o Ѱi2@sddlmZddlZddlZddlZddlmZddlmZm Z ddl m Z m Z m Z mZddlmZddlmZmZmZmZmZdd lmZmZdd lmZmZer`dd l mZmZdd lmZGd ddZ e Z!e!j"Z"e!j#Z#e!j$Z$e!j%Z%e!j&Z&e!j'Z'e!j(Z(dS)) annotationsN)Sequence) TYPE_CHECKINGAny) Algorithmget_default_algorithms has_cryptorequires_cryptography)PyJWK) DecodeErrorInvalidAlgorithmErrorInvalidKeyErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)InsecureKeyLengthWarningRemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys) SigOptionsc@seZdZdZ  dJdKd d ZedLd d ZdMddZdNddZdOddZ dPddZ     dQdRd,d-Z .   dSdTd6d7Z .   dSdUd9d:Z dVd;d<ZdWd>d?Z . dXdYdCdDZdZdEdFZd[dHdIZdS)\PyJWSJWTN algorithmsSequence[str] | NoneoptionsSigOptions | NonereturnNonecCstt|_|dur t|nt|j|_t|jD] }||jvr$|j|=q||_|dur8i|j||_dSdS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsr)selfrrkeyr(?/home/ubuntu/.local/lib/python3.10/site-packages/jwt/api_jws.py__init__"s  zPyJWS.__init__rcCs dddS)NTF)verify_signatureenforce_minimum_key_lengthr(r(r(r(r)r%5s zPyJWS._get_default_optionsalg_idstralg_objrcCs>||jvr tdt|tstd||j|<|j|dS)z Registers a new Algorithm for use when creating and verifying tokens. :param str alg_id: the ID of the Algorithm :param alg_obj: the Algorithm object :type alg_obj: Algorithm z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorr"add)r&r-r/r(r(r)register_algorithm9s   zPyJWS.register_algorithmcCs*||jvr td|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens :param str alg_id: the ID of the Algorithm :raises KeyError: if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)r KeyErrorr"remove)r&r-r(r(r)unregister_algorithmJs zPyJWS.unregister_algorithm list[str]cCs t|jS)zh Returns a list of supported values for the `alg` parameter. :rtype: list[str] )r#r")r&r(r(r)get_algorithmsYs zPyJWS.get_algorithmsalg_namec CsNz|j|WSty&}zts|tvrtd|d|td|d}~ww)a/ For a given string name, return the matching Algorithm object. Example usage: >>> jws_obj = PyJWS() >>> jws_obj.get_algorithm_by_name("RS256") :param alg_name: The name of the algorithm to retrieve :type alg_name: str :rtype: Algorithm z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)r r5r r NotImplementedError)r&r:er(r(r)get_algorithm_by_nameas    zPyJWS.get_algorithm_by_nameHS256FTpayloadbytesr'(AllowedPrivateKeys | PyJWK | str | bytes algorithm str | Noneheadersdict[str, Any] | None json_encodertype[json.JSONEncoder] | Noneis_payload_detachedbool sort_headerscCsg}|durt|tr|j} nd} n|} |r,|d} | r!|d} |d} | dur,d}|j| d} |r>||| || dsE| d=|rLd| d<nd| vrS| d=tj| d||d  } | t | |rj|}nt |}| |d |}| | }t|tr|j}||}||}|r|jd drt|tj|td d |||}| t ||rd|d<d |}|dS)Nnonealgb64FT)typrMrO),:) separatorscls sort_keys.r, stacklevelrutf-8)r1r algorithm_nameget header_typ_validate_headersupdatejsondumpsencodeappendrjoinr>r' prepare_keycheck_key_lengthrrwarningswarnrsigndecode)r&r@r'rCrErGrIrKsegments algorithm_ headers_alg headers_b64header json_header msg_payload signing_inputr/key_length_msg signatureencoded_stringr(r(r)rbvsb                 z PyJWS.encodejwt str | bytes'AllowedPublicKeys | PyJWK | str | bytesdetached_payload bytes | Nonekwargsdict[str, Any]c Ks|rtjdt|tdd|dur|j}ni|j|}|d}|r1|s1t|ts1td| |\} } } } | dddurY|durJtd |} d | d d d | g} |rd| | | | ||| | | d S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rVrWr+z\It is required that you pass in a value for the "algorithms" argument when calling decode().rNTFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rUrr)r@rort)rgrhtupler$rrr1r r _loadr\rdrsplit_verify_signature) r&rwr'rrrzr|merged_optionsr+r@rrrortr(r(r)decode_completes<  zPyJWS.decode_completercKs>|rtjdt|tdd|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rVrW)rzr@)rgrhr~r$rr)r&rwr'rrrzr|decodedr(r(r)rjs   z PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a `dict` Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete rV)rr^)r&rwrEr(r(r)get_unverified_headers zPyJWS.get_unverified_header*tuple[bytes, bytes, dict[str, Any], bytes]c Cslt|tr |d}t|tstdtz|dd\}}|dd\}}Wnty9}ztd|d}~wwzt|}Wnt t j fyT}ztd|d}~wwzt |}Wntyp} ztd| | d} ~ wwt|tsztdzt|} Wnt t j fy}ztd |d}~wwzt|} Wnt t j fy}ztd |d}~ww| ||| fS) NrZz$Invalid token type. Token must be a rUrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r1r.rbrAr rsplitr0rr2binasciiErrorr`loadsdict) r&rwrrcrypto_segmentheader_segmentpayload_segmenterr header_dataror=r@rtr(r(r)rsL            z PyJWS._loadrrrortc Cs|dur t|tr |jg}z|d}Wn tytddw|r*|dur.||vr.tdt|tr:|j}|j}nz||}WntyR} ztd| d} ~ ww| |}| |} | rr|j ddrjt | tj| tdd||||s}td dS) NrMzAlgorithm not specifiedz&The specified alg value is not allowedr;r,FrWzSignature verification failed)r1r r[r5r rr'r>r<rerfrr\rrgrhrverifyr) r&rrrortr'rrMr/ prepared_keyr=rsr(r(r)rCs6       zPyJWS._verify_signaturecCsd|vr ||ddSdS)Nkid) _validate_kid)r&rEr(r(r)r^iszPyJWS._validate_headersrcCst|ts tddS)Nz(Key ID header parameter must be a string)r1r.r)r&rr(r(r)rms zPyJWS._validate_kid)NN)rrrrrr)rr)r-r.r/rrr)r-r.rr)rr8)r:r.rr)r?NNFT)r@rAr'rBrCrDrErFrGrHrIrJrKrJrr.)rvNNN)rwrxr'ryrrrrrzr{r|r}rr})rwrxr'ryrrrrrzr{r|r}rr)rwrxrr})rwrxrr)rvN) rrrAror}rtrAr'ryrrrr)rEr}rr)rrrr)__name__ __module__ __qualname__r]r* staticmethodr%r4r7r9r>rbrrjrrrr^rr(r(r(r)rsD       X 4  + &r)) __future__rrr`rgcollections.abcrtypingrrrrrr r api_jwkr exceptionsr r rrrutilsrrrrrrtypesrr_jws_global_objrbrrjr4r7r>rr(r(r(r)s2    U