ContextReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, MissingContextError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception CredentialsReadError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterReadError, MissingCredentialsError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ContextWriteError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterWriteError, MissingContextError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception CredentialsWriteError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: ParameterWriteError, MissingCredentialsError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception SupplementaryError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: gssapi.raw.misc.GSSError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception DuplicateTokenError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception ExpiredTokenError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenOutOfSequenceError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: SupplementaryError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenTooLateError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: TokenOutOfSequenceError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+exception TokenTooEarlyError(maj_code: int, min_code: int, token: bytes | None = None)[source]

+
Bases: TokenOutOfSequenceError

+
A GSSAPI Error

+
This Exception represents an error returned from the GSSAPI
+C bindings.  It contains the major and minor status codes
+returned by the method which caused the error, and can
+generate human-readable string messages from the error
+codes

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/index.html b/stable/index.html
new file mode 100644
index 00000000..7386f513
--- /dev/null
+++ b/stable/index.html
@@ -0,0 +1,132 @@
+
+
+
+
+
+  
+
+  
+  Python-GSSAPI: Python bindings for GSSAPI — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Python-GSSAPI: Python bindings for GSSAPI

+
Python-GSSAPI provides Python bindings for the GSSAPI C bindings as defined
+by RFC 2744, as well as several extensions.

+
The package is organized into two parts: a high-level API and a low-level API.
+The high-level API resides in gssapi, and presents an object-oriented
+API around GSSAPI.

+
The other part of Python-GSSAPI is the low-level API, which resides in
+gssapi.raw.  The low-level API provides thin wrappers around the
+corresponding C functions.  The high-level API makes use of the low-level API
+to access underlying GSSAPI functionality.  Additionally certain extensions
+are currently only available from the low-level API.

+
To get started, check out the tutorials page or jump
+straight into the high-level API documentation.

+

+

+

+

+
Indices and tables

+
+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/objects.inv b/stable/objects.inv
new file mode 100644
index 00000000..b51dafd5
Binary files /dev/null and b/stable/objects.inv differ
diff --git a/stable/otherdoc.html b/stable/otherdoc.html
new file mode 100644
index 00000000..1dd62c54
--- /dev/null
+++ b/stable/otherdoc.html
@@ -0,0 +1,123 @@
+
+
+
+
+
+  
+
+  
+  Other Documentation — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Other Documentation

+
This section contain documentation that is not expressed directly in functions
+documentation, like implementation specific quirks or issues, implementation
+tips, environment influence on operations and similar.

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/py-modindex.html b/stable/py-modindex.html
new file mode 100644
index 00000000..57b682cb
--- /dev/null
+++ b/stable/py-modindex.html
@@ -0,0 +1,273 @@
+
+
+
+
+
+  
+  
+  Python Module Index — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+ 
+
+
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Python Module Index
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+
+   
Python Module Index

+
+   

+   g
+   

+
+   
+     
+     
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+     
+       
+       
+   
 

+       g

+       gssapi
+       
   
+       gssapi.creds
+       
   
+       gssapi.exceptions
+       
   
+       gssapi.names
+       
   
+       gssapi.raw
+       
   
+       gssapi.raw.chan_bindings
+       
   
+       gssapi.raw.creds
+       
   
+       gssapi.raw.exceptions
+       
   
+       gssapi.raw.ext_cred_imp_exp
+       
   
+       gssapi.raw.ext_cred_store
+       
   
+       gssapi.raw.ext_dce
+       
   
+       gssapi.raw.ext_ggf
+       
   
+       gssapi.raw.ext_iov_mic
+       
   
+       gssapi.raw.ext_krb5
+       
   
+       gssapi.raw.ext_password
+       
   
+       gssapi.raw.ext_password_add
+       
   
+       gssapi.raw.ext_rfc4178
+       
   
+       gssapi.raw.ext_rfc5587
+       
   
+       gssapi.raw.ext_rfc5588
+       
   
+       gssapi.raw.ext_rfc5801
+       
   
+       gssapi.raw.ext_rfc6680
+       
   
+       gssapi.raw.ext_s4u
+       
   
+       gssapi.raw.ext_set_cred_opt
+       
   
+       gssapi.raw.message
+       
   
+       gssapi.raw.misc
+       
   
+       gssapi.raw.named_tuples
+       
   
+       gssapi.raw.names
+       
   
+       gssapi.raw.oids
+       
   
+       gssapi.raw.sec_contexts
+       
   
+       gssapi.raw.types
+       
   
+       gssapi.sec_contexts
+       

+
+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/stable/search.html b/stable/search.html
new file mode 100644
index 00000000..b1aa2e47
--- /dev/null
+++ b/stable/search.html
@@ -0,0 +1,123 @@
+
+
+
+
+
+  
+  
+  Search — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+    
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
    
+      
    • 
+      
  • Search
    • 
+      
  • 
+      
    • 
+  

+  

+

+          

+           

+             
+  
+
+  
+  

+  
+  

+
+           

+          

+          

+
+  

+
+  

+    
© Copyright 2014, The Python-GSSAPI team.

+  

+
+  Built with Sphinx using a
+    theme
+    provided by Read the Docs.
+   
+
+

+        

+      

+    

+  

+  
+  
+  
+  
+   
+
+
+
+
\ No newline at end of file
diff --git a/stable/searchindex.js b/stable/searchindex.js
new file mode 100644
index 00000000..d05f85a1
--- /dev/null
+++ b/stable/searchindex.js
@@ -0,0 +1 @@
+Search.setIndex({"alltitles": {"A Basic Introduction to GSSAPI": [[0, null]], "Acquiring Credentials With a Password Extensions": [[3, "module-gssapi.raw.ext_password"]], "Additional RFCs and Extensions": [[3, "additional-rfcs-and-extensions"]], "Common Values for Credentials Store Extensions": [[1, null]], "Core RFC 2744": [[3, "core-rfc-2744"]], "Credential Store Extensions": [[3, "module-gssapi.raw.ext_cred_store"]], "Credentials": [[2, "module-gssapi.creds"], [3, "module-gssapi.raw.creds"]], "Credentials Import-Export Extensions": [[3, "module-gssapi.raw.ext_cred_imp_exp"]], "DCE (IOV/AEAD) Extensions": [[3, "module-gssapi.raw.ext_dce"]], "Enums and Helper Classes": [[2, "enums-and-helper-classes"]], "Exceptions": [[2, "exceptions"], [3, "module-gssapi.raw.exceptions"]], "Global Grid Forum (GGF) Extensions": [[3, "module-gssapi.raw.ext_ggf"]], "High-Level API": [[2, null]], "IOV MIC Extensions": [[3, "module-gssapi.raw.ext_iov_mic"]], "Indices and tables": [[4, "indices-and-tables"]], "Kerberos Specific Extensions": [[3, "module-gssapi.raw.ext_krb5"]], "Low-Level API": [[3, null]], "Main Classes": [[2, "main-classes"]], "Misc": [[3, "module-gssapi.raw.oids"]], "Names": [[2, "module-gssapi.names"], [3, "names"]], "Names and Credentials": [[0, "names-and-credentials"]], "Other Documentation": [[5, null]], "Other Extensions": [[3, "module-gssapi.raw.ext_set_cred_opt"]], "Python-GSSAPI: Python bindings for GSSAPI": [[4, null]], "RFC 4178 (GSS-API Negotiation Mechanism)": [[3, "module-gssapi.raw.ext_rfc4178"]], "RFC 5587 (GSS-API Extension for Mech Attributes)": [[3, "module-gssapi.raw.ext_rfc5587"]], "RFC 5588 (GSS-API Extension for Storing Delegated Credentials)": [[3, "module-gssapi.raw.ext_rfc5588"]], "RFC 5801 (GSS-API SASL Extensions)": [[3, "module-gssapi.raw.ext_rfc5801"]], "RFC 6680 (GSS-API Naming Extensions)": [[3, "module-gssapi.raw.ext_rfc6680"]], "Results": [[3, "results"]], "Security Contexts": [[0, "security-contexts"], [2, "module-gssapi.sec_contexts"], [3, "module-gssapi.raw.sec_contexts"]], "Services4User Extensions": [[3, "module-gssapi.raw.ext_s4u"]], "The krb5 mechanism in Heimdal": [[1, "the-krb5-mechanism-in-heimdal"]], "The krb5 mechanism in MIT libraries": [[1, "the-krb5-mechanism-in-mit-libraries"]], "Tutorials": [[6, null]], "Utilities": [[2, "utilities"]], "ccache": [[1, "ccache"]], "client_keytab": [[1, "client-keytab"]], "keytab": [[1, "keytab"]], "rcache": [[1, "rcache"]]}, "docnames": ["basic-tutorial", "credstore", "gssapi", "gssapi.raw", "index", "otherdoc", "tutorials"], "envversion": {"sphinx": 63, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx.ext.viewcode": 1}, "filenames": ["basic-tutorial.md", "credstore.rst", "gssapi.rst", "gssapi.raw.rst", "index.rst", "otherdoc.rst", "tutorials.rst"], "indexentries": {"accept_lifetime (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.accept_lifetime", false]], "accept_lifetime (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.accept_lifetime", false]], "accept_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.accept_sec_context", false]], "acceptor_address (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.acceptor_address", false]], "acceptor_address_type (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.acceptor_address_type", false]], "acceptor_subkey (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.acceptor_subkey", false]], "acceptor_subkey_type (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.acceptor_subkey_type", false]], "acceptseccontextresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult", false]], "acquire() (credentials class method)": [[2, "gssapi.creds.Credentials.acquire", false]], "acquire_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.acquire_cred", false]], "acquire_cred_from() (in module gssapi.raw.ext_cred_store)": [[3, "gssapi.raw.ext_cred_store.acquire_cred_from", false]], "acquire_cred_impersonate_name() (in module gssapi.raw.ext_s4u)": [[3, "gssapi.raw.ext_s4u.acquire_cred_impersonate_name", false]], "acquire_cred_with_password() (in module gssapi.raw.ext_password)": [[3, "gssapi.raw.ext_password.acquire_cred_with_password", false]], "acquirecredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.AcquireCredResult", false]], "actual_flags (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.actual_flags", false]], "add() (credentials method)": [[2, "gssapi.creds.Credentials.add", false]], "add() (genericflagset method)": [[3, "gssapi.raw.types.GenericFlagSet.add", false]], "add_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.add_cred", false]], "add_cred_from() (in module gssapi.raw.ext_cred_store)": [[3, "gssapi.raw.ext_cred_store.add_cred_from", false]], "add_cred_impersonate_name() (in module gssapi.raw.ext_s4u)": [[3, "gssapi.raw.ext_s4u.add_cred_impersonate_name", false]], "add_cred_with_password() (in module gssapi.raw.ext_password_add)": [[3, "gssapi.raw.ext_password_add.add_cred_with_password", false]], "addcredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.AddCredResult", false]], "addresstype (class in gssapi)": [[2, "gssapi.AddressType", false]], "addresstype (class in gssapi.raw.types)": [[3, "gssapi.raw.types.AddressType", false]], "allocate (iovbuffer attribute)": [[3, "gssapi.raw.ext_dce.IOVBuffer.allocate", false]], "anonymity (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.anonymity", false]], "anonymous (nametype attribute)": [[2, "gssapi.NameType.anonymous", false], [3, "gssapi.raw.types.NameType.anonymous", false]], "appletalk (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.appletalk", false]], "application_data (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.application_data", false]], "arpanet (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.arpanet", false]], "attributes (name property)": [[2, "gssapi.names.Name.attributes", false]], "attrs (inquirenameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireNameResult.attrs", false]], "authenticated (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.authenticated", false]], "badchannelbindingserror": [[2, "gssapi.exceptions.BadChannelBindingsError", false], [3, "gssapi.raw.exceptions.BadChannelBindingsError", false]], "badmechanismerror": [[2, "gssapi.exceptions.BadMechanismError", false], [3, "gssapi.raw.exceptions.BadMechanismError", false]], "badmicerror": [[2, "gssapi.exceptions.BadMICError", false], [3, "gssapi.raw.exceptions.BadMICError", false]], "badnameerror": [[2, "gssapi.exceptions.BadNameError", false], [3, "gssapi.raw.exceptions.BadNameError", false]], "badnametypeerror": [[2, "gssapi.exceptions.BadNameTypeError", false], [3, "gssapi.raw.exceptions.BadNameTypeError", false]], "badqoperror": [[2, "gssapi.exceptions.BadQoPError", false], [3, "gssapi.raw.exceptions.BadQoPError", false]], "badstatuserror": [[2, "gssapi.exceptions.BadStatusError", false], [3, "gssapi.raw.exceptions.BadStatusError", false]], "bisync (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.bisync", false]], "calling_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.calling_code", false], [3, "gssapi.raw.misc.GSSError.calling_code", false]], "calling_code (malformedparametererror attribute)": [[2, "gssapi.exceptions.MalformedParameterError.CALLING_CODE", false]], "calling_code (parameterreaderror attribute)": [[2, "gssapi.exceptions.ParameterReadError.CALLING_CODE", false]], "calling_code (parameterwriteerror attribute)": [[2, "gssapi.exceptions.ParameterWriteError.CALLING_CODE", false]], "canonicalize() (name method)": [[2, "gssapi.names.Name.canonicalize", false]], "canonicalize_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.canonicalize_name", false]], "ccitt (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ccitt", false]], "cfx_kd (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.cfx_kd", false]], "cfxkeydata (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.CfxKeyData", false]], "channel_bound (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.channel_bound", false]], "channelbindings (class in gssapi.raw.chan_bindings)": [[3, "gssapi.raw.chan_bindings.ChannelBindings", false]], "chaos (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.chaos", false]], "compare_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.compare_name", false]], "complete (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.complete", false]], "complete (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.complete", false]], "complete (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.complete", false]], "composite_export (nametype attribute)": [[2, "gssapi.NameType.composite_export", false], [3, "gssapi.raw.types.NameType.composite_export", false]], "confidentiality (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.confidentiality", false]], "context (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.context", false]], "context (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.context", false]], "context_time() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.context_time", false]], "contextreaderror": [[2, "gssapi.exceptions.ContextReadError", false], [3, "gssapi.raw.exceptions.ContextReadError", false]], "contextwriteerror": [[2, "gssapi.exceptions.ContextWriteError", false], [3, "gssapi.raw.exceptions.ContextWriteError", false]], "count() (iov method)": [[3, "gssapi.raw.ext_dce.IOV.count", false]], "credentials (class in gssapi.creds)": [[2, "gssapi.creds.Credentials", false]], "credentialsreaderror": [[2, "gssapi.exceptions.CredentialsReadError", false], [3, "gssapi.raw.exceptions.CredentialsReadError", false]], "credentialswriteerror": [[2, "gssapi.exceptions.CredentialsWriteError", false], [3, "gssapi.raw.exceptions.CredentialsWriteError", false]], "creds (acquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.AcquireCredResult.creds", false]], "creds (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.creds", false]], "creds (class in gssapi.raw.creds)": [[3, "gssapi.raw.creds.Creds", false]], "ctx_key (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.ctx_key", false]], "ctx_key_type (cfxkeydata attribute)": [[3, "gssapi.raw.named_tuples.CfxKeyData.ctx_key_type", false]], "data (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.data", false]], "datakit (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.datakit", false]], "dce_style (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.dce_style", false]], "decnet (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.decnet", false]], "decrypt() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.decrypt", false]], "delegate_to_peer (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.delegate_to_peer", false]], "delegated_creds (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.delegated_creds", false]], "delegated_creds (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.delegated_creds", false]], "delete_name_attribute() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.delete_name_attribute", false]], "delete_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.delete_sec_context", false]], "discard() (genericflagset method)": [[3, "gssapi.raw.types.GenericFlagSet.discard", false]], "display_as() (name method)": [[2, "gssapi.names.Name.display_as", false]], "display_mech_attr() (in module gssapi.raw.ext_rfc5587)": [[3, "gssapi.raw.ext_rfc5587.display_mech_attr", false]], "display_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.display_name", false]], "display_name_ext() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.display_name_ext", false]], "display_values (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.display_values", false]], "displayattrresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult", false]], "displaynameresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.DisplayNameResult", false]], "dli (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.dli", false]], "dotted_form (oid property)": [[3, "gssapi.raw.misc.OID.dotted_form", false], [3, "gssapi.raw.oids.OID.dotted_form", false]], "dss (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.dss", false]], "duplicate_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.duplicate_name", false]], "duplicatecredentialselementerror": [[2, "gssapi.exceptions.DuplicateCredentialsElementError", false], [3, "gssapi.raw.exceptions.DuplicateCredentialsElementError", false]], "duplicatetokenerror": [[2, "gssapi.exceptions.DuplicateTokenError", false], [3, "gssapi.raw.exceptions.DuplicateTokenError", false]], "ecma (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ecma", false]], "empty (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.empty", false]], "encrypt() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.encrypt", false]], "encrypted (iovunwrapresult attribute)": [[3, "gssapi.raw.named_tuples.IOVUnwrapResult.encrypted", false]], "encrypted (unwrapresult attribute)": [[3, "gssapi.raw.named_tuples.UnwrapResult.encrypted", false]], "encrypted (wrapresult attribute)": [[3, "gssapi.raw.named_tuples.WrapResult.encrypted", false]], "encryptionnotused": [[2, "gssapi.exceptions.EncryptionNotUsed", false]], "endtime (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.endtime", false]], "expiredcontexterror": [[2, "gssapi.exceptions.ExpiredContextError", false], [3, "gssapi.raw.exceptions.ExpiredContextError", false]], "expiredcredentialserror": [[2, "gssapi.exceptions.ExpiredCredentialsError", false], [3, "gssapi.raw.exceptions.ExpiredCredentialsError", false]], "expiredtokenerror": [[2, "gssapi.exceptions.ExpiredTokenError", false], [3, "gssapi.raw.exceptions.ExpiredTokenError", false]], "export (nametype attribute)": [[2, "gssapi.NameType.export", false], [3, "gssapi.raw.types.NameType.export", false]], "export() (credentials method)": [[2, "gssapi.creds.Credentials.export", false]], "export() (name method)": [[2, "gssapi.names.Name.export", false]], "export() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.export", false]], "export_cred() (in module gssapi.raw.ext_cred_imp_exp)": [[3, "gssapi.raw.ext_cred_imp_exp.export_cred", false]], "export_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.export_name", false]], "export_name_composite() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.export_name_composite", false]], "export_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.export_sec_context", false]], "extended_error (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.extended_error", false]], "flags (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.flags", false]], "flags (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.flags", false]], "flags (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.flags", false]], "fmt_str (generalerror attribute)": [[2, "gssapi.exceptions.GeneralError.FMT_STR", false]], "from_int_seq() (oid class method)": [[3, "gssapi.raw.misc.OID.from_int_seq", false], [3, "gssapi.raw.oids.OID.from_int_seq", false]], "gen_message() (gsserror method)": [[2, "gssapi.exceptions.GSSError.gen_message", false], [3, "gssapi.raw.exceptions.GSSError.gen_message", false], [3, "gssapi.raw.misc.GSSError.gen_message", false]], "generalerror": [[2, "gssapi.exceptions.GeneralError", false]], "genericflagset (class in gssapi.raw.types)": [[3, "gssapi.raw.types.GenericFlagSet", false]], "get_all_statuses() (gsserror method)": [[2, "gssapi.exceptions.GSSError.get_all_statuses", false], [3, "gssapi.raw.exceptions.GSSError.get_all_statuses", false], [3, "gssapi.raw.misc.GSSError.get_all_statuses", false]], "get_mic() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.get_mic", false]], "get_mic_iov() (in module gssapi.raw.ext_iov_mic)": [[3, "gssapi.raw.ext_iov_mic.get_mic_iov", false]], "get_mic_iov_length() (in module gssapi.raw.ext_iov_mic)": [[3, "gssapi.raw.ext_iov_mic.get_mic_iov_length", false]], "get_name_attribute() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.get_name_attribute", false]], "get_signature() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.get_signature", false]], "get_wrap_size_limit() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.get_wrap_size_limit", false]], "getnameattributeresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult", false]], "gssapi": [[2, "module-gssapi", false]], "gssapi.creds": [[2, "module-gssapi.creds", false]], "gssapi.exceptions": [[2, "module-gssapi.exceptions", false]], "gssapi.names": [[2, "module-gssapi.names", false]], "gssapi.raw": [[3, "module-gssapi.raw", false]], "gssapi.raw.chan_bindings": [[3, "module-gssapi.raw.chan_bindings", false]], "gssapi.raw.creds": [[3, "module-gssapi.raw.creds", false]], "gssapi.raw.exceptions": [[3, "module-gssapi.raw.exceptions", false]], "gssapi.raw.ext_cred_imp_exp": [[3, "module-gssapi.raw.ext_cred_imp_exp", false]], "gssapi.raw.ext_cred_store": [[3, "module-gssapi.raw.ext_cred_store", false]], "gssapi.raw.ext_dce": [[3, "module-gssapi.raw.ext_dce", false]], "gssapi.raw.ext_ggf": [[3, "module-gssapi.raw.ext_ggf", false]], "gssapi.raw.ext_iov_mic": [[3, "module-gssapi.raw.ext_iov_mic", false]], "gssapi.raw.ext_krb5": [[3, "module-gssapi.raw.ext_krb5", false]], "gssapi.raw.ext_password": [[3, "module-gssapi.raw.ext_password", false]], "gssapi.raw.ext_password_add": [[3, "module-gssapi.raw.ext_password_add", false]], "gssapi.raw.ext_rfc4178": [[3, "module-gssapi.raw.ext_rfc4178", false]], "gssapi.raw.ext_rfc5587": [[3, "module-gssapi.raw.ext_rfc5587", false]], "gssapi.raw.ext_rfc5588": [[3, "module-gssapi.raw.ext_rfc5588", false]], "gssapi.raw.ext_rfc5801": [[3, "module-gssapi.raw.ext_rfc5801", false]], "gssapi.raw.ext_rfc6680": [[3, "module-gssapi.raw.ext_rfc6680", false]], "gssapi.raw.ext_s4u": [[3, "module-gssapi.raw.ext_s4u", false]], "gssapi.raw.ext_set_cred_opt": [[3, "module-gssapi.raw.ext_set_cred_opt", false]], "gssapi.raw.message": [[3, "module-gssapi.raw.message", false]], "gssapi.raw.misc": [[3, "module-gssapi.raw.misc", false]], "gssapi.raw.named_tuples": [[3, "module-gssapi.raw.named_tuples", false]], "gssapi.raw.names": [[3, "module-gssapi.raw.names", false]], "gssapi.raw.oids": [[3, "module-gssapi.raw.oids", false]], "gssapi.raw.sec_contexts": [[3, "module-gssapi.raw.sec_contexts", false]], "gssapi.raw.types": [[3, "module-gssapi.raw.types", false]], "gssapi.sec_contexts": [[2, "module-gssapi.sec_contexts", false]], "gsserror": [[2, "gssapi.exceptions.GSSError", false], [3, "gssapi.raw.exceptions.GSSError", false], [3, "gssapi.raw.misc.GSSError", false]], "header (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.header", false]], "hostbased_service (nametype attribute)": [[2, "gssapi.NameType.hostbased_service", false], [3, "gssapi.raw.types.NameType.hostbased_service", false]], "hyperchannel (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.hyperchannel", false]], "ibm_sna (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ibm_sna", false]], "identify (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.identify", false]], "impersonate() (credentials method)": [[2, "gssapi.creds.Credentials.impersonate", false]], "import_cred() (in module gssapi.raw.ext_cred_imp_exp)": [[3, "gssapi.raw.ext_cred_imp_exp.import_cred", false]], "import_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.import_name", false]], "import_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.import_sec_context", false]], "index() (iov method)": [[3, "gssapi.raw.ext_dce.IOV.index", false]], "indicate_mechs() (in module gssapi.raw.misc)": [[3, "gssapi.raw.misc.indicate_mechs", false]], "indicate_mechs_by_attrs() (in module gssapi.raw.ext_rfc5587)": [[3, "gssapi.raw.ext_rfc5587.indicate_mechs_by_attrs", false]], "init_lifetime (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.init_lifetime", false]], "init_lifetime (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.init_lifetime", false]], "init_sec_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.init_sec_context", false]], "initiator_address (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.initiator_address", false]], "initiator_address_type (channelbindings attribute)": [[3, "gssapi.raw.chan_bindings.ChannelBindings.initiator_address_type", false]], "initiator_name (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.initiator_name", false]], "initiator_name (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.initiator_name", false]], "initiator_name (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.initiator_name", false]], "initseccontextresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InitSecContextResult", false]], "inquire() (credentials method)": [[2, "gssapi.creds.Credentials.inquire", false]], "inquire_attrs_for_mech() (in module gssapi.raw.ext_rfc5587)": [[3, "gssapi.raw.ext_rfc5587.inquire_attrs_for_mech", false]], "inquire_by_mech() (credentials method)": [[2, "gssapi.creds.Credentials.inquire_by_mech", false]], "inquire_context() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.inquire_context", false]], "inquire_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.inquire_cred", false]], "inquire_cred_by_mech() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.inquire_cred_by_mech", false]], "inquire_cred_by_oid() (in module gssapi.raw.ext_ggf)": [[3, "gssapi.raw.ext_ggf.inquire_cred_by_oid", false]], "inquire_mech_for_saslname() (in module gssapi.raw.ext_rfc5801)": [[3, "gssapi.raw.ext_rfc5801.inquire_mech_for_saslname", false]], "inquire_mechs_for_name() (in module gssapi.raw.misc)": [[3, "gssapi.raw.misc.inquire_mechs_for_name", false]], "inquire_name() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.inquire_name", false]], "inquire_names_for_mech() (in module gssapi.raw.misc)": [[3, "gssapi.raw.misc.inquire_names_for_mech", false]], "inquire_saslname_for_mech() (in module gssapi.raw.ext_rfc5801)": [[3, "gssapi.raw.ext_rfc5801.inquire_saslname_for_mech", false]], "inquire_sec_context_by_oid() (in module gssapi.raw.ext_ggf)": [[3, "gssapi.raw.ext_ggf.inquire_sec_context_by_oid", false]], "inquireattrsresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireAttrsResult", false]], "inquirecontextresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireContextResult", false]], "inquirecredbymechresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult", false]], "inquirecredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireCredResult", false]], "inquirenameresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireNameResult", false]], "inquiresaslnameresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult", false]], "integrity (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.integrity", false]], "intenumflagset (class in gssapi)": [[2, "gssapi.IntEnumFlagSet", false]], "intenumflagset (class in gssapi.raw.types)": [[3, "gssapi.raw.types.IntEnumFlagSet", false]], "invalidcredentialserror": [[2, "gssapi.exceptions.InvalidCredentialsError", false], [3, "gssapi.raw.exceptions.InvalidCredentialsError", false]], "invalidtokenerror": [[2, "gssapi.exceptions.InvalidTokenError", false], [3, "gssapi.raw.exceptions.InvalidTokenError", false]], "iov (class in gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.IOV", false]], "iovbuffer (class in gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.IOVBuffer", false]], "iovbuffertype (class in gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.IOVBufferType", false]], "iovunwrapresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.IOVUnwrapResult", false]], "ip (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.ip", false]], "is_initiator (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.is_initiator", false]], "is_mech_name (inquirenameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireNameResult.is_mech_name", false]], "is_mech_name (name property)": [[2, "gssapi.names.Name.is_mech_name", false]], "kerberos (mechtype attribute)": [[2, "gssapi.MechType.kerberos", false], [3, "gssapi.raw.misc.MechType.kerberos", false], [3, "gssapi.raw.types.MechType.kerberos", false]], "kerberos_principal (nametype attribute)": [[2, "gssapi.NameType.kerberos_principal", false], [3, "gssapi.raw.types.NameType.kerberos_principal", false]], "key (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.key", false]], "key_type (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.key_type", false]], "known_mech_attrs (inquireattrsresult attribute)": [[3, "gssapi.raw.named_tuples.InquireAttrsResult.known_mech_attrs", false]], "krb5_ccache_name() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_ccache_name", false]], "krb5_export_lucid_sec_context() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_export_lucid_sec_context", false]], "krb5_extract_authtime_from_sec_context() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_extract_authtime_from_sec_context", false]], "krb5_extract_authz_data_from_sec_context() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_extract_authz_data_from_sec_context", false]], "krb5_get_tkt_flags() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_get_tkt_flags", false]], "krb5_import_cred() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_import_cred", false]], "krb5_nt_principal_name (nametype attribute)": [[2, "gssapi.NameType.krb5_nt_principal_name", false], [3, "gssapi.raw.types.NameType.krb5_nt_principal_name", false]], "krb5_set_allowable_enctypes() (in module gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.krb5_set_allowable_enctypes", false]], "krb5lucidcontext (class in gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContext", false]], "krb5lucidcontextv1 (class in gssapi.raw.ext_krb5)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1", false]], "lat (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.lat", false]], "lifetime (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.lifetime", false]], "lifetime (acquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.AcquireCredResult.lifetime", false]], "lifetime (credentials property)": [[2, "gssapi.creds.Credentials.lifetime", false]], "lifetime (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.lifetime", false]], "lifetime (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.lifetime", false]], "lifetime (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.lifetime", false]], "lifetime (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.lifetime", false]], "local (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.local", false]], "locally_init (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.locally_init", false]], "locally_initiated (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.locally_initiated", false]], "long_desc (displayattrresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult.long_desc", false]], "machine_uid (nametype attribute)": [[2, "gssapi.NameType.machine_uid", false], [3, "gssapi.raw.types.NameType.machine_uid", false]], "maj_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.maj_code", false], [3, "gssapi.raw.misc.GSSError.maj_code", false]], "major_message (encryptionnotused attribute)": [[2, "gssapi.exceptions.EncryptionNotUsed.MAJOR_MESSAGE", false]], "major_message (generalerror attribute)": [[2, "gssapi.exceptions.GeneralError.MAJOR_MESSAGE", false]], "major_message (unknownusageerror attribute)": [[2, "gssapi.exceptions.UnknownUsageError.MAJOR_MESSAGE", false]], "malformedparametererror": [[2, "gssapi.exceptions.MalformedParameterError", false], [3, "gssapi.raw.exceptions.MalformedParameterError", false]], "max_val (genericflagset attribute)": [[3, "gssapi.raw.types.GenericFlagSet.MAX_VAL", false]], "mech (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.mech", false]], "mech (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.mech", false]], "mech (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.mech", false]], "mech (inquirenameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireNameResult.mech", false]], "mech (name property)": [[2, "gssapi.names.Name.mech", false]], "mech (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.mech", false]], "mech_attrs (inquireattrsresult attribute)": [[3, "gssapi.raw.named_tuples.InquireAttrsResult.mech_attrs", false]], "mech_description (inquiresaslnameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult.mech_description", false]], "mech_name (inquiresaslnameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult.mech_name", false]], "mech_params (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.mech_params", false]], "mechanismnamerequirederror": [[2, "gssapi.exceptions.MechanismNameRequiredError", false], [3, "gssapi.raw.exceptions.MechanismNameRequiredError", false]], "mechs (acquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.AcquireCredResult.mechs", false]], "mechs (addcredresult attribute)": [[3, "gssapi.raw.named_tuples.AddCredResult.mechs", false]], "mechs (credentials property)": [[2, "gssapi.creds.Credentials.mechs", false]], "mechs (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.mechs", false]], "mechs (storecredresult attribute)": [[3, "gssapi.raw.named_tuples.StoreCredResult.mechs", false]], "mechtype (class in gssapi)": [[2, "gssapi.MechType", false]], "mechtype (class in gssapi.raw.misc)": [[3, "gssapi.raw.misc.MechType", false]], "mechtype (class in gssapi.raw.types)": [[3, "gssapi.raw.types.MechType", false]], "message (gsserror attribute)": [[2, "gssapi.exceptions.GSSError.MESSAGE", false]], "message (unwrapresult attribute)": [[3, "gssapi.raw.named_tuples.UnwrapResult.message", false]], "message (wrapresult attribute)": [[3, "gssapi.raw.named_tuples.WrapResult.message", false]], "mic_token (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.mic_token", false]], "min_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.min_code", false], [3, "gssapi.raw.misc.GSSError.min_code", false]], "missingcontexterror": [[2, "gssapi.exceptions.MissingContextError", false], [3, "gssapi.raw.exceptions.MissingContextError", false]], "missingcredentialserror": [[2, "gssapi.exceptions.MissingCredentialsError", false], [3, "gssapi.raw.exceptions.MissingCredentialsError", false]], "module": [[2, "module-gssapi", false], [2, "module-gssapi.creds", false], [2, "module-gssapi.exceptions", false], [2, "module-gssapi.names", false], [2, "module-gssapi.sec_contexts", false], [3, "module-gssapi.raw", false], [3, "module-gssapi.raw.chan_bindings", false], [3, "module-gssapi.raw.creds", false], [3, "module-gssapi.raw.exceptions", false], [3, "module-gssapi.raw.ext_cred_imp_exp", false], [3, "module-gssapi.raw.ext_cred_store", false], [3, "module-gssapi.raw.ext_dce", false], [3, "module-gssapi.raw.ext_ggf", false], [3, "module-gssapi.raw.ext_iov_mic", false], [3, "module-gssapi.raw.ext_krb5", false], [3, "module-gssapi.raw.ext_password", false], [3, "module-gssapi.raw.ext_password_add", false], [3, "module-gssapi.raw.ext_rfc4178", false], [3, "module-gssapi.raw.ext_rfc5587", false], [3, "module-gssapi.raw.ext_rfc5588", false], [3, "module-gssapi.raw.ext_rfc5801", false], [3, "module-gssapi.raw.ext_rfc6680", false], [3, "module-gssapi.raw.ext_s4u", false], [3, "module-gssapi.raw.ext_set_cred_opt", false], [3, "module-gssapi.raw.message", false], [3, "module-gssapi.raw.misc", false], [3, "module-gssapi.raw.named_tuples", false], [3, "module-gssapi.raw.names", false], [3, "module-gssapi.raw.oids", false], [3, "module-gssapi.raw.sec_contexts", false], [3, "module-gssapi.raw.types", false]], "more_steps (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.more_steps", false]], "more_steps (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.more_steps", false]], "mutual_authentication (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.mutual_authentication", false]], "name (class in gssapi.names)": [[2, "gssapi.names.Name", false]], "name (class in gssapi.raw.misc)": [[3, "gssapi.raw.misc.Name", false]], "name (class in gssapi.raw.names)": [[3, "gssapi.raw.names.Name", false]], "name (credentials property)": [[2, "gssapi.creds.Credentials.name", false]], "name (displayattrresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult.name", false]], "name (displaynameresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayNameResult.name", false]], "name (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.name", false]], "name (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.name", false]], "name_type (displaynameresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayNameResult.name_type", false]], "name_type (name property)": [[2, "gssapi.names.Name.name_type", false]], "namereaderror": [[2, "gssapi.exceptions.NameReadError", false], [3, "gssapi.raw.exceptions.NameReadError", false]], "nametype (class in gssapi)": [[2, "gssapi.NameType", false]], "nametype (class in gssapi.raw.types)": [[3, "gssapi.raw.types.NameType", false]], "nametypereaderror": [[2, "gssapi.exceptions.NameTypeReadError", false], [3, "gssapi.raw.exceptions.NameTypeReadError", false]], "nbs (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.nbs", false]], "null (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.null", false]], "oid (class in gssapi)": [[2, "gssapi.OID", false]], "oid (class in gssapi.raw.misc)": [[3, "gssapi.raw.misc.OID", false]], "oid (class in gssapi.raw.oids)": [[3, "gssapi.raw.oids.OID", false]], "ok_as_delegate (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.ok_as_delegate", false]], "operationunavailableerror": [[2, "gssapi.exceptions.OperationUnavailableError", false], [3, "gssapi.raw.exceptions.OperationUnavailableError", false]], "osi_tp4 (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.osi_tp4", false]], "out_of_sequence_detection (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.out_of_sequence_detection", false]], "padding (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.padding", false]], "parameterreaderror": [[2, "gssapi.exceptions.ParameterReadError", false], [3, "gssapi.raw.exceptions.ParameterReadError", false]], "parameterwriteerror": [[2, "gssapi.exceptions.ParameterWriteError", false], [3, "gssapi.raw.exceptions.ParameterWriteError", false]], "process_context_token() (in module gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.process_context_token", false]], "process_token() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.process_token", false]], "protection_ready (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.protection_ready", false]], "protocol (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.protocol", false]], "pup (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.pup", false]], "qop (iovunwrapresult attribute)": [[3, "gssapi.raw.named_tuples.IOVUnwrapResult.qop", false]], "qop (unwrapresult attribute)": [[3, "gssapi.raw.named_tuples.UnwrapResult.qop", false]], "recv_seq (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.recv_seq", false]], "release_cred() (in module gssapi.raw.creds)": [[3, "gssapi.raw.creds.release_cred", false]], "release_name() (in module gssapi.raw.names)": [[3, "gssapi.raw.names.release_name", false]], "replay_detection (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.replay_detection", false]], "requirementflag (class in gssapi)": [[2, "gssapi.RequirementFlag", false]], "requirementflag (class in gssapi.raw.types)": [[3, "gssapi.raw.types.RequirementFlag", false]], "rfc": [[2, "index-0", false], [3, "index-0", false], [3, "index-1", false], [3, "index-2", false], [3, "index-3", false], [3, "index-4", false], [3, "index-5", false], [4, "index-0", false]], "rfc 2744": [[3, "index-0", false], [4, "index-0", false]], "rfc 4178": [[3, "index-1", false]], "rfc 5587": [[3, "index-2", false]], "rfc 5588": [[2, "index-0", false], [3, "index-3", false]], "rfc 5801": [[3, "index-4", false]], "rfc 6680": [[3, "index-5", false]], "rfc1964_kd (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.rfc1964_kd", false]], "rfc1964keydata (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData", false]], "routine_code (badchannelbindingserror attribute)": [[2, "gssapi.exceptions.BadChannelBindingsError.ROUTINE_CODE", false]], "routine_code (badmechanismerror attribute)": [[2, "gssapi.exceptions.BadMechanismError.ROUTINE_CODE", false]], "routine_code (badmicerror attribute)": [[2, "gssapi.exceptions.BadMICError.ROUTINE_CODE", false]], "routine_code (badnameerror attribute)": [[2, "gssapi.exceptions.BadNameError.ROUTINE_CODE", false]], "routine_code (badnametypeerror attribute)": [[2, "gssapi.exceptions.BadNameTypeError.ROUTINE_CODE", false]], "routine_code (badqoperror attribute)": [[2, "gssapi.exceptions.BadQoPError.ROUTINE_CODE", false]], "routine_code (badstatuserror attribute)": [[2, "gssapi.exceptions.BadStatusError.ROUTINE_CODE", false]], "routine_code (duplicatecredentialselementerror attribute)": [[2, "gssapi.exceptions.DuplicateCredentialsElementError.ROUTINE_CODE", false]], "routine_code (expiredcontexterror attribute)": [[2, "gssapi.exceptions.ExpiredContextError.ROUTINE_CODE", false]], "routine_code (expiredcredentialserror attribute)": [[2, "gssapi.exceptions.ExpiredCredentialsError.ROUTINE_CODE", false]], "routine_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.routine_code", false], [3, "gssapi.raw.misc.GSSError.routine_code", false]], "routine_code (invalidcredentialserror attribute)": [[2, "gssapi.exceptions.InvalidCredentialsError.ROUTINE_CODE", false]], "routine_code (invalidtokenerror attribute)": [[2, "gssapi.exceptions.InvalidTokenError.ROUTINE_CODE", false]], "routine_code (mechanismnamerequirederror attribute)": [[2, "gssapi.exceptions.MechanismNameRequiredError.ROUTINE_CODE", false]], "routine_code (missingcontexterror attribute)": [[2, "gssapi.exceptions.MissingContextError.ROUTINE_CODE", false]], "routine_code (missingcredentialserror attribute)": [[2, "gssapi.exceptions.MissingCredentialsError.ROUTINE_CODE", false]], "routine_code (operationunavailableerror attribute)": [[2, "gssapi.exceptions.OperationUnavailableError.ROUTINE_CODE", false]], "routine_code (unauthorizederror attribute)": [[2, "gssapi.exceptions.UnauthorizedError.ROUTINE_CODE", false]], "sasl_mech_name (inquiresaslnameresult attribute)": [[3, "gssapi.raw.named_tuples.InquireSASLNameResult.sasl_mech_name", false]], "seal_alg (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.seal_alg", false]], "securitycontext (class in gssapi.raw.sec_contexts)": [[3, "gssapi.raw.sec_contexts.SecurityContext", false]], "securitycontext (class in gssapi.sec_contexts)": [[2, "gssapi.sec_contexts.SecurityContext", false]], "send_seq (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.send_seq", false]], "set_cred_option() (in module gssapi.raw.ext_set_cred_opt)": [[3, "gssapi.raw.ext_set_cred_opt.set_cred_option", false]], "set_encoding() (in module gssapi)": [[2, "gssapi.set_encoding", false]], "set_name_attribute() (in module gssapi.raw.ext_rfc6680)": [[3, "gssapi.raw.ext_rfc6680.set_name_attribute", false]], "set_neg_mechs() (in module gssapi.raw.ext_rfc4178)": [[3, "gssapi.raw.ext_rfc4178.set_neg_mechs", false]], "set_sec_context_option() (in module gssapi.raw.ext_ggf)": [[3, "gssapi.raw.ext_ggf.set_sec_context_option", false]], "short_desc (displayattrresult attribute)": [[3, "gssapi.raw.named_tuples.DisplayAttrResult.short_desc", false]], "sign_alg (rfc1964keydata attribute)": [[3, "gssapi.raw.named_tuples.Rfc1964KeyData.sign_alg", false]], "sign_only (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.sign_only", false]], "step() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.step", false]], "store() (credentials method)": [[2, "gssapi.creds.Credentials.store", false]], "store_cred() (in module gssapi.raw.ext_rfc5588)": [[3, "gssapi.raw.ext_rfc5588.store_cred", false]], "store_cred_into() (in module gssapi.raw.ext_cred_store)": [[3, "gssapi.raw.ext_cred_store.store_cred_into", false]], "storecredresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.StoreCredResult", false]], "stream (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.stream", false]], "string_uid (nametype attribute)": [[2, "gssapi.NameType.string_uid", false], [3, "gssapi.raw.types.NameType.string_uid", false]], "supplementary_code (duplicatetokenerror attribute)": [[2, "gssapi.exceptions.DuplicateTokenError.SUPPLEMENTARY_CODE", false]], "supplementary_code (expiredtokenerror attribute)": [[2, "gssapi.exceptions.ExpiredTokenError.SUPPLEMENTARY_CODE", false]], "supplementary_code (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.supplementary_code", false], [3, "gssapi.raw.misc.GSSError.supplementary_code", false]], "supplementary_code (tokentooearlyerror attribute)": [[2, "gssapi.exceptions.TokenTooEarlyError.SUPPLEMENTARY_CODE", false]], "supplementary_code (tokentoolateerror attribute)": [[2, "gssapi.exceptions.TokenTooLateError.SUPPLEMENTARY_CODE", false]], "supplementaryerror": [[2, "gssapi.exceptions.SupplementaryError", false], [3, "gssapi.raw.exceptions.SupplementaryError", false]], "target_name (inquirecontextresult attribute)": [[3, "gssapi.raw.named_tuples.InquireContextResult.target_name", false]], "target_name (securitycontext property)": [[2, "gssapi.sec_contexts.SecurityContext.target_name", false]], "token (acceptseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.AcceptSecContextResult.token", false]], "token (gsserror attribute)": [[3, "gssapi.raw.exceptions.GSSError.token", false], [3, "gssapi.raw.misc.GSSError.token", false]], "token (initseccontextresult attribute)": [[3, "gssapi.raw.named_tuples.InitSecContextResult.token", false]], "tokenoutofsequenceerror": [[2, "gssapi.exceptions.TokenOutOfSequenceError", false], [3, "gssapi.raw.exceptions.TokenOutOfSequenceError", false]], "tokenreaderror": [[2, "gssapi.exceptions.TokenReadError", false], [3, "gssapi.raw.exceptions.TokenReadError", false]], "tokentooearlyerror": [[2, "gssapi.exceptions.TokenTooEarlyError", false], [3, "gssapi.raw.exceptions.TokenTooEarlyError", false]], "tokentoolateerror": [[2, "gssapi.exceptions.TokenTooLateError", false], [3, "gssapi.raw.exceptions.TokenTooLateError", false]], "trailer (iovbuffertype attribute)": [[3, "gssapi.raw.ext_dce.IOVBufferType.trailer", false]], "transferable (requirementflag attribute)": [[3, "gssapi.raw.types.RequirementFlag.transferable", false]], "type (iovbuffer attribute)": [[3, "gssapi.raw.ext_dce.IOVBuffer.type", false]], "unauthorizederror": [[2, "gssapi.exceptions.UnauthorizedError", false], [3, "gssapi.raw.exceptions.UnauthorizedError", false]], "unknownusageerror": [[2, "gssapi.exceptions.UnknownUsageError", false]], "unwrap() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.unwrap", false]], "unwrap() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.unwrap", false]], "unwrap_aead() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.unwrap_aead", false]], "unwrap_iov() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.unwrap_iov", false]], "unwrapresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.UnwrapResult", false]], "usage (credentials property)": [[2, "gssapi.creds.Credentials.usage", false]], "usage (inquirecredbymechresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredByMechResult.usage", false]], "usage (inquirecredresult attribute)": [[3, "gssapi.raw.named_tuples.InquireCredResult.usage", false]], "usage (storecredresult attribute)": [[3, "gssapi.raw.named_tuples.StoreCredResult.usage", false]], "user (nametype attribute)": [[2, "gssapi.NameType.user", false], [3, "gssapi.raw.types.NameType.user", false]], "value (iovbuffer attribute)": [[3, "gssapi.raw.ext_dce.IOVBuffer.value", false]], "values (getnameattributeresult attribute)": [[3, "gssapi.raw.named_tuples.GetNameAttributeResult.values", false]], "verify_mic() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.verify_mic", false]], "verify_mic_iov() (in module gssapi.raw.ext_iov_mic)": [[3, "gssapi.raw.ext_iov_mic.verify_mic_iov", false]], "verify_signature() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.verify_signature", false]], "version (krb5lucidcontextv1 property)": [[3, "gssapi.raw.ext_krb5.Krb5LucidContextV1.version", false]], "wrap() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.wrap", false]], "wrap() (securitycontext method)": [[2, "gssapi.sec_contexts.SecurityContext.wrap", false]], "wrap_aead() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.wrap_aead", false]], "wrap_iov() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.wrap_iov", false]], "wrap_iov_length() (in module gssapi.raw.ext_dce)": [[3, "gssapi.raw.ext_dce.wrap_iov_length", false]], "wrap_size_limit() (in module gssapi.raw.message)": [[3, "gssapi.raw.message.wrap_size_limit", false]], "wrapresult (class in gssapi.raw.named_tuples)": [[3, "gssapi.raw.named_tuples.WrapResult", false]], "x25 (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.x25", false]], "xerox_ns (addresstype attribute)": [[3, "gssapi.raw.types.AddressType.xerox_ns", false]]}, "objects": {"": [[2, 0, 0, "-", "gssapi"]], "gssapi": [[2, 1, 1, "", "AddressType"], [2, 1, 1, "", "IntEnumFlagSet"], [2, 1, 1, "", "MechType"], [2, 1, 1, "", "NameType"], [2, 1, 1, "", "OID"], [2, 1, 1, "", "RequirementFlag"], [2, 0, 0, "-", "creds"], [2, 0, 0, "-", "exceptions"], [2, 0, 0, "-", "names"], [3, 0, 0, "-", "raw"], [2, 0, 0, "-", "sec_contexts"], [2, 6, 1, "", "set_encoding"]], "gssapi.MechType": [[2, 2, 1, "", "kerberos"]], "gssapi.NameType": [[2, 2, 1, "", "anonymous"], [2, 2, 1, "", "composite_export"], [2, 2, 1, "", "export"], [2, 2, 1, "", "hostbased_service"], [2, 2, 1, "", "kerberos_principal"], [2, 2, 1, "", "krb5_nt_principal_name"], [2, 2, 1, "", "machine_uid"], [2, 2, 1, "", "string_uid"], [2, 2, 1, "", "user"]], "gssapi.creds": [[2, 1, 1, "", "Credentials"]], "gssapi.creds.Credentials": [[2, 3, 1, "", "acquire"], [2, 3, 1, "", "add"], [2, 3, 1, "", "export"], [2, 3, 1, "", "impersonate"], [2, 3, 1, "", "inquire"], [2, 3, 1, "", "inquire_by_mech"], [2, 4, 1, "", "lifetime"], [2, 4, 1, "", "mechs"], [2, 4, 1, "", "name"], [2, 3, 1, "", "store"], [2, 4, 1, "", "usage"]], "gssapi.exceptions": [[2, 5, 1, "", "BadChannelBindingsError"], [2, 5, 1, "", "BadMICError"], [2, 5, 1, "", "BadMechanismError"], [2, 5, 1, "", "BadNameError"], [2, 5, 1, "", "BadNameTypeError"], [2, 5, 1, "", "BadQoPError"], [2, 5, 1, "", "BadStatusError"], [2, 5, 1, "", "ContextReadError"], [2, 5, 1, "", "ContextWriteError"], [2, 5, 1, "", "CredentialsReadError"], [2, 5, 1, "", "CredentialsWriteError"], [2, 5, 1, "", "DuplicateCredentialsElementError"], [2, 5, 1, "", "DuplicateTokenError"], [2, 5, 1, "", "EncryptionNotUsed"], [2, 5, 1, "", "ExpiredContextError"], [2, 5, 1, "", "ExpiredCredentialsError"], [2, 5, 1, "", "ExpiredTokenError"], [2, 5, 1, "", "GSSError"], [2, 5, 1, "", "GeneralError"], [2, 5, 1, "", "InvalidCredentialsError"], [2, 5, 1, "", "InvalidTokenError"], [2, 5, 1, "", "MalformedParameterError"], [2, 5, 1, "", "MechanismNameRequiredError"], [2, 5, 1, "", "MissingContextError"], [2, 5, 1, "", "MissingCredentialsError"], [2, 5, 1, "", "NameReadError"], [2, 5, 1, "", "NameTypeReadError"], [2, 5, 1, "", "OperationUnavailableError"], [2, 5, 1, "", "ParameterReadError"], [2, 5, 1, "", "ParameterWriteError"], [2, 5, 1, "", "SupplementaryError"], [2, 5, 1, "", "TokenOutOfSequenceError"], [2, 5, 1, "", "TokenReadError"], [2, 5, 1, "", "TokenTooEarlyError"], [2, 5, 1, "", "TokenTooLateError"], [2, 5, 1, "", "UnauthorizedError"], [2, 5, 1, "", "UnknownUsageError"]], "gssapi.exceptions.BadChannelBindingsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadMICError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadMechanismError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadNameError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadNameTypeError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadQoPError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.BadStatusError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.DuplicateCredentialsElementError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.DuplicateTokenError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.EncryptionNotUsed": [[2, 2, 1, "", "MAJOR_MESSAGE"]], "gssapi.exceptions.ExpiredContextError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.ExpiredCredentialsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.ExpiredTokenError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.GSSError": [[2, 2, 1, "", "MESSAGE"], [2, 3, 1, "", "gen_message"], [2, 3, 1, "", "get_all_statuses"]], "gssapi.exceptions.GeneralError": [[2, 2, 1, "", "FMT_STR"], [2, 2, 1, "", "MAJOR_MESSAGE"]], "gssapi.exceptions.InvalidCredentialsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.InvalidTokenError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.MalformedParameterError": [[2, 2, 1, "", "CALLING_CODE"]], "gssapi.exceptions.MechanismNameRequiredError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.MissingContextError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.MissingCredentialsError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.OperationUnavailableError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.ParameterReadError": [[2, 2, 1, "", "CALLING_CODE"]], "gssapi.exceptions.ParameterWriteError": [[2, 2, 1, "", "CALLING_CODE"]], "gssapi.exceptions.TokenTooEarlyError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.TokenTooLateError": [[2, 2, 1, "", "SUPPLEMENTARY_CODE"]], "gssapi.exceptions.UnauthorizedError": [[2, 2, 1, "", "ROUTINE_CODE"]], "gssapi.exceptions.UnknownUsageError": [[2, 2, 1, "", "MAJOR_MESSAGE"]], "gssapi.names": [[2, 1, 1, "", "Name"]], "gssapi.names.Name": [[2, 4, 1, "", "attributes"], [2, 3, 1, "", "canonicalize"], [2, 3, 1, "", "display_as"], [2, 3, 1, "", "export"], [2, 4, 1, "", "is_mech_name"], [2, 4, 1, "", "mech"], [2, 4, 1, "", "name_type"]], "gssapi.raw": [[3, 0, 0, "-", "chan_bindings"], [3, 0, 0, "-", "creds"], [3, 0, 0, "-", "exceptions"], [3, 0, 0, "-", "ext_cred_imp_exp"], [3, 0, 0, "-", "ext_cred_store"], [3, 0, 0, "-", "ext_dce"], [3, 0, 0, "-", "ext_ggf"], [3, 0, 0, "-", "ext_iov_mic"], [3, 0, 0, "-", "ext_krb5"], [3, 0, 0, "-", "ext_password"], [3, 0, 0, "-", "ext_password_add"], [3, 0, 0, "-", "ext_rfc4178"], [3, 0, 0, "-", "ext_rfc5587"], [3, 0, 0, "-", "ext_rfc5588"], [3, 0, 0, "-", "ext_rfc5801"], [3, 0, 0, "-", "ext_rfc6680"], [3, 0, 0, "-", "ext_s4u"], [3, 0, 0, "-", "ext_set_cred_opt"], [3, 0, 0, "-", "message"], [3, 0, 0, "-", "misc"], [3, 0, 0, "-", "named_tuples"], [3, 0, 0, "-", "names"], [3, 0, 0, "-", "oids"], [3, 0, 0, "-", "sec_contexts"], [3, 0, 0, "-", "types"]], "gssapi.raw.chan_bindings": [[3, 1, 1, "", "ChannelBindings"]], "gssapi.raw.chan_bindings.ChannelBindings": [[3, 2, 1, "", "acceptor_address"], [3, 2, 1, "", "acceptor_address_type"], [3, 2, 1, "", "application_data"], [3, 2, 1, "", "initiator_address"], [3, 2, 1, "", "initiator_address_type"]], "gssapi.raw.creds": [[3, 1, 1, "", "Creds"], [3, 6, 1, "", "acquire_cred"], [3, 6, 1, "", "add_cred"], [3, 6, 1, "", "inquire_cred"], [3, 6, 1, "", "inquire_cred_by_mech"], [3, 6, 1, "", "release_cred"]], "gssapi.raw.exceptions": [[3, 5, 1, "", "BadChannelBindingsError"], [3, 5, 1, "", "BadMICError"], [3, 5, 1, "", "BadMechanismError"], [3, 5, 1, "", "BadNameError"], [3, 5, 1, "", "BadNameTypeError"], [3, 5, 1, "", "BadQoPError"], [3, 5, 1, "", "BadStatusError"], [3, 5, 1, "", "ContextReadError"], [3, 5, 1, "", "ContextWriteError"], [3, 5, 1, "", "CredentialsReadError"], [3, 5, 1, "", "CredentialsWriteError"], [3, 5, 1, "", "DuplicateCredentialsElementError"], [3, 5, 1, "", "DuplicateTokenError"], [3, 5, 1, "", "ExpiredContextError"], [3, 5, 1, "", "ExpiredCredentialsError"], [3, 5, 1, "", "ExpiredTokenError"], [3, 5, 1, "", "GSSError"], [3, 5, 1, "", "InvalidCredentialsError"], [3, 5, 1, "", "InvalidTokenError"], [3, 5, 1, "", "MalformedParameterError"], [3, 5, 1, "", "MechanismNameRequiredError"], [3, 5, 1, "", "MissingContextError"], [3, 5, 1, "", "MissingCredentialsError"], [3, 5, 1, "", "NameReadError"], [3, 5, 1, "", "NameTypeReadError"], [3, 5, 1, "", "OperationUnavailableError"], [3, 5, 1, "", "ParameterReadError"], [3, 5, 1, "", "ParameterWriteError"], [3, 5, 1, "", "SupplementaryError"], [3, 5, 1, "", "TokenOutOfSequenceError"], [3, 5, 1, "", "TokenReadError"], [3, 5, 1, "", "TokenTooEarlyError"], [3, 5, 1, "", "TokenTooLateError"], [3, 5, 1, "", "UnauthorizedError"]], "gssapi.raw.exceptions.GSSError": [[3, 2, 1, "", "calling_code"], [3, 3, 1, "", "gen_message"], [3, 3, 1, "", "get_all_statuses"], [3, 2, 1, "", "maj_code"], [3, 2, 1, "", "min_code"], [3, 2, 1, "", "routine_code"], [3, 2, 1, "", "supplementary_code"], [3, 2, 1, "", "token"]], "gssapi.raw.ext_cred_imp_exp": [[3, 6, 1, "", "export_cred"], [3, 6, 1, "", "import_cred"]], "gssapi.raw.ext_cred_store": [[3, 6, 1, "", "acquire_cred_from"], [3, 6, 1, "", "add_cred_from"], [3, 6, 1, "", "store_cred_into"]], "gssapi.raw.ext_dce": [[3, 1, 1, "", "IOV"], [3, 1, 1, "", "IOVBuffer"], [3, 1, 1, "", "IOVBufferType"], [3, 6, 1, "", "unwrap_aead"], [3, 6, 1, "", "unwrap_iov"], [3, 6, 1, "", "wrap_aead"], [3, 6, 1, "", "wrap_iov"], [3, 6, 1, "", "wrap_iov_length"]], "gssapi.raw.ext_dce.IOV": [[3, 3, 1, "", "count"], [3, 3, 1, "", "index"]], "gssapi.raw.ext_dce.IOVBuffer": [[3, 2, 1, "", "allocate"], [3, 2, 1, "", "type"], [3, 2, 1, "", "value"]], "gssapi.raw.ext_dce.IOVBufferType": [[3, 2, 1, "", "data"], [3, 2, 1, "", "empty"], [3, 2, 1, "", "header"], [3, 2, 1, "", "mech_params"], [3, 2, 1, "", "mic_token"], [3, 2, 1, "", "padding"], [3, 2, 1, "", "sign_only"], [3, 2, 1, "", "stream"], [3, 2, 1, "", "trailer"]], "gssapi.raw.ext_ggf": [[3, 6, 1, "", "inquire_cred_by_oid"], [3, 6, 1, "", "inquire_sec_context_by_oid"], [3, 6, 1, "", "set_sec_context_option"]], "gssapi.raw.ext_iov_mic": [[3, 6, 1, "", "get_mic_iov"], [3, 6, 1, "", "get_mic_iov_length"], [3, 6, 1, "", "verify_mic_iov"]], "gssapi.raw.ext_krb5": [[3, 1, 1, "", "Krb5LucidContext"], [3, 1, 1, "", "Krb5LucidContextV1"], [3, 6, 1, "", "krb5_ccache_name"], [3, 6, 1, "", "krb5_export_lucid_sec_context"], [3, 6, 1, "", "krb5_extract_authtime_from_sec_context"], [3, 6, 1, "", "krb5_extract_authz_data_from_sec_context"], [3, 6, 1, "", "krb5_get_tkt_flags"], [3, 6, 1, "", "krb5_import_cred"], [3, 6, 1, "", "krb5_set_allowable_enctypes"]], "gssapi.raw.ext_krb5.Krb5LucidContextV1": [[3, 4, 1, "", "cfx_kd"], [3, 4, 1, "", "endtime"], [3, 4, 1, "", "is_initiator"], [3, 4, 1, "", "protocol"], [3, 4, 1, "", "recv_seq"], [3, 4, 1, "", "rfc1964_kd"], [3, 4, 1, "", "send_seq"], [3, 4, 1, "", "version"]], "gssapi.raw.ext_password": [[3, 6, 1, "", "acquire_cred_with_password"]], "gssapi.raw.ext_password_add": [[3, 6, 1, "", "add_cred_with_password"]], "gssapi.raw.ext_rfc4178": [[3, 6, 1, "", "set_neg_mechs"]], "gssapi.raw.ext_rfc5587": [[3, 6, 1, "", "display_mech_attr"], [3, 6, 1, "", "indicate_mechs_by_attrs"], [3, 6, 1, "", "inquire_attrs_for_mech"]], "gssapi.raw.ext_rfc5588": [[3, 6, 1, "", "store_cred"]], "gssapi.raw.ext_rfc5801": [[3, 6, 1, "", "inquire_mech_for_saslname"], [3, 6, 1, "", "inquire_saslname_for_mech"]], "gssapi.raw.ext_rfc6680": [[3, 6, 1, "", "delete_name_attribute"], [3, 6, 1, "", "display_name_ext"], [3, 6, 1, "", "export_name_composite"], [3, 6, 1, "", "get_name_attribute"], [3, 6, 1, "", "inquire_name"], [3, 6, 1, "", "set_name_attribute"]], "gssapi.raw.ext_s4u": [[3, 6, 1, "", "acquire_cred_impersonate_name"], [3, 6, 1, "", "add_cred_impersonate_name"]], "gssapi.raw.ext_set_cred_opt": [[3, 6, 1, "", "set_cred_option"]], "gssapi.raw.message": [[3, 6, 1, "", "get_mic"], [3, 6, 1, "", "unwrap"], [3, 6, 1, "", "verify_mic"], [3, 6, 1, "", "wrap"], [3, 6, 1, "", "wrap_size_limit"]], "gssapi.raw.misc": [[3, 5, 1, "", "GSSError"], [3, 1, 1, "", "MechType"], [3, 1, 1, "", "Name"], [3, 1, 1, "", "OID"], [3, 6, 1, "", "indicate_mechs"], [3, 6, 1, "", "inquire_mechs_for_name"], [3, 6, 1, "", "inquire_names_for_mech"]], "gssapi.raw.misc.GSSError": [[3, 2, 1, "", "calling_code"], [3, 3, 1, "", "gen_message"], [3, 3, 1, "", "get_all_statuses"], [3, 2, 1, "", "maj_code"], [3, 2, 1, "", "min_code"], [3, 2, 1, "", "routine_code"], [3, 2, 1, "", "supplementary_code"], [3, 2, 1, "", "token"]], "gssapi.raw.misc.MechType": [[3, 2, 1, "", "kerberos"]], "gssapi.raw.misc.OID": [[3, 4, 1, "", "dotted_form"], [3, 3, 1, "", "from_int_seq"]], "gssapi.raw.named_tuples": [[3, 1, 1, "", "AcceptSecContextResult"], [3, 1, 1, "", "AcquireCredResult"], [3, 1, 1, "", "AddCredResult"], [3, 1, 1, "", "CfxKeyData"], [3, 1, 1, "", "DisplayAttrResult"], [3, 1, 1, "", "DisplayNameResult"], [3, 1, 1, "", "GetNameAttributeResult"], [3, 1, 1, "", "IOVUnwrapResult"], [3, 1, 1, "", "InitSecContextResult"], [3, 1, 1, "", "InquireAttrsResult"], [3, 1, 1, "", "InquireContextResult"], [3, 1, 1, "", "InquireCredByMechResult"], [3, 1, 1, "", "InquireCredResult"], [3, 1, 1, "", "InquireNameResult"], [3, 1, 1, "", "InquireSASLNameResult"], [3, 1, 1, "", "Rfc1964KeyData"], [3, 1, 1, "", "StoreCredResult"], [3, 1, 1, "", "UnwrapResult"], [3, 1, 1, "", "WrapResult"]], "gssapi.raw.named_tuples.AcceptSecContextResult": [[3, 2, 1, "", "context"], [3, 2, 1, "", "delegated_creds"], [3, 2, 1, "", "flags"], [3, 2, 1, "", "initiator_name"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mech"], [3, 2, 1, "", "more_steps"], [3, 2, 1, "", "token"]], "gssapi.raw.named_tuples.AcquireCredResult": [[3, 2, 1, "", "creds"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mechs"]], "gssapi.raw.named_tuples.AddCredResult": [[3, 2, 1, "", "accept_lifetime"], [3, 2, 1, "", "creds"], [3, 2, 1, "", "init_lifetime"], [3, 2, 1, "", "mechs"]], "gssapi.raw.named_tuples.CfxKeyData": [[3, 2, 1, "", "acceptor_subkey"], [3, 2, 1, "", "acceptor_subkey_type"], [3, 2, 1, "", "ctx_key"], [3, 2, 1, "", "ctx_key_type"]], "gssapi.raw.named_tuples.DisplayAttrResult": [[3, 2, 1, "", "long_desc"], [3, 2, 1, "", "name"], [3, 2, 1, "", "short_desc"]], "gssapi.raw.named_tuples.DisplayNameResult": [[3, 2, 1, "", "name"], [3, 2, 1, "", "name_type"]], "gssapi.raw.named_tuples.GetNameAttributeResult": [[3, 2, 1, "", "authenticated"], [3, 2, 1, "", "complete"], [3, 2, 1, "", "display_values"], [3, 2, 1, "", "values"]], "gssapi.raw.named_tuples.IOVUnwrapResult": [[3, 2, 1, "", "encrypted"], [3, 2, 1, "", "qop"]], "gssapi.raw.named_tuples.InitSecContextResult": [[3, 2, 1, "", "context"], [3, 2, 1, "", "flags"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mech"], [3, 2, 1, "", "more_steps"], [3, 2, 1, "", "token"]], "gssapi.raw.named_tuples.InquireAttrsResult": [[3, 2, 1, "", "known_mech_attrs"], [3, 2, 1, "", "mech_attrs"]], "gssapi.raw.named_tuples.InquireContextResult": [[3, 2, 1, "", "complete"], [3, 2, 1, "", "flags"], [3, 2, 1, "", "initiator_name"], [3, 2, 1, "", "lifetime"], [3, 2, 1, "", "locally_init"], [3, 2, 1, "", "mech"], [3, 2, 1, "", "target_name"]], "gssapi.raw.named_tuples.InquireCredByMechResult": [[3, 2, 1, "", "accept_lifetime"], [3, 2, 1, "", "init_lifetime"], [3, 2, 1, "", "name"], [3, 2, 1, "", "usage"]], "gssapi.raw.named_tuples.InquireCredResult": [[3, 2, 1, "", "lifetime"], [3, 2, 1, "", "mechs"], [3, 2, 1, "", "name"], [3, 2, 1, "", "usage"]], "gssapi.raw.named_tuples.InquireNameResult": [[3, 2, 1, "", "attrs"], [3, 2, 1, "", "is_mech_name"], [3, 2, 1, "", "mech"]], "gssapi.raw.named_tuples.InquireSASLNameResult": [[3, 2, 1, "", "mech_description"], [3, 2, 1, "", "mech_name"], [3, 2, 1, "", "sasl_mech_name"]], "gssapi.raw.named_tuples.Rfc1964KeyData": [[3, 2, 1, "", "key"], [3, 2, 1, "", "key_type"], [3, 2, 1, "", "seal_alg"], [3, 2, 1, "", "sign_alg"]], "gssapi.raw.named_tuples.StoreCredResult": [[3, 2, 1, "", "mechs"], [3, 2, 1, "", "usage"]], "gssapi.raw.named_tuples.UnwrapResult": [[3, 2, 1, "", "encrypted"], [3, 2, 1, "", "message"], [3, 2, 1, "", "qop"]], "gssapi.raw.named_tuples.WrapResult": [[3, 2, 1, "", "encrypted"], [3, 2, 1, "", "message"]], "gssapi.raw.names": [[3, 1, 1, "", "Name"], [3, 6, 1, "", "canonicalize_name"], [3, 6, 1, "", "compare_name"], [3, 6, 1, "", "display_name"], [3, 6, 1, "", "duplicate_name"], [3, 6, 1, "", "export_name"], [3, 6, 1, "", "import_name"], [3, 6, 1, "", "release_name"]], "gssapi.raw.oids": [[3, 1, 1, "", "OID"]], "gssapi.raw.oids.OID": [[3, 4, 1, "", "dotted_form"], [3, 3, 1, "", "from_int_seq"]], "gssapi.raw.sec_contexts": [[3, 1, 1, "", "SecurityContext"], [3, 6, 1, "", "accept_sec_context"], [3, 6, 1, "", "context_time"], [3, 6, 1, "", "delete_sec_context"], [3, 6, 1, "", "export_sec_context"], [3, 6, 1, "", "import_sec_context"], [3, 6, 1, "", "init_sec_context"], [3, 6, 1, "", "inquire_context"], [3, 6, 1, "", "process_context_token"]], "gssapi.raw.types": [[3, 1, 1, "", "AddressType"], [3, 1, 1, "", "GenericFlagSet"], [3, 1, 1, "", "IntEnumFlagSet"], [3, 1, 1, "", "MechType"], [3, 1, 1, "", "NameType"], [3, 1, 1, "", "RequirementFlag"]], "gssapi.raw.types.AddressType": [[3, 2, 1, "", "appletalk"], [3, 2, 1, "", "arpanet"], [3, 2, 1, "", "bisync"], [3, 2, 1, "", "ccitt"], [3, 2, 1, "", "chaos"], [3, 2, 1, "", "datakit"], [3, 2, 1, "", "decnet"], [3, 2, 1, "", "dli"], [3, 2, 1, "", "dss"], [3, 2, 1, "", "ecma"], [3, 2, 1, "", "hyperchannel"], [3, 2, 1, "", "ibm_sna"], [3, 2, 1, "", "ip"], [3, 2, 1, "", "lat"], [3, 2, 1, "", "local"], [3, 2, 1, "", "nbs"], [3, 2, 1, "", "null"], [3, 2, 1, "", "osi_tp4"], [3, 2, 1, "", "pup"], [3, 2, 1, "", "x25"], [3, 2, 1, "", "xerox_ns"]], "gssapi.raw.types.GenericFlagSet": [[3, 2, 1, "", "MAX_VAL"], [3, 3, 1, "", "add"], [3, 3, 1, "", "discard"]], "gssapi.raw.types.MechType": [[3, 2, 1, "", "kerberos"]], "gssapi.raw.types.NameType": [[3, 2, 1, "", "anonymous"], [3, 2, 1, "", "composite_export"], [3, 2, 1, "", "export"], [3, 2, 1, "", "hostbased_service"], [3, 2, 1, "", "kerberos_principal"], [3, 2, 1, "", "krb5_nt_principal_name"], [3, 2, 1, "", "machine_uid"], [3, 2, 1, "", "string_uid"], [3, 2, 1, "", "user"]], "gssapi.raw.types.RequirementFlag": [[3, 2, 1, "", "anonymity"], [3, 2, 1, "", "channel_bound"], [3, 2, 1, "", "confidentiality"], [3, 2, 1, "", "dce_style"], [3, 2, 1, "", "delegate_to_peer"], [3, 2, 1, "", "extended_error"], [3, 2, 1, "", "identify"], [3, 2, 1, "", "integrity"], [3, 2, 1, "", "mutual_authentication"], [3, 2, 1, "", "ok_as_delegate"], [3, 2, 1, "", "out_of_sequence_detection"], [3, 2, 1, "", "protection_ready"], [3, 2, 1, "", "replay_detection"], [3, 2, 1, "", "transferable"]], "gssapi.sec_contexts": [[2, 1, 1, "", "SecurityContext"]], "gssapi.sec_contexts.SecurityContext": [[2, 4, 1, "", "actual_flags"], [2, 4, 1, "", "complete"], [2, 3, 1, "", "decrypt"], [2, 4, 1, "", "delegated_creds"], [2, 3, 1, "", "encrypt"], [2, 3, 1, "", "export"], [2, 3, 1, "", "get_signature"], [2, 3, 1, "", "get_wrap_size_limit"], [2, 4, 1, "", "initiator_name"], [2, 4, 1, "", "lifetime"], [2, 4, 1, "", "locally_initiated"], [2, 4, 1, "", "mech"], [2, 3, 1, "", "process_token"], [2, 3, 1, "", "step"], [2, 4, 1, "", "target_name"], [2, 3, 1, "", "unwrap"], [2, 3, 1, "", "verify_signature"], [2, 3, 1, "", "wrap"]]}, "objnames": {"0": ["py", "module", "Python module"], "1": ["py", "class", "Python class"], "2": ["py", "attribute", "Python attribute"], "3": ["py", "method", "Python method"], "4": ["py", "property", "Python property"], "5": ["py", "exception", "Python exception"], "6": ["py", "function", "Python function"]}, "objtypes": {"0": "py:module", "1": "py:class", "2": "py:attribute", "3": "py:method", "4": "py:property", "5": "py:exception", "6": "py:function"}, "terms": {"": [0, 2, 3], "0": [0, 3], "00": 3, "01": 3, "1": [0, 2, 3], "10": 3, "1048576": 2, "11": 3, "1114112": 2, "113554": [0, 2], "1179648": 2, "12": 3, "128": 3, "13": [2, 3], "131072": 2, "14": 3, "15": 3, "16": [2, 3], "16384": 3, "167": 0, "16777216": 2, "17": 3, "18": 3, "19": 3, "196608": 2, "2": [0, 2, 3], "2048": 3, "21": 3, "255": 3, "256": 3, "262144": 2, "2744": 4, "29": 3, "295": 0, "3": [2, 3], "32": 3, "32768": 3, "327680": 2, "33554432": 2, "393216": 2, "4": [0, 2, 3], "4096": 3, "43": 3, "458752": 2, "5": [0, 2, 3], "50331648": 2, "524288": 2, "5588": 2, "589824": 2, "6": [2, 3], "64": 3, "655": 3, "65536": 2, "655360": 2, "6680": 2, "7": 3, "7165": 3, "720896": 2, "752": 3, "786432": 2, "8": [2, 3], "8192": 3, "840": [0, 2], "9": 3, "917504": 2, "983040": 2, "A": [2, 3, 6], "AND": 3, "As": [0, 3], "By": 2, "For": [0, 2, 3], "If": [0, 1, 2, 3], "In": [0, 2, 3], "It": [1, 2, 3], "NOT": 3, "No": 2, "OR": 3, "One": 3, "The": [0, 2, 3, 4], "There": [0, 3], "These": [0, 2, 3], "To": [0, 3, 4, 6], "_": 0, "__defer_step_errors__": 2, "_util": 0, "abl": 3, "about": [2, 3], "abov": [0, 2], "absent": 3, "abstract": 2, "accept": [0, 1, 2, 3], "accept_lifetim": [2, 3], "accept_sec_context": 3, "acceptor": [2, 3], "acceptor_address": 3, "acceptor_address_typ": 3, "acceptor_cr": 3, "acceptor_subkei": 3, "acceptor_subkey_typ": 3, "acceptseccontextresult": 3, "access": [0, 4], "accord": 2, "account": 2, "acquir": [0, 2], "acquire_cr": 3, "acquire_cred_from": [1, 3], "acquire_cred_impersonate_nam": 3, "acquire_cred_with_password": 3, "acquirecredimpersonatenam": 3, "acquirecredresult": [2, 3], "across": 2, "act": 2, "action": 0, "activ": 0, "actual": [2, 3], "actual_flag": 2, "ad": [2, 3], "ad_typ": 3, "add": [2, 3], "add_cr": 3, "add_cred_from": [1, 3], "add_cred_impersonate_nam": 3, "add_cred_with_password": 3, "addcredresult": 3, "addit": 2, "addition": [2, 3, 4], "addprinc": 0, "address": 3, "addresstyp": [2, 3], "after": 3, "again": 3, "against": 3, "algorithm": 3, "all": [2, 3], "alloc": 3, "allow": [0, 1, 2, 3], "along": 2, "alreadi": [0, 3], "also": [0, 2, 3], "although": 0, "alwai": 2, "amount": [2, 3], "an": [0, 1, 2, 3, 4], "ani": [0, 1, 2, 3], "anonym": [2, 3], "anoth": [2, 3], "api": [0, 4], "appletalk": 3, "appli": 3, "applic": [0, 1, 3], "application_data": 3, "appropri": [2, 3], "ar": [0, 1, 2, 3, 4], "arbitrari": 3, "arg": [0, 2, 3], "argument": [2, 3], "around": 4, "arpanet": 3, "aspect": [1, 3], "assign": 2, "associ": [0, 2, 3], "assum": 0, "asynchron": [2, 3], "attach": 2, "attempt": [2, 3], "attr": 3, "attribut": 2, "auth": 3, "authent": 3, "author": 3, "authtim": 3, "authz": 3, "auto_alloc": 3, "automat": [2, 3], "avail": [0, 2, 3, 4], "b": 0, "back": 3, "badchannelbindingserror": [2, 3], "badmechanismerror": [2, 3], "badmicerror": [2, 3], "badnameerror": [2, 3], "badnametypeerror": [2, 3], "badqoperror": [2, 3], "badstatuserror": [2, 3], "base": [0, 2, 3], "basic": [3, 6], "been": [2, 3], "befor": 3, "begin": 2, "behavior": 2, "behaviour": [2, 3], "behind": 3, "being": [2, 3], "below": 2, "ber": 3, "between": [0, 2, 3], "bind": 3, "bisync": 3, "bit": 3, "bitwis": 3, "bool": [2, 3], "both": [0, 1, 2, 3], "bound": 3, "boundari": 2, "break": [0, 2], "buffer": 3, "bundl": 3, "byte": [2, 3], "c": [2, 3, 4], "cach": [0, 1, 3], "calcul": [2, 3], "call": [0, 1, 2, 3], "caller": 3, "calling_cod": [2, 3], "can": [0, 1, 2, 3], "cannot": [0, 2, 3], "canon": 3, "canonic": [0, 2, 3], "canonicalize_nam": 3, "case": [0, 2, 3], "caus": 3, "ccach": 3, "ccitt": 3, "certain": [3, 4], "cfx_kd": 3, "cfxkeydata": 3, "chan_bind": 3, "chang": 3, "channel": 3, "channel_bind": [2, 3], "channel_bound": 3, "channelbind": [2, 3], "chao": 3, "check": [0, 3, 4, 6], "check_last_err": 0, "class": 3, "classmethod": [2, 3], "clear": 3, "client": [1, 3], "client_ctx": 0, "client_tok": 0, "close": 3, "closest": 3, "code": [2, 3], "command": 0, "common": [3, 5], "commonli": [0, 1, 3], "commun": 0, "compar": [0, 3], "compare_nam": 3, "comparison": 3, "compat": [2, 3], "compil": 3, "complet": [0, 2, 3], "compon": 3, "compos": 3, "composit": [2, 3], "composite_export": [2, 3], "comput": 3, "concept": 0, "condit": 2, "confidenti": [0, 2, 3], "config": 3, "confirm": 2, "connect": 0, "consid": 2, "consist": 3, "consol": 0, "constrain": 2, "constructor": [0, 2, 3], "contain": [0, 1, 2, 3, 5], "context": 1, "context_tim": 3, "contextreaderror": [2, 3], "contextwriteerror": [2, 3], "contig": 3, "continu": 3, "control": [0, 1, 2, 3], "conveni": [0, 2], "convert": [2, 3], "copi": [2, 3], "correspond": [0, 2, 3, 4], "could": [0, 2, 3], "count": 3, "counterpart": 3, "coupl": 2, "creat": [0, 2, 3], "cred": [0, 2, 3], "cred_hand": 3, "cred_handl": 3, "cred_imp_exp": 2, "cred_stor": 2, "credenti": 5, "credentialsreaderror": [2, 3], "credentialss": 3, "credentialswriteerror": [2, 3], "criteria": 3, "critical_mech_attr": 3, "crypto": 3, "ctx": 2, "ctx_kei": 3, "ctx_key_typ": 3, "current": [0, 2, 3, 4], "custom": 1, "data": 3, "datakit": 3, "dce_styl": 3, "deactiv": 3, "dealloc": 3, "decnet": 3, "decod": 2, "decrypt": [0, 2, 3], "default": [0, 1, 2, 3], "defin": [1, 4], "deleg": 2, "delegate_to_p": [2, 3], "delegated_cr": [2, 3], "delet": 3, "delete_name_attribut": 3, "delete_sec_context": 3, "denot": 2, "depend": 3, "deprec": [2, 3], "deriv": 3, "descript": 3, "design": 0, "desir": [2, 3], "desired_aspect": 3, "desired_mech_attr": 3, "desired_output_s": 2, "destin": 1, "destroi": 3, "detail": [1, 2], "detect": 2, "determin": [2, 3], "dict": [2, 3], "dict_stor": 3, "dictionari": [2, 3], "differ": [0, 1, 2, 3], "dir": 1, "direct": 3, "directli": [2, 3, 5], "disabl": 2, "discard": 3, "displai": [2, 3], "display_a": 2, "display_mech_attr": 3, "display_nam": 3, "display_name_ext": 3, "display_valu": 3, "displayattrresult": 3, "displaynameresult": 3, "dli": 3, "do": [2, 3], "doc": 0, "document": [1, 3, 4], "doe": [2, 3], "domain": 2, "dot": 3, "dotted_form": 3, "draft": 3, "dss": 3, "duplic": 3, "duplicate_nam": 3, "duplicatecredentialselementerror": [2, 3], "duplicatetokenerror": [2, 3], "dure": 3, "e": [0, 2, 3], "each": [0, 1], "ecma": 3, "effect": 0, "either": [0, 2, 3], "element": 3, "ellipsi": 3, "empti": 3, "enc": [2, 3], "encod": [2, 3], "encrpyt": 3, "encrypt": [0, 2, 3], "encrypted_messag": 0, "encryptionnotus": [0, 2], "enctyp": 3, "end": 2, "endtim": 3, "engert": 3, "engin": 3, "ensur": [0, 2], "entir": 3, "entiti": [0, 3], "enum": 3, "enumer": 2, "environ": [2, 3, 5], "equal": 3, "equival": 3, "error": [2, 3], "essenti": 3, "establis": 3, "establish": [0, 1, 2, 3], "etc": [2, 3], "even": [2, 3], "exactli": 3, "exampl": 3, "except": 0, "except_mech_attr": 3, "exchang": [0, 3], "exist": [1, 2, 3], "expect": [2, 3], "expir": 3, "expiredcontexterror": [2, 3], "expiredcredentialserror": [2, 3], "expiredtokenerror": [2, 3], "export": 2, "export_cr": 3, "export_nam": 3, "export_name_composit": 3, "export_sec_context": 3, "express": 5, "ext_cred_stor": 1, "ext_dc": 3, "extend": 3, "extended_error": 3, "extens": [2, 4, 5], "extract": 3, "extract_keytab": 0, "f": 0, "fail": 3, "failsaf": 3, "failur": 3, "fals": [0, 2, 3], "field": 3, "file": [0, 1, 3], "final": 3, "finer": 1, "finish": [0, 3], "first": [0, 3], "flag": [2, 3], "fmt_str": 2, "follow": [2, 3, 6], "form": [0, 1, 2, 3], "format": [1, 2], "former": 3, "found": 3, "four": 2, "fqdn": 0, "free": 3, "freed": 3, "from": [0, 1, 2, 3, 4], "from_int_seq": 3, "frozenset": 2, "full": 3, "fulli": [2, 3], "func": 0, "function": [0, 1, 2, 3, 4, 5], "further": 3, "g": [2, 3], "gen_messag": [2, 3], "gener": [0, 2, 3], "generalerror": 2, "genericflagset": [2, 3], "get": [0, 2, 3, 4, 6], "get_all_status": [2, 3], "get_mic": 3, "get_mic_iov": 3, "get_mic_iov_length": 3, "get_name_attribut": 3, "get_signatur": 2, "get_wrap_size_limit": 2, "getfqdn": 0, "getnameattributeresult": 3, "give": 3, "given": [2, 3], "go": 3, "goe": 3, "gss_c_af_unspec": 3, "gss_c_deleg_policy_flag": 2, "gss_c_empty_buff": 3, "gss_c_no_credenti": 3, "gss_c_no_nam": 3, "gss_krb5_cred_no_ci_flags_x": 3, "gss_krb5_inq_sspi_session_key_oid": 3, "gss_set_cred_opt": 3, "gssapi": [1, 2, 3, 6], "gssapi_consol": 0, "gsserror": [2, 3], "gsssapi": 3, "ha": [0, 1, 2, 3], "handl": [0, 3], "handle_the_issu": 2, "happen": 2, "hashabl": 3, "have": [0, 3], "he": 3, "header": 3, "heimdal": 3, "help": 0, "here": [0, 2], "high": [3, 4], "holder": 3, "host": 0, "hostbased_servic": [0, 2, 3], "how": 3, "howev": [1, 2, 3], "html": 3, "http": [0, 3], "human": [2, 3], "hyperchannel": 3, "i": [0, 1, 2, 3, 4, 5], "ibm_sna": 3, "ident": 0, "identif": 0, "identifi": [0, 1, 3], "ietf": 3, "imperson": [2, 3], "impersonator_cr": 3, "implement": [1, 2, 3, 5], "impli": 3, "import": [0, 2], "import_cr": 3, "import_nam": 3, "import_sec_context": 3, "includ": [2, 3], "incorrect": 2, "indefinit": [0, 2, 3], "index": [3, 4], "indic": [0, 1, 2, 3], "indicate_mech": 3, "indicate_mechs_by_attr": 3, "influenc": 5, "info": 3, "inform": [0, 2, 3], "informm": 3, "inherit": 2, "init_lifetim": [2, 3], "init_sec_context": 3, "initi": [0, 1, 2, 3], "initial_client_token": 0, "initial_server_token": 0, "initialis": 3, "initiator_address": 3, "initiator_address_typ": 3, "initiator_nam": [2, 3], "initseccontext": 3, "initseccontextresult": 3, "input": [2, 3], "input_cr": 3, "input_token": [2, 3], "inquir": [2, 3], "inquire_attrs_for_mech": 3, "inquire_by_mech": 2, "inquire_context": 3, "inquire_cr": 3, "inquire_cred_by_mech": 3, "inquire_cred_by_oid": 3, "inquire_mech_for_saslnam": 3, "inquire_mechs_for_nam": 3, "inquire_nam": 3, "inquire_names_for_mech": 3, "inquire_saslname_for_mech": 3, "inquire_sec_context_by_oid": 3, "inquireattrsresult": 3, "inquirecontextresult": 3, "inquirecredbymechresult": [2, 3], "inquirecredresult": [2, 3], "inquirenameresult": 3, "inquiresaslnameresult": 3, "inquiri": 3, "inspect": [2, 3], "instal": 0, "instanc": [0, 3], "instead": [2, 3], "int": [2, 3], "int32": 3, "integ": 3, "integer_sequ": 3, "integr": [0, 3], "intenum": [2, 3], "intenumflagset": [2, 3], "interact": [0, 2], "interfac": [0, 1], "intern": 3, "interoper": 3, "interpret": 0, "intiat": 2, "introduc": 1, "introduct": 6, "invalidcredentialserror": [2, 3], "invalidtokenerror": [2, 3], "iovbuff": 3, "iovbuffertyp": 3, "iovunwrapresult": 3, "ip": 3, "is_initi": 3, "is_maj": [2, 3], "is_mech_nam": [2, 3], "is_name_mech": 3, "issu": 5, "iter": [2, 3], "its": 3, "itself": 3, "jump": 4, "just": [0, 3], "kcm": 1, "kdc": 2, "keep": 2, "kei": [1, 2, 3], "kerbero": [0, 2], "kerberos_princip": [2, 3], "key_typ": 3, "keydata": 3, "keyr": 1, "keytab": [0, 3], "keytab_princip": 3, "keyword": 1, "kinit": 0, "kitten": 3, "know": [0, 3], "known": 3, "known_mech_attr": 3, "krb5": [0, 2, 3], "krb5_ccach": 3, "krb5_ccache_nam": 3, "krb5_export_lucid_sec_context": 3, "krb5_extract_authtime_from_sec_context": 3, "krb5_extract_authz_data_from_sec_context": 3, "krb5_get_tkt_flag": 3, "krb5_import_cr": 3, "krb5_keytab": 3, "krb5_nt_principal_nam": [2, 3], "krb5_princip": 3, "krb5_set_allowable_enctyp": 3, "krb5lucidcontext": 3, "krb5lucidcontextv1": 3, "ktype": 3, "kwarg": [0, 2], "last": [0, 3], "lat": 3, "later": [0, 2, 3], "latter": 3, "layer": 0, "least": 0, "length": 3, "less": [2, 3], "let": [0, 3], "level": 4, "lib": 0, "librari": [0, 3], "lifetim": [0, 2, 3], "like": [0, 1, 2, 3, 5], "limit": 3, "line": 0, "list": [2, 3], "lit": 0, "ll": 0, "local": [2, 3], "local_onli": 3, "locally_init": 3, "locally_initi": 2, "locat": 1, "long": 3, "long_desc": 3, "lookup": [2, 3], "loop": 2, "low": [2, 4], "lump": 3, "machine_uid": [2, 3], "mai": [0, 2, 3], "maj": 2, "maj_cod": [2, 3], "maj_stat": 2, "maj_str": 2, "major": [2, 3], "major_messag": 2, "make": [3, 4], "malformedparametererror": [2, 3], "manipul": 1, "manual": 0, "map": 3, "mark": 3, "match": 3, "max": 3, "max_val": 3, "maximum": [2, 3], "md": 0, "mean": [0, 3], "mech": [0, 2], "mech_attr": 3, "mech_descript": 3, "mech_nam": 3, "mech_param": 3, "mech_set": 3, "mechan": [0, 2], "mechanim": 3, "mechanismnamerequirederror": [2, 3], "mechansim": 3, "mechtyp": [0, 2, 3], "member": 3, "memori": 1, "messag": [0, 2, 3], "method": [0, 2, 3], "mic": 2, "mic_token": 3, "microsoft": [2, 3], "min": 2, "min_cod": [2, 3], "min_stat": 2, "min_str": 2, "minor": [2, 3], "minor_messag": 2, "miovessag": 3, "missingcontexterror": [2, 3], "missingcredentialserror": [2, 3], "mit": [2, 3], "mivehind": 0, "modifi": 3, "modul": [0, 2, 4], "more": [0, 1, 2, 3], "more_step": 3, "most": 0, "msg_encrypt": 0, "multipl": [0, 2, 3], "must": [0, 2, 3], "mutablemap": 2, "mutat": 3, "mutate_input": 3, "mutual_authent": 3, "name1": 3, "name2": 3, "name_typ": [0, 2, 3], "named_tupl": 3, "namereaderror": [2, 3], "namespac": 3, "nametyp": [0, 2, 3], "nametypereaderror": [2, 3], "nb": 3, "necessari": 2, "need": [0, 3], "negot": 2, "negoti": 2, "neither": 2, "net": 0, "never": 2, "new": [2, 3], "newli": 2, "next": 2, "non": [2, 3], "none": [0, 2, 3], "normal": [0, 2, 3], "note": [0, 2, 3], "noth": 3, "notic": 0, "notifi": 3, "now": 0, "ntlm": 3, "ntlmssp": 3, "null": 3, "number": [1, 3], "obj": 2, "object": [0, 2, 3, 4], "obtain": 3, "occur": [2, 3], "offer": 3, "often": 2, "oid": [0, 2, 3], "ok_as_deleg": [2, 3], "old": 3, "onc": 3, "one": 3, "ones": 2, "onli": [1, 2, 3, 4], "opaqu": 3, "open": 3, "oper": [1, 2, 3, 5], "operationunavailableerror": [2, 3], "opposit": 3, "option": [0, 2, 3], "order": [0, 3], "org": 3, "organ": 4, "orient": 4, "origin": [2, 3], "osi_tp4": 3, "other": [0, 1, 2, 4], "otherwis": [0, 2, 3], "out": [0, 4, 6], "out_of_sequence_detect": 3, "output": [2, 3], "output_s": 3, "output_token": 2, "outsid": 0, "overwrit": [2, 3], "own": [2, 3], "packag": [0, 4], "pad": 3, "page": 4, "paramet": [0, 2, 3], "parameterreaderror": [2, 3], "parameterwriteerror": [2, 3], "part": [0, 3, 4], "parti": 0, "particip": 2, "particular": [0, 3], "particularli": 3, "pass": [0, 2, 3], "path": 1, "per": 2, "perform": [0, 2], "permiss": 3, "pickl": 2, "piec": 3, "place": 3, "point": [2, 3], "pointer": 3, "polici": 2, "possibl": [2, 3], "potenti": 3, "prefer": 3, "present": [1, 2, 3, 4], "preserv": [2, 3], "previous": 3, "primari": 2, "princip": [2, 3], "probabl": 3, "process": [0, 2, 3], "process_context_token": 3, "process_token": 2, "produc": 3, "properti": [2, 3], "protect": 3, "protection_readi": 3, "protocol": 3, "provid": [0, 2, 3, 4], "proxi": 3, "pseudo": 3, "pup": 3, "py": 0, "python": [0, 2, 3, 6], "python3": 0, "qop": [0, 2, 3], "qualiti": 3, "qualnam": 2, "queri": 3, "question": 3, "quirk": 5, "rais": [0, 2, 3], "rare": 2, "raw": [1, 2, 3, 4], "re": 0, "read": [0, 3], "readabl": [2, 3], "readi": 3, "realm": 0, "receiv": 3, "recent": [0, 1], "recv_seq": 3, "refer": [0, 1, 3], "regardless": 2, "regist": 3, "rel": 3, "relat": 3, "releas": [1, 3], "release_cr": 3, "release_nam": 3, "relev": 0, "remain": [2, 3], "remot": 3, "remov": 3, "replai": 1, "replay_detect": 3, "repres": [0, 2, 3], "represent": [2, 3], "request": [0, 2, 3], "requir": [2, 3], "requirementflag": [2, 3], "reset": 3, "resid": 4, "residu": 1, "respect": [0, 2], "restrict": 3, "result": 2, "retriev": [1, 2, 3], "return": [0, 2, 3], "revert": 3, "rfc": [2, 4], "rfc1964": 3, "rfc1964_kd": 3, "rfc1964keydata": 3, "rfc4121": 3, "routine_cod": [2, 3], "run": 0, "runnabl": 0, "s4u": 2, "s4u2self": 3, "safe": 3, "samba": 3, "same": [0, 1, 2, 3], "sasl_mech_nam": 3, "sasl_nam": 3, "satisfi": 3, "save": 0, "seal": 3, "seal_alg": 3, "search": 4, "sec": 3, "sec_context": [0, 3], "second": [0, 2, 3], "section": [3, 5], "securitycontext": [0, 2, 3], "securti": 3, "see": [0, 3], "segfault": 2, "self": 0, "send": [2, 3], "send_and_rec": 2, "send_seq": 3, "sender": 3, "sent": 3, "separ": [0, 2, 3], "sequenc": 3, "server": 0, "server_canon_nam": 0, "server_cr": 0, "server_ctx": 0, "server_hostbased_canon_nam": 0, "server_hostbased_nam": 0, "server_nam": 0, "server_tok": 0, "servic": [0, 1, 2, 3], "service4us": 3, "session": [0, 3], "set": [0, 2, 3], "set_cred_opt": 3, "set_default": [2, 3], "set_encod": 2, "set_name_attribut": 3, "set_neg_mech": 3, "set_sec_context_opt": 3, "setabl": 0, "seton": 0, "sever": [2, 3, 4], "share": 3, "short": [0, 3], "short_desc": 3, "should": [0, 2, 3], "sign": [0, 2, 3], "sign_alg": 3, "sign_onli": 3, "signatur": 2, "signed_messag": 0, "similar": [0, 2, 5], "similarli": [2, 3], "simpli": [0, 2, 3], "sinc": [0, 3], "singl": [2, 3], "singular": 3, "site": 0, "size": [2, 3], "skip": 3, "smb": 3, "so": [0, 3], "socket": 0, "solari": 3, "some": [0, 2, 3, 6], "someth": 1, "sourc": [1, 2, 3], "space": 3, "special": 3, "specif": [1, 2, 5], "specifi": [0, 2, 3], "sspi": [2, 3], "stand": 0, "standard": 0, "start": [0, 2, 4, 6], "state": 3, "statu": [2, 3], "std_layout": 3, "stdin": 0, "step": [0, 2], "storag": 1, "store": [2, 5], "store_cr": 3, "store_cred_into": [1, 3], "storecredresult": [2, 3], "str": [2, 3], "straight": 4, "stream": 3, "string": [0, 1, 2, 3], "string_uid": [2, 3], "struct": 3, "structur": 3, "sub": 3, "succesfulli": 2, "success": 2, "suffici": 0, "suggest": 0, "suitabl": 3, "supplementary_cod": [2, 3], "supplementaryerror": [2, 3], "support": [0, 1, 2, 3], "suppos": 0, "sure": 2, "syntax": [0, 2, 3], "system": 0, "t": 3, "take": 3, "taken": 2, "target": [0, 2, 3], "target_nam": [2, 3], "tediou": 0, "term": 3, "text": [2, 3], "textual": 3, "tgt": 0, "than": 3, "thei": [0, 2, 3], "them": [0, 2, 3], "thi": [0, 2, 3, 5], "thin": 4, "those": [0, 3], "thread": 3, "three": 2, "through": [0, 3], "throw": [2, 3], "thrown": 2, "thu": [2, 3], "ticket": 3, "time": [2, 3], "tip": 5, "tkt": 3, "togeth": 3, "token": [2, 3], "tokenoutofsequenceerror": [2, 3], "tokenreaderror": [2, 3], "tokentooearlyerror": [2, 3], "tokentoolateerror": [2, 3], "tool": 3, "total": 3, "traceback": 0, "tradit": 3, "trailer": 3, "transfer": [2, 3], "transmit": [2, 3], "trasmit": 3, "true": [0, 2, 3], "trust": 2, "try": [0, 2], "ttl": 3, "tupl": 3, "turn": 3, "tutori": [0, 4], "two": [0, 3, 4], "type": [0, 1, 2, 3], "typic": 2, "unabl": [2, 3], "unauthorizederror": [2, 3], "unconstrain": 2, "underli": [3, 4], "understand": 3, "understood": 1, "unencrypt": [2, 3], "unicod": 2, "unknown": [2, 3], "unknownusageerror": 2, "unless": [0, 2], "unlik": [2, 3], "unpickl": 2, "unset": 3, "unus": 3, "unwrap": [0, 2, 3], "unwrap_aead": 3, "unwrap_iov": 3, "unwrapped_messag": [0, 2], "unwrapresult": [0, 2, 3], "up": 0, "updat": [2, 3], "us": [0, 1, 2, 3, 4, 6], "usabl": 0, "usag": [0, 2, 3], "user": [0, 2, 3], "usr": 0, "usual": 1, "utf": 2, "uwrap": 3, "v": 3, "valid": [2, 3], "valu": [2, 3, 5], "valueerror": 3, "variabl": 3, "varieti": 3, "variou": [1, 3], "verifi": [0, 2, 3], "verify_m": 3, "verify_mic_iov": 3, "verify_signatur": 2, "version": [1, 2, 3], "via": 2, "wa": [0, 2, 3], "wai": [0, 2, 3], "want": 0, "warn": [2, 3], "we": [0, 3], "well": [0, 1, 2, 3, 4], "were": 3, "what": 2, "when": [0, 1, 2, 3], "where": [1, 3], "wheter": 2, "whether": [0, 2, 3], "which": [0, 2, 3, 4], "while": [0, 2, 3], "william": 3, "window": 2, "wish": [0, 2, 3], "within": [1, 3], "without": 0, "won": 3, "work": [2, 3], "would": [0, 2, 3], "wrap": [0, 2, 3], "wrap_aead": 3, "wrap_iov": 3, "wrap_iov_length": 3, "wrap_size_limit": 3, "wrapped_messag": 0, "wrapper": [0, 3, 4], "wrapresult": [2, 3], "write": 0, "x25": 3, "xerox_n": 3, "xor": 3, "yalpt": 0, "yet": 1, "you": [0, 2, 3], "your": [2, 3], "zero": 3}, "titles": ["A Basic Introduction to GSSAPI", "Common Values for Credentials Store Extensions", "High-Level API", "Low-Level API", "Python-GSSAPI: Python bindings for GSSAPI", "Other Documentation", "Tutorials"], "titleterms": {"2744": 3, "4178": 3, "5587": 3, "5588": 3, "5801": 3, "6680": 3, "A": 0, "The": 1, "With": 3, "acquir": 3, "addit": 3, "aead": 3, "api": [2, 3], "attribut": 3, "basic": 0, "bind": 4, "ccach": 1, "class": 2, "client_keytab": 1, "common": 1, "context": [0, 2, 3], "core": 3, "credenti": [0, 1, 2, 3], "dce": 3, "deleg": 3, "document": 5, "enum": 2, "except": [2, 3], "export": 3, "extens": [1, 3], "forum": 3, "ggf": 3, "global": 3, "grid": 3, "gss": 3, "gssapi": [0, 4], "heimdal": 1, "helper": 2, "high": 2, "import": 3, "indic": 4, "introduct": 0, "iov": 3, "kerbero": 3, "keytab": 1, "krb5": 1, "level": [2, 3], "librari": 1, "low": 3, "main": 2, "mech": 3, "mechan": [1, 3], "mic": 3, "misc": 3, "mit": 1, "name": [0, 2, 3], "negoti": 3, "other": [3, 5], "password": 3, "python": 4, "rcach": 1, "result": 3, "rfc": 3, "sasl": 3, "secur": [0, 2, 3], "services4us": 3, "specif": 3, "store": [1, 3], "tabl": 4, "tutori": 6, "util": 2, "valu": 1}})
\ No newline at end of file
diff --git a/stable/tutorials.html b/stable/tutorials.html
new file mode 100644
index 00000000..4553e9b2
--- /dev/null
+++ b/stable/tutorials.html
@@ -0,0 +1,121 @@
+
+
+
+
+
+  
+
+  
+  Tutorials — Python-GSSAPI 1.9.0 documentation
+      
+      
+      
+
+  
+      
+      
+      
+      
+      
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Tutorials

+
To get started with using Python-GSSAPI, check out some of the following tutorials:

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file
diff --git a/test-requirements.txt b/test-requirements.txt
deleted file mode 100644
index f612f153..00000000
--- a/test-requirements.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-build
-flake8
-parameterized
-k5test
-decorator
-mypy==0.971
-types-decorator
\ No newline at end of file
diff --git a/tutorials.html b/tutorials.html
new file mode 100644
index 00000000..b828e256
--- /dev/null
+++ b/tutorials.html
@@ -0,0 +1,121 @@
+
+
+
+  
+
+  
+  Tutorials — Python-GSSAPI 1.8.2 documentation
+      
+      
+      
+  
+  
+        
+        
+        
+        
+        
+        
+    
+    
+    
+    
+     
+
+
+ 
+  

+    
+
+    

+
+      

+        

+          

+  
+  

+

+          

+           

+             
+  

+
Tutorials

+
To get started with using Python-GSSAPI, check out some of the following tutorials:

+

+
+

+

+
+
+           

+          

+          
+        

+      

+    

+  

+   
+
+
+
\ No newline at end of file