ث ]jdqمَ—UdZddlZddlmZddlZddlZddlmZmZm Z m Z ddlmZddl Z ddlmZmZddlmZddlmZdd lmZdd lmZddlmZe rddlZdZgZeeed <dZej>d«Z Gd„de«Z!Gd„de!«Z"Gd„de!«Z#Gd„de!«Z$Gd„de!«Z%Gd„de!«Z&Gd„dejN¬«Z(Gd„d e(«Z)d(d!„Z*Gd"„d#ejN¬«Z+Gd$„d%e«Z,Gd&„d'e%«Z-y))zInterfaces for credentials.éN)عEnum)عDictعListعOptionalع TYPE_CHECKING)عurlparse)ع_helpersعenvironment_vars)ع_regional_access_boundary_utils)ع exceptions)عmetrics)ع_BaseCredentials)عRefreshThreadManagerzgoogleapis.comعNO_OP_TRUST_BOUNDARY_LOCATIONSع0x0zgoogle.auth._defaultcَآ‡—eZdZdZˆfd„Zed„«Zed„«Zed„«Zed„«Z ed„«Z d„Zejd „«Zd „Zdd„Zd„Zd „Zd„Zd„ZˆxZS)عCredentialsaQBase class for all credentials. All credentials have a :attr:`token` that is used for authentication and may also optionally set an :attr:`expiry` to indicate when the token will no longer be valid. Most credentials will be :attr:`invalid` until :meth:`refresh` is called. Credentials can do this automatically before the first HTTP request in :meth:`before_request`. Although the token and expiration will change as the credentials are :meth:`refreshed ` and used, credentials should be considered immutable. Various credentials will accept configuration such as private keys, scopes, and other options. These options are not changeable after construction. Some classes will provide mechanisms to copy the credentials with modifications such as :meth:`ScopedCredentials.with_scopes`. cَ‍•—tt|چ«d|_ d|_ d|_ t|_ d|_t«|_ y©NF)عsuperrع__init__عexpiryع_quota_project_idع_trust_boundaryعDEFAULT_UNIVERSE_DOMAINع_universe_domainع_use_non_blocking_refreshrع_refresh_worker©عselfع __class__s €ْA/root/env/lib/python3.12/site-packages/google/auth/credentials.pyrzCredentials.__init__BsYّ€ـ Œkک4ر)ش+àˆŒً Bà!%ˆشطKط#ˆشً ô!8ˆشً ً*/ˆش&ـ3س5ˆصَcَ„—|jsy|jtjz }tj«|k\S)a(Checks if the credentials are expired. Note that credentials can be invalid but not expired because Credentials with :attr:`expiry` set to None is considered to never expire. .. deprecated:: v2.24.0 Prefer checking :attr:`token_state` instead. F)rr عREFRESH_THRESHOLDعutcnow)r ع skewed_expirys r"عexpiredzCredentials.expiredUs6€ًڈ{ٹ{طًں™¤h×&@ر&@ر@ˆ ـڈ‰س Mر1ذ1r#cَ<—|jduxr |jS)zôChecks the validity of the credentials. This is True if the credentials have a :attr:`token` and the token is not :attr:`expired`. .. deprecated:: v2.24.0 Prefer checking :attr:`token_state` instead. N)عtokenr(©r s r"عvalidzCredentials.validgs€ًڈz‰z ذ%ز:¨d¯l©lذ*:ذ:r#cَ€—|j€tjS|j€tjStj«|jk\}|rtjStj«|jt jz k\}|rtjStjS)z( See `:obj:`TokenState` ) r*ع TokenStateعINVALIDrعFRESHr r&r%عSTALE)r r(عis_stales r"عtoken_statezCredentials.token_statess‘€ً ڈ:‰:ذـ×%ر%ذ%ًڈ;‰;ذـ×#ر#ذ#ن—/‘/س# t§{،{ر2ˆظـ×%ر%ذ%ن—?‘?س$¨¯©´x×7Qر7Qر)QرRˆظـ×#ر#ذ#ن×رذr#cَ—|jS)z.Project to use for quota and billing purposes.)rr+s r"عquota_project_idzCredentials.quota_project_id‰s€ً×%ر%ذ%r#cَ—|jS)zThe universe domain value.)rr+s r"عuniverse_domainzCredentials.universe_domainژs€ً×$ر$ذ$r#cَ—y)zçThe credential information JSON. The credential information will be added to auth related error messages by client library. Returns: Mapping[str, str]: The credential information JSON. N©r+s r"ع get_cred_infozCredentials.get_cred_info“s€ًr#cَ—td«‚)لRefreshes the access token. Args: request (google.auth.transport.Request): The object used to make HTTP requests. Raises: google.auth.exceptions.RefreshError: If the credentials could not be refreshed. zRefresh must be implemented©عNotImplementedError©r عrequests r"عrefreshzCredentials.refresh‍s€ô"ذ"?س@ذ@r#cَ—y)a The x-goog-api-client header for token usage metric. This header will be added to the API service requests in before_request method. For example, "cred-type/sa-jwt" means service account self signed jwt access token is used in the API service request authorization header. Children credentials classes need to override this method to provide the header value, if the token usage metric is needed. Returns: str: The x-goog-api-client header value. Nr9r+s r"ع_metric_header_for_usagez$Credentials._metric_header_for_usage®s€ًr#cَ`—|j||«|jr|j|d<yy)zمApply the token to the authentication header. Args: headers (Mapping): The HTTP request headers. token (Optional[str]): If specified, overrides the current access token. zx-goog-user-projectN)ع_applyr5©r عheadersr*s r"عapplyzCredentials.apply½s1€ً ڈ‰گGکUش#ط× ز ط-1×-Bر-BˆGذ)ز*ً!r#cَ@—|js|j|«yy©N)r,rAr?s r"ع_blocking_refreshzCredentials._blocking_refreshةs€طڈzٹzطڈL‰Lکص!ًr#cَ—d}|jtjk(r|jj ||«}|jtj k(s|r,|j |«|jj«yyr)r3r.r1rع start_refreshr/rAعclear_error)r r@عuse_blocking_refresh_fallbacks r"ع_non_blocking_refreshz!Credentials._non_blocking_refreshحs|€ط(-ذ%à×رœz×/ر/ز/ط04×0Dر0D×0Rر0Rطگgَ1ً-ذ)ً×رœz×1ر1ز1ر5RطڈL‰Lکش!ً × ر ×,ر,ص.ً6Sr#cَج—|jr|j|«n|j|«tj||j««|j |«y)aPerforms credential-specific before request logic. Refreshes the credentials if necessary, then calls :meth:`apply` to apply the token to the authentication header. Args: request (google.auth.transport.Request): The object used to make HTTP requests. method (str): The request's HTTP method or the RPC method being invoked. url (str): The request's URI or the RPC service's URI. headers (Mapping): The request's headers. N)rrPrKr عadd_metric_headerrCrH©r r@عmethodعurlrGs r"عbefore_requestzCredentials.before_requestـsN€ً"×)ز)ط×&ر& wص/à×"ر" 7ش+ن×!ر! '¨4×+Hر+Hس+JشKطڈ ‰ گ7صr#cَ—d|_y)NT)rr+s r"عwith_non_blocking_refreshz%Credentials.with_non_blocking_refreshُs €ط)-ˆص&r#rJ)ع__name__ع __module__ع__qualname__ع__doc__rعpropertyr(r,r3r5r7r:عabcعabstractmethodrArCrHrKrPrVrXع __classcell__©r!s@r"rr/s±ّ„ٌô$6ً&ٌ2ًَ2ً"ٌ ;ًَ ;ًٌ ًَ ً*ٌ&ًَ&ًٌ%ًَ%ٍ ً ×رٌ Aًَ Aٍ َ Cٍ"ٍ /ٍِ2.r#rcَ—eZdZdZd„Zd„Zy)عCredentialsWithQuotaProjectzGAbstract base for credentials supporting ``with_quota_project`` factorycَ—td«‚)aReturns a copy of these credentials with a modified quota project. Args: quota_project_id (str): The project to use for quota and billing purposes Returns: google.auth.credentials.Credentials: A new credentials instance. z/This credential does not support quota project.r=)r r5s r"عwith_quota_projectz.CredentialsWithQuotaProject.with_quota_projectüs€ô"ذ"SسTذTr#cَ†—tjjtj«}|r|j|«S|SrJ)عosعenvironعgetr عGOOGLE_CLOUD_QUOTA_PROJECTre)r عquota_from_envs r"ع#with_quota_project_from_environmentz?CredentialsWithQuotaProject.with_quota_project_from_environments4€ـں™ں™ش(8×(Sر(SسTˆظط×*ر*¨>س:ذ:طˆr#N)rYrZr[r\rerlr9r#r"rcrcùs„ظQٍ Uَr#rccَ—eZdZdZd„Zy)عCredentialsWithTokenUrizCAbstract base for credentials supporting ``with_token_uri`` factorycَ—td«‚)aReturns a copy of these credentials with a modified token uri. Args: token_uri (str): The uri to use for fetching/exchanging tokens Returns: google.auth.credentials.Credentials: A new credentials instance. z'This credential does not use token uri.r=)r ع token_uris r"عwith_token_uriz&CredentialsWithTokenUri.with_token_uris€ô"ذ"KسLذLr#N)rYrZr[r\rqr9r#r"rnrns„ظMَ Mr#rncَ—eZdZdZd„Zy)عCredentialsWithUniverseDomainzIAbstract base for credentials supporting ``with_universe_domain`` factorycَ—td«‚)zùReturns a copy of these credentials with a modified universe domain. Args: universe_domain (str): The universe domain to use Returns: google.auth.credentials.Credentials: A new credentials instance. z6This credential does not support with_universe_domain.r=)r r7s r"عwith_universe_domainz2CredentialsWithUniverseDomain.with_universe_domain!s€ô"طDَ ً r#N)rYrZr[r\rur9r#r"rsrss „ظSَ r#rscَو‡—eZdZdZˆfd„Zed„«Zed„«Zejd„«Z d„Zd„Zd„Z d „Zd „Zd„Zdˆfd„ Zd „Zd„Z ddddeddfd„Zej d dd„«ZˆxZS)ع%CredentialsWithRegionalAccessBoundaryzPAbstract base for credentials supporting regional access boundary configuration.cَT•—t‰|چ«tj«|_yrJ)rrrع_RegionalAccessBoundaryManagerع_rab_managerrs €r"rz.CredentialsWithRegionalAccessBoundary.__init__2s"ّ€ـ ‰رشن+×JرJسLً صr#cَB—|jjjS)z>Optional[str]: The encoded Regional Access Boundary locations.)rzع_dataعencoded_locationsr+s r"عregional_access_boundaryz>CredentialsWithRegionalAccessBoundary.regional_access_boundary8s€ً× ر ×&ر&×8ر8ذ8r#cَB—|jjjS)zQOptional[datetime.datetime]: The expiration time of the Regional Access Boundary.)rzr|rr+s r"عregional_access_boundary_expiryzECredentialsWithRegionalAccessBoundary.regional_access_boundary_expiry=s€ً× ر ×&ر&×-ر-ذ-r#cَ—td«‚)r<z*_perform_refresh_token must be implementedr=r?s r"ع_perform_refresh_tokenz)r عtrust_boundaryrˆع make_copys r"عwith_trust_boundaryz9CredentialsWithRegionalAccessBoundary.with_trust_boundaryPsI€َ àˆڈ ‰ طBـطُ ô کD ,°س5ˆ ظظ“;ذن%طDًَ r#cَp—tj«}|jj|_||_y)z@Copies the regional access boundary manager to another instance.N)rryrzr|)r عtargetعnew_managers r"ع&_copy_regional_access_boundary_managerzLCredentialsWithRegionalAccessBoundary._copy_regional_access_boundary_managerns.€ô6×TرTسVˆط ×-ر-×3ر3ˆشط)ˆصr#cَ€—|jj|jdd«|jdd«¬«|S)a0Applies the regional_access_boundary provided via the seed on these credentials. This is intended for internal use only as invalid seeds would produce unexpected results until automatic recovery is supported. Currently this is used by the gcloud CLI and therefore changes to the contract MUST be backwards compatible (e.g. the method signature must be unchanged and the credentials with the RAB set must be returned). Returns: google.auth.credentials.Credentials: The credentials instance. عencodedLocationsNr)r}r)rzع$set_initial_regional_access_boundaryri)r عseeds r"ع_set_regional_access_boundaryzCCredentialsWithRegionalAccessBoundary._set_regional_access_boundaryvsA€ً ×ر×>ر>ط"ںh™hذ'9¸4س@ط—8‘8کH dس+ً ?ô ًˆr#cَ:—|jj«|S)aEnables the blocking lookup mode on these credentials. This is intended for internal use only as blocking lookup requires additional care and consideration. Currently this is used by the gcloud CLI and therefore changes to the contract MUST be backwards compatible (e.g. the method signature must be unchanged and the credentials with the blocking lookup flag set to true must be returned). Returns: google.auth.credentials.Credentials: The credentials instance. )rzعenable_blocking_lookupr+s r"ع-_set_blocking_regional_access_boundary_lookupzSCredentialsWithRegionalAccessBoundary._set_blocking_regional_access_boundary_lookupˆs€ً ×ر×0ر0ش2طˆr#cَ‏— t|«j}|r#|jd«s|jd«ry|j«sy|jj||«y#ttf$rYŒ?wxYw)aت Starts a background thread to refresh the Regional Access Boundary if needed. This method checks if a refresh is necessary and if one is not already in progress or in a cooldown period. If so, it starts a background thread to perform the lookup. Args: request (google.auth.transport.Request): The object used to make HTTP requests. url (str): The URL of the request. z.rep.googleapis.comz.rep.sandbox.googleapis.comN)rعhostnameعendswithع ValueErrorع TypeErrorع,_is_regional_access_boundary_lookup_requiredrzعmaybe_start_refresh)r r@rUrœs r"ع-_maybe_start_regional_access_boundary_refreshzSCredentialsWithRegionalAccessBoundary._maybe_start_regional_access_boundary_refresh–s|€ً ن “}×-ر-ˆHظط×!ر!ذ"7ش8ط×$ر$ذ%BشCàً×@ر@شBطً ×ر×-ر-¨d°Gص<ّôœIذ&ٍ لً ْs‚9A*ء*A<ء;A_build_regional_access_boundary_lookup_url must be implementedr=r?s r"r®zPCredentialsWithRegionalAccessBoundary._build_regional_access_boundary_lookup_urls€ô("طLَ ً r#rJ)F)r@z'Optional[google.auth.transport.Request])rYrZr[r\rr]r~r€r^r_r‚rژr’r—rڑr¢r rHrVrAعboolr±r®r`ras@r"rwrw/sبّ„ظZô ًٌ9ًَ9ًٌ.ًَ.ً ×رٌPًَPٍٍ<*ٍٍ$ٍ=ٍ@ُ&1ٍ ٍ-ً ٌ à0ً ًً ً $َ ً: ×رàCGً ط@ٍ َô r#rwcَD—eZdZdZed„«Zed„«Zd„Zdd„Zd„Z y) عAnonymousCredentialszجCredentials that do not provide any authentication information. These are useful in the case of services that support anonymous access or local service emulators that do not use credentials. cَ—y)z4Returns `False`, anonymous credentials never expire.Fr9r+s r"r(zAnonymousCredentials.expired!َ€ًr#cَ—y)z7Returns `True`, anonymous credentials are always valid.Tr9r+s r"r,zAnonymousCredentials.valid&s€ًr#cَ,—tjd«‚)zVRaises :class:``InvalidOperation``, anonymous credentials cannot be refreshed.z*Anonymous credentials cannot be refreshed.)rعInvalidOperationr?s r"rAzAnonymousCredentials.refresh+s€ô×)ر)ذ*VسWذWr#Ncَ2—|پtjd«‚y)zذAnonymous credentials do nothing to the request. The optional ``token`` argument is not supported. Raises: google.auth.exceptions.InvalidValue: If a token was specified. Nz+Anonymous credentials don't support tokens.)rعInvalidValuerFs r"rHzAnonymousCredentials.apply0s!€ًذـ×)ر)ذ*WسXذXًr#cَ—y)z0Anonymous credentials do nothing to the request.Nr9rSs r"rVz#AnonymousCredentials.before_request;sپr#rJ) rYrZr[r\r]r(r,rArHrVr9r#r"rµrµs@„ًًًًٌٌٌٍََXَ Yَ?r#rµcَl‡—eZdZdZˆfd„Zed„«Zed„«Zejd„«Z d„ZˆxZS)عReadOnlyScopeda+Interface for credentials whose scopes can be queried. OAuth 2.0-based credentials allow limiting access using scopes as described in `RFC6749 Section 3.3`_. If a credential class implements this interface then the credentials either use scopes in their implementation. Some credentials require scopes in order to obtain a token. You can check if scoping is necessary with :attr:`requires_scopes`:: if credentials.requires_scopes: # Scoping is required. credentials = credentials.with_scopes(scopes=['one', 'two']) Credentials that require scopes must either be constructed with scopes:: credentials = SomeScopedCredentials(scopes=['one', 'two']) Or must copy an existing instance using :meth:`with_scopes`:: scoped_credentials = credentials.with_scopes(scopes=['one', 'two']) Some credentials have scopes but do not allow or require scopes to be set, these credentials can be used as-is. .. _RFC6749 Section 3.3: https://tools.ietf.org/html/rfc6749#section-3.3 cَF•—tt|چ«d|_d|_yrJ)rr؟rع_scopesع_default_scopesrs €r"rzReadOnlyScoped.__init__\sّ€ـ Œnکdر,ش.طˆŒط#ˆصr#cَ—|jS)z6Sequence[str]: the credentials' current set of scopes.)rءr+s r"عscopeszReadOnlyScoped.scopesas€ًڈ|‰|ذr#cَ—|jS)z>Sequence[str]: the credentials' current set of default scopes.)rآr+s r"عdefault_scopeszReadOnlyScoped.default_scopesfs€ً×#ر#ذ#r#cَ—y)zCTrue if these credentials require scopes to obtain an access token.Fr9r+s r"عrequires_scopeszReadOnlyScoped.requires_scopeskr·r#cَک—|jپ|jn|j}t|«jt|xsg««S)a_Checks if the credentials have the given scopes. .. warning: This method is not guaranteed to be accurate if the credentials are :attr:`~Credentials.invalid`. Args: scopes (Sequence[str]): The list of scopes to check. Returns: bool: True if the credentials have the given scopes. )rءrآعsetعissubset)r rؤعcredential_scopess r"ع has_scopeszReadOnlyScoped.has_scopespsC€ً!ںL™Lذ4ˆDڈLٹL¸$×:Nر:Nً ôگ6‹{×#ر#¤Cذ(9ز(?¸Rس$@سAذAr#) rYrZr[r\rr]rؤrئr^عabstractpropertyrبrحr`ras@r"r؟r؟?sUّ„ٌô8$ً ًًٌٌَ$ًَ$ً ×رًٌَِBr#r؟)ع metaclasscَ6—eZdZdZej dd„«Zy)عScopeda5Interface for credentials whose scopes can be replaced while copying. OAuth 2.0-based credentials allow limiting access using scopes as described in `RFC6749 Section 3.3`_. If a credential class implements this interface then the credentials either use scopes in their implementation. Some credentials require scopes in order to obtain a token. You can check if scoping is necessary with :attr:`requires_scopes`:: if credentials.requires_scopes: # Scoping is required. credentials = credentials.create_scoped(['one', 'two']) Credentials that require scopes must either be constructed with scopes:: credentials = SomeScopedCredentials(scopes=['one', 'two']) Or must copy an existing instance using :meth:`with_scopes`:: scoped_credentials = credentials.with_scopes(scopes=['one', 'two']) Some credentials have scopes but do not allow or require scopes to be set, these credentials can be used as-is. .. _RFC6749 Section 3.3: https://tools.ietf.org/html/rfc6749#section-3.3 Ncَ—td«‚)a—Create a copy of these credentials with the specified scopes. Args: scopes (Sequence[str]): The list of scopes to attach to the current credentials. Raises: NotImplementedError: If the credentials' scopes can not be changed. This can be avoided by checking :attr:`requires_scopes` before calling this method. z$This class does not require scoping.r=)r rؤrئs r"عwith_scopeszScoped.with_scopesںs€ô"ذ"HسIذIr#rJ)rYrZr[r\r^r_rسr9r#r"rرrر‚s#„ًٌ8 ×رٍJٌَJr#rرcَd—t|t«r|jr|j||¬«S|S)a؟Creates a copy of the credentials with scopes if scoping is required. This helper function is useful when you do not know (or care to know) the specific type of credentials you are using (such as when you use :func:`google.auth.default`). This function will call :meth:`Scoped.with_scopes` if the credentials are scoped credentials and if the credentials require scoping. Otherwise, it will return the credentials as-is. Args: credentials (google.auth.credentials.Credentials): The credentials to scope if necessary. scopes (Sequence[str]): The list of scopes to use. default_scopes (Sequence[str]): Default scopes passed by a Google client library. Use 'scopes' for user-defined scopes. Returns: google.auth.credentials.Credentials: Either a new set of scoped credentials, or the passed in credentials instance if no scoping was required. )rئ)ع isinstancerرrبrس)عcredentialsrؤrئs r"عwith_scopes_if_requiredr×¯s2€ô,گ+œvش&¨;×+Fز+Fط×&ر& v¸nذ&سMذMàذr#cَ|—eZdZdZej d„«Zejd„«Zejd„«Z y)عSigningzCInterface for credentials that can cryptographically sign messages.cَ—td«‚)z®Signs the given message. Args: message (bytes): The message to sign. Returns: bytes: The message's cryptographic signature. zSign bytes must be implemented.r=)r عmessages r"ع sign_byteszSigning.sign_bytesخs€ô"ذ"CسDذDr#cَ—td«‚)z;Optional[str]: An email address that identifies the signer.z!Signer email must be implemented.r=r+s r"عsigner_emailzSigning.signer_emailـs€ô "ذ"EسFذFr#cَ—td«‚)z8google.auth.crypt.Signer: The signer used to sign bytes.zSigner must be implemented.r=r+s r"عsignerzSigning.signerمs€ô "ذ"?س@ذ@r#N) rYrZr[r\r^r_rـrخrقràr9r#r"rظrظثsW„ظMà×رٌEًَEً ×رٌGًَGً ×رٌAٌَAr#rظcَ—eZdZdZdZdZdZy)r.aJ Tracks the state of a token. FRESH: The token is valid. It is not expired or close to expired, or the token has no expiry. STALE: The token is close to expired, and should be refreshed. The token can be used normally. INVALID: The token is expired or invalid. The token cannot be used for a normal operation. ér„éN)rYrZr[r\r0r1r/r9r#r"r.r.ës„ًٌ €Eط €EطپGr#r.cَN‡—eZdZdZˆfd„Zejd„«Zdd„ZˆxZ S)عCredentialsWithTrustBoundaryzؤAbstract base for credentials supporting legacy trust boundary configuration. .. deprecated:: Use :class:`~google.auth.credentials.CredentialsWithRegionalAccessBoundary` instead. cَZ•—t‰|چ«tjdtd¬«y©NzVCredentialsWithTrustBoundary is deprecated. Use CredentialsWithRegionalAccessBoundary.r„r…)rrrˆr‰rٹrs €r"rz%CredentialsWithTrustBoundary.__init__ےs#ّ€ـ ‰رشـڈ ‰ طdـطِ r#cَ—t«‚)zIDeprecated: Implement _build_regional_access_boundary_lookup_url instead.r=r+s r"ع _build_trust_boundary_lookup_urlz=CredentialsWithTrustBoundary._build_trust_boundary_lookup_urls €ô"س#ذ#r#cَZ—tjdtd¬«|j«Srç)rˆr‰rٹrér?s r"r®zGCredentialsWithTrustBoundary._build_regional_access_boundary_lookup_urls(€ـڈ ‰ طdـطُ ً ×4ر4س6ذ6r#rJ) rYrZr[r\rr^r_rér®r`ras@r"rهrهّs,ّ„ٌô ً ×رٌ$ًَ$÷7r#rهrJ).r\r^عenumrعloggingrgعtypingrrrrعurllib.parserrˆعgoogle.authr r rrr عgoogle.auth._credentials_baserعgoogle.auth._refresh_workerrعgoogle.auth.transportعgooglerrعstrع__annotations__ع&NO_OP_TRUST_BOUNDARY_ENCODED_LOCATIONSع getLoggerr¯rrcrnrsrwrµعABCMetar؟rرr×rظr.rهr9r#r"ْrùsًٍ "م فغغ ك6س6ف!غ÷3ف7ف"فف:ف<لغ à*ذً-/ذ S، س.ط).ذ&à ˆ'× ر ذ2س 3€ôG.ذ"ôG.ôT +ôô,MکkôMô Kô ô"h ¨Kôh ôV"?ک;ô"?ôJ@Bکsں{™{ُ@BôF*Jˆ^ô*JَZô8Aکں™ُAô@ گô ô7ذ#Hُ7r#