o ib@sHUddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZmZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZm Z zdd l!m"Z"m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4ddl5m6Z6m7Z7ddl8m9Z9m:Z:ddl;mZ>m?Z?m@Z@mAZAmBZBmCZCddlDmEZEmFZFmGZGmHZHmIZImJZJmKZKefZLe1e3fZMe9e:e6e7fZNeLeMeNZOee3e:e7fZQe seReSddrLddlTZTeTjUdkrddl mVZVnddlWmVZVddlXmYZYmZZZeefZ[de\d<ee1e3fZ]de\d<ee9e:e6e7fZ^de\d<ee[e]e^fZ_de\d<eee3e:e7fZade\d<dZbWn ecy[dZbYnwhd Zdd3d#d$ZeGd%d&d&eZfGd'd(d(efZgGd)d*d*efZhebrGd+d,d,efZiGd-d.d.efZjGd/d0d0eiZkGd1d2d2efZldSdS)4) annotationsN)ABCabstractmethod) TYPE_CHECKINGAnyClassVarLiteralNoReturnUnioncastoverloadInvalidKeyError) HashlibHashJWKDict) base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uint is_pem_format is_ssh_keyraw_to_der_signatureto_base64url_uint)InvalidSignatureUnsupportedAlgorithm)default_backend)hashes)padding) ECDSA SECP256K1 SECP256R1 SECP384R1 SECP521R1 EllipticCurveEllipticCurvePrivateKeyEllipticCurvePrivateNumbersEllipticCurvePublicKeyEllipticCurvePublicNumbers)Ed448PrivateKeyEd448PublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_keyZ SPHINX_BUILD) ) TypeAlias)PrivateKeyTypesPublicKeyTypesr@AllowedRSAKeys AllowedECKeysAllowedOKPKeys AllowedKeysAllowedPrivateKeysAllowedPublicKeysTF> RS512RS384RS256ES384ES256KPS384ES256ES521PS256PS512EdDSAES512returndict[str, Algorithm]cCstttjttjttjd}trL|ttjttjttjttjt ttjt ttjt ttjt ttjt t t jt t jt t jtd |S)zE Returns the algorithms that are implemented by the library. )noneZHS256ZHS384ZHS512) rKrJrIrOrMrLrPrTrQrNrRrS) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmr"r!r#r$RSAPSSAlgorithm OKPAlgorithm)Zdefault_algorithmsrcE/home/app/Keep/.python/lib/python3.10/site-packages/jwt/algorithms.pyget_default_algorithmss0    rec@seZdZUdZdZded<d,dd Zd-d dZed.ddZ ed/ddZ ed0ddZ e e ed1ddZe e e d2d3d"dZe ed2d4d$dZe ed5d'd(Zd6d*d+ZdS)7 AlgorithmzH The interface for an algorithm used to sign and verify tokens. Nz$tuple[type[AllowedKeys], ...] | None_crypto_key_typesbytestrbytesrUcCsjt|dd}|dur ttr-t|tr-t|tjr-tj|t d}| |t | St || S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorr] isinstancetype issubclassrZ HashAlgorithmZHashrr^rifinalizedigest)selfrhrjrrrcrcrdcompute_hash_digests    zAlgorithm.compute_hash_digestkey PublicKeyTypes | PrivateKeyTypesNonecCs`tr|jdur tdt||js.dd|jD}|jj}|jj}td|d|d|dS)acCheck that the key belongs to the right cryptographic family. Note that this method only works when ``cryptography`` is installed. :param key: Potentially a cryptography key :type key: :py:data:`PublicKeyTypes ` | :py:data:`PrivateKeyTypes ` :raises ValueError: if ``cryptography`` is not installed, or this method is called by a non-cryptography algorithm :raises InvalidKeyError: if the key doesn't match the expected key classes NzhThis method requires the cryptography library, and should only be used by cryptography-based algorithms.css|]}|jVqdSN)__name__).0clsrcrcrd sz2Algorithm.check_crypto_key_type..zExpected one of z, got: z. Invalid Key type for )r]rg ValueErrorrn __class__ryr)rsruZ valid_classesZ actual_classZ self_classrcrcrdcheck_crypto_key_types  zAlgorithm.check_crypto_key_typercCdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nrcrsrurcrcrd prepare_keyzAlgorithm.prepare_keymsgcCr)zn Returns a digital signature for the specified message using the specified key value. NrcrsrrurcrcrdsignrzAlgorithm.signsigboolcCr)zz Verifies that the specified digital signature is valid for the specified message and key values. NrcrsrrurrcrcrdverifyrzAlgorithm.verifykey_objas_dict Literal[True]rcCdSrxrcrrrcrcrdto_jwk szAlgorithm.to_jwkFLiteral[False]strcCrrxrcrrcrcrdr JWKDict | strcCr)z3 Serializes a given key into a JWK Nrcrrcrcrdrrjwk str | JWKDictcCr)zJ Deserializes a given key from JWK back into a key object Nrcrrcrcrdfrom_jwkrzAlgorithm.from_jwk str | NonecCr)z Return a warning message if the key is below the minimum recommended length for this algorithm, or None if adequate. Nrcrrcrcrdcheck_key_length#rzAlgorithm.check_key_length)rhrirUri)rurvrUrw)rurrUr)rrirurrUri)rrirurrrirUr)rrrrrUrF)rrrrrUr)rrrrrUr)rrrUr)rurrUr)ry __module__ __qualname____doc__rg__annotations__rtrrrrrr staticmethodrrrrcrcrcrdrfs6       rfc@sLeZdZdZdddZdd d ZdddZedd ddZed!ddZ dS)"rXzZ Placeholder for use when no signing or verification operations are required. rurrUrwcCs |dkrd}|durtd|S)Nr=z*When alg = "none", key value must be None.rrrcrcrdr1s zNoneAlgorithm.prepare_keyrricCr)Nrcrrcrcrdr:zNoneAlgorithm.signrrcCr)NFrcrrcrcrdr=rzNoneAlgorithm.verifyFrrrr cCtrxrmrrcrcrdr@zNoneAlgorithm.to_jwkrrcCrrxrrrcrcrdrDrzNoneAlgorithm.from_jwkN)rurrUrw)rrirurwrUri)rrirurwrrirUrr)rrrrrUr )rrrUr ) ryrrrrrrrrrrcrcrcrdrX+s  rXc@seZdZUdZejZded<ejZ ded<ej Z ded<d,d d Z d-ddZ eed.ddZeed/d0ddZed/d1ddZed2d d!Zd3d#d$Zd4d&d'Zd5d)d*Zd+S)6rYzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rZr[r\rjrrUrwcC ||_dSrxrjrsrjrcrcrd__init__S zHMACAlgorithm.__init__ru str | bytesricCs$t|}t|s t|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrr)rsru key_bytesrcrcrdrVs zHMACAlgorithm.prepare_keyrrrrcCrrxrcrrcrcrdrazHMACAlgorithm.to_jwkFrrcCrrxrcrrcrcrdrerrrcCs(tt|dd}|r|St|S)Noct)kkty)rrdecodejsondumps)rrrrcrcrdris  rrcCsjzt|tr t|}n t|tr|}ntWn ty#tddw|ddkr/tdt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rnrrloadsdictr}rgetr)robjrcrcrdrus      zHMACAlgorithm.from_jwkrcCs@|j}t||krdt|d|d|jdSdS)NzThe HMAC key is z> bytes long, which is below the minimum recommended length of z bytes for z. See RFC 7518 Section 3.2.)rj digest_sizelennameupper)rsru min_lengthrcrcrdrs    zHMACAlgorithm.check_key_lengthrcCst|||jSrx)hmacnewrjrrrrcrcrdrzHMACAlgorithm.signrcCst||||Srx)rcompare_digestrrrcrcrdrrzHMACAlgorithm.verifyN)rjrrUrw)rurrUri)rrrrrUrr)rrrrrUr)rrrrrUr)rrrUri)rurirUr)rrirurirUri)rrirurirrirUr)ryrrrhashlibsha256rZrsha384r[sha512r\rrr rrrrrrrcrcrcrdrYIs(       rYc@seZdZUdZejZded<ejZded<ejZded<e Z dZ ded<d2d dZ d3ddZ d4ddZeed5ddZeed6d7d dZed6d8d#dZed9d&d'Zd:d+d,Zd;d/d0Zd1S) 2 primes not supported)rrrrrcsg|]}|vqSrcrc)rzproprrcrd sz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rnrrrrr}rranyallr1rr/r5rrr2r3r4rr) rZ other_propsZ props_foundZany_props_foundrrrrrrcrrdrs~                    zRSAAlgorithm.from_jwkrrir.cCs||t|}|Srx)rrPKCS1v15rjrsrru signaturercrcrdrHszRSAAlgorithm.signr0rcCs4z|||t|WdStyYdSw)NTF)rrrrjrrrcrcrdrLs  zRSAAlgorithm.verifyN)rjrrUrw)rurCrUr)rurrUrC)rrCrrrUrr)rrCrrrUr)rrCrrrUr)rrrUrCrrirur.rUrirrirur0rrirUr)ryrrrrrZrr[r\ALLOWED_RSA_KEY_TYPESrgrrrrr rrrrrrcrcrcrdr_s,     &  Gr_c@seZdZUdZejZded<ejZded<ejZded<e Z d/d0d dZ d1ddZ d2ddZ d3ddZd4ddZeed5d#d$Zeed6d7d(d$Zed6d8d*d$Zed9d-d.ZdS):r`zr Performs signing and verification operations using ECDSA and the specified hash function rrZr[r\Nrjrexpected_curvetype[EllipticCurve] | NonerUrwcCs||_||_dSrx)rjr)rsrjrrcrcrdr_s zECAlgorithm.__init__rurDcCs>|jdurdSt|j|jstd|jjd|jjddS)z9Validate that the key's curve matches the expected curve.NzThe key's curve 'z%' does not match the expected curve 'z' for this algorithm)rrncurverrrrcrcrd_validate_curvegs  zECAlgorithm._validate_curveAllowedECKeys | str | bytescCst||jr |||St|ttfstdt|}z |dr't|}nt |}| |t t |}|||WSt y\t|dd}| |t t|}|||YSw)Nrs ecdsa-sha2-r)rnrgrrirrrrr<r;rr r(r}r:r&)rsrurrZ ec_public_keyrZec_private_keyrcrcrdrrs*            zECAlgorithm.prepare_keyrrir&cCs ||t|}t||jSrx)rr rjrr)rsrruder_sigrcrcrdrs zECAlgorithm.signrrcCsnzt||j}Wn tyYdSwzt|tr|n|}|||t|WdSt y6YdSw)NFT) rrr}rnr&rrr rjr)rsrrurrrrcrcrdrs   zECAlgorithm.verifyrrrrcCrrxrcrrcrcrdrrzECAlgorithm.to_jwkFrrcCrrxrcrrcrcrdrrrcCst|tr |}nt|tr|}ntdt|jtr#d}n#t|jtr,d}nt|jt r5d}nt|jt r>d}ntd|jd|t |j |jj dt |j|jj dd }t|trst |j|jj d|d <|rw|St|S) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rnr&rrr(rrr"r#r$r!rrrrrrZ private_valuerr)rrrrrrcrcrdrsJ         rrcCszt|tr t|}n t|tr|}ntWn ty#tddw|ddkr0tddd|vs8d|vr=tddt|d}t|d}|d}|dkrmt |t |krbd krhnnt }netd d|d krt |t |krd krnnt }nHtd d|dkrt |t |krdkrnnt }n+tdd|dkrt |t |krd krntdt }n tdtd|ttj|ddtj|dd|d}d|vr|St|d}t |t |krtdt ||ttj|dd|S)NrrrzNot an Elliptic curve keyrrrr z)Coords should be 32 bytes for curve P-256r0z)Coords should be 48 bytes for curve P-384rBz)Coords should be 66 bytes for curve P-521rz-Coords should be 32 bytes for curve secp256k1rbig) byteorder)rrrrz!D should be {} bytes for curve {})rnrrrrr}rrrrr"r#r$r!r)int from_bytesrr'r)rrrrrZ curve_objrrrcrcrdrs              zECAlgorithm.from_jwkrx)rjrrrrUrw)rurDrUrw)rurrUrD)rrirur&rUri)rrirurDrrirUr)rrDrrrUrr)rrDrrrUr)rrDrrrUr)rrrUrD)ryrrrrrZrr[r\ALLOWED_EC_KEY_TYPESrgrrrrrr rrrrcrcrcrdr`Ss,    +r`c@s$eZdZdZdddZdd d ZdS)razA Performs a signature using RSASSA-PSS with MGF1 rrirur.rUcCs0||tjt||jd|}|S)NZmgfZ salt_length)rrPSSMGF1rjrrrcrcrdr*s zRSAPSSAlgorithm.signr0rrc CsJz|||tjt||jd|WdSty$YdSw)NrTF)rrrr rjrrrrcrcrdr5s  zRSAPSSAlgorithm.verifyNrr)ryrrrrrrcrcrcrdra%s  rac@seZdZdZeZd'ddZd(d d Zd)ddZd*ddZ e e d+ddZ e e d,d-ddZ e d,d.d!dZ e d/d$d%Z d&S)0rbz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrUrwcKrrxrc)rsr rcrcrdrMrzOKPAlgorithm.__init__ruAllowedOKPKeys | str | bytesrEcCst|ttfs|||St|tr|dn|}t|tr$|dn|}d|vr/t|}nd|vr:t|dd}n|dddkrGt|}nt d||t d |S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-rrE) rnrrirrencoder;r:r<rr )rsruZkey_strrZ loaded_keyrcrcrdrPs     zOKPAlgorithm.prepare_keyrr#Ed25519PrivateKey | Ed448PrivateKeyricCs&t|tr |dn|}||}|S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes r )rnrrr)rsrru msg_bytesrrcrcrdrfs zOKPAlgorithm.signrrcCsrz.t|tr |dn|}t|tr|dn|}t|ttfr$|n|}|||WdSty8YdSw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. r TF)rnrrr,r*rrr)rsrrurrZ sig_bytesrrcrcrdrts     zOKPAlgorithm.verifyrrrcCrrxrcrurrcrcrdrrzOKPAlgorithm.to_jwkFrrcCrrxrcrrcrcrdrrrcCst|ttfr.|jtjtjd}t|trdnd}tt| d|d}|r)|St |St|t t frp|jtjtjtd}|jtjtjd}t|t rRdnd}tt| tt| d|d}|rk|St |Std) N)encodingformatEd25519Ed448OKP)rrr)rrZencryption_algorithm)rrrrr)rnr-r+ public_bytesr6ZRawr9rrrrrr,r*Z private_bytesr8r7rr)rurrrrrrcrcrdrsB  rrc Cszt|tr t|}n t|tr|}ntWn ty#tddw|ddkr/td|d}|dkrC|dkrCtd|d |vrKtd t|d }z+d |vrg|dkrat |WSt |WSt|d }|dkrxt |WSt |WSty}ztd |d}~ww) NrrrzNot an Octet Key PairrrrrrzOKP should have "x" parameterrzInvalid key parameter)rnrrrrr}rrrr-Zfrom_public_bytesr+r,Zfrom_private_bytesr*)rrrrrerrrcrcrdrs>           zOKPAlgorithm.from_jwkN)r rrUrw)rur rUrE)rrrurrUri)rrrurErrrUr)rurErrrUrr)rurErrrUr)rurErrrUr)rrrUrE)ryrrrALLOWED_OKP_KEY_TYPESrgrrrrr rrrrcrcrcrdrbDs"    .rb)rUrV)m __future__rrrrosabcrrtypingrrrrr r r r exceptionsrtypesrrutilsrrrrrrrrrZcryptography.exceptionsrrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrZ,cryptography.hazmat.primitives.asymmetric.ecr r!r"r#r$r%r&r'r(r)Z/cryptography.hazmat.primitives.asymmetric.ed448r*r+Z1cryptography.hazmat.primitives.asymmetric.ed25519r,r-Z-cryptography.hazmat.primitives.asymmetric.rsar.r/r0r1r2r3r4r5Z,cryptography.hazmat.primitives.serializationr6r7r8r9r:r;r<rrrZALLOWED_KEY_TYPESZALLOWED_PRIVATE_KEY_TYPESZALLOWED_PUBLIC_KEY_TYPESrgetenvsys version_infor@Ztyping_extensionsZ/cryptography.hazmat.primitives.asymmetric.typesrArBrCrrDrErFrGrHr]ModuleNotFoundErrorZrequires_cryptographyrerfrXrYr_r`rarbrcrcrcrds( ,    0 ($             "lO:S