# SPDX-FileCopyrightText: 2024 Marco Ricci <software@the13thletter.info>
#
# SPDX-License-Identifier: MIT
"""Python port of the vault(1) password generation scheme."""
from __future__ import annotations
import base64
import collections
import hashlib
import math
import types
from collections.abc import Callable
from typing import TypeAlias
from typing_extensions import assert_type
from derivepassphrase import sequin, ssh_agent
__author__ = 'Marco Ricci <software@the13thletter.info>'
class Vault:
"""A work-alike of James Coglan's vault.
Store settings for generating (actually: deriving) passphrases for
named services, with various constraints, given only a master
passphrase. Also, actually generate the passphrase. The derivation
is deterministic and non-secret; only the master passphrase need be
kept secret. The implementation is compatible with [vault][].
[James Coglan explains the passphrase derivation algorithm in great
detail][ALGORITHM] in his blog post on said topic: A principally
infinite bit stream is obtained by running a key-derivation function
on the master passphrase and the service name, then this bit stream
is fed into a [sequin.Sequin][] to generate random numbers in the
correct range, and finally these random numbers select passphrase
characters until the desired length is reached.
[vault]: https://www.npmjs.com/package/vault
[ALGORITHM]: https://blog.jcoglan.com/2012/07/16/designing-vaults-generator-algorithm/
"""
_UUID = b'e87eb0f4-34cb-46b9-93ad-766c5ab063e7'
"""A tag used by vault in the bit stream generation."""
_CHARSETS = types.MappingProxyType(
collections.OrderedDict([
('lower', b'abcdefghijklmnopqrstuvwxyz'),
('upper', b'ABCDEFGHIJKLMNOPQRSTUVWXYZ'),