o i2@sddlmZddlZddlZddlZddlmZddlmZm Z ddl m Z m Z m Z mZddlmZddlmZmZmZmZmZdd lmZmZdd lmZmZer`dd l mZmZdd lmZGd ddZ e Z!e!j"Z"e!j#Z#e!j$Z$e!j%Z%e!j&Z&e!j'Z'e!j(Z(dS)) annotationsN)Sequence) TYPE_CHECKINGAny) Algorithmget_default_algorithms has_cryptorequires_cryptography)PyJWK) DecodeErrorInvalidAlgorithmErrorInvalidKeyErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)InsecureKeyLengthWarningRemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys) SigOptionsc@seZdZdZ  dJdKd d ZedLd d ZdMddZdNddZdOddZ dPddZ     dQdRd,d-Z .   dSdTd6d7Z .   dSdUd9d:Z dVd;d<ZdWd>d?Z . dXdYdCdDZdZdEdFZd[dHdIZdS)\PyJWSZJWTN algorithmsSequence[str] | NoneoptionsSigOptions | NonereturnNonecCstt|_|dur t|nt|j|_t|jD] }||jvr$|j|=q||_|dur8i|j||_dSdS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsr)selfrrkeyr'B/home/app/Keep/.python/lib/python3.10/site-packages/jwt/api_jws.py__init__"s  zPyJWS.__init__rcCs dddS)NTF)verify_signatureenforce_minimum_key_lengthr'r'r'r'r(r$5s zPyJWS._get_default_optionsalg_idstralg_objrcCs>||jvr tdt|tstd||j|<|j|dS)z Registers a new Algorithm for use when creating and verifying tokens. :param str alg_id: the ID of the Algorithm :param alg_obj: the Algorithm object :type alg_obj: Algorithm z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorr!add)r%r,r.r'r'r(register_algorithm9s   zPyJWS.register_algorithmcCs*||jvr td|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens :param str alg_id: the ID of the Algorithm :raises KeyError: if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorr!remove)r%r,r'r'r(unregister_algorithmJs zPyJWS.unregister_algorithm list[str]cCs t|jS)zh Returns a list of supported values for the `alg` parameter. :rtype: list[str] )r"r!)r%r'r'r(get_algorithmsYs zPyJWS.get_algorithmsalg_namec CsNz|j|WSty&}zts|tvrtd|d|td|d}~ww)a/ For a given string name, return the matching Algorithm object. Example usage: >>> jws_obj = PyJWS() >>> jws_obj.get_algorithm_by_name("RS256") :param alg_name: The name of the algorithm to retrieve :type alg_name: str :rtype: Algorithm z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)rr4r r NotImplementedError)r%r9er'r'r(get_algorithm_by_nameas    zPyJWS.get_algorithm_by_nameHS256FTpayloadbytesr&(AllowedPrivateKeys | PyJWK | str | bytes algorithm str | Noneheadersdict[str, Any] | None json_encodertype[json.JSONEncoder] | Noneis_payload_detachedbool sort_headerscCsg}|durt|tr|j} nd} n|} |r,|d} | r!|d} |d} | dur,d}|j| d} |r>||| || dsE| d=|rLd| d<nd| vrS| d=tj| d||d  } | t | |rj|}nt |}| |d |}| | }t|tr|j}||}||}|r|jd drt|tj|td d |||}| t ||rd|d<d |}|dS)Nnonealgb64FT)typrLrN),:) separatorscls sort_keys.r+ stacklevelrutf-8)r0r algorithm_nameget header_typ_validate_headersupdatejsondumpsencodeappendrjoinr=r& prepare_keycheck_key_lengthrrwarningswarnrsigndecode)r%r?r&rBrDrFrHrJsegmentsZ algorithm_Z headers_algZ headers_b64headerZ json_headerZ msg_payload signing_inputr.key_length_msg signatureencoded_stringr'r'r(ravsb                 z PyJWS.encodejwt str | bytes'AllowedPublicKeys | PyJWK | str | bytesdetached_payload bytes | Nonekwargsdict[str, Any]c Ks|rtjdt|tdd|dur|j}ni|j|}|d}|r1|s1t|ts1td| |\} } } } | dddurY|durJtd |} d | d d d | g} |rd| | | | ||| | | d S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rUrVr*z\It is required that you pass in a value for the "algorithms" argument when calling decode().rMTFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rTrr)r?rkrn)rfrgtupler#rrr0r r _loadr[rcrsplit_verify_signature) r%rqr&rrrtrvZmerged_optionsr*r?rlrkrnr'r'r(decode_completes<  zPyJWS.decode_completercKs>|rtjdt|tdd|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rUrV)rtr?)rfrgrxr#rr|)r%rqr&rrrtrvdecodedr'r'r(ris   z PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a `dict` Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete rU)ryr])r%rqrDr'r'r(get_unverified_headers zPyJWS.get_unverified_header*tuple[bytes, bytes, dict[str, Any], bytes]c Cslt|tr |d}t|tstdtz|dd\}}|dd\}}Wnty9}ztd|d}~wwzt|}Wnt t j fyT}ztd|d}~wwzt |}Wntyp} ztd| | d} ~ wwt|tsztdzt|} Wnt t j fy}ztd |d}~wwzt|} Wnt t j fy}ztd |d}~ww| ||| fS) NrYz$Invalid token type. Token must be a rTrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r0r-rar@r rzsplitr/rr1binasciiErrorr_loadsdict) r%rqrlZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarkr<r?rnr'r'r(rysL            z PyJWS._loadrlrkrnc Cs|dur t|tr |jg}z|d}Wn tytddw|r*|dur.||vr.tdt|tr:|j}|j}nz||}WntyR} ztd| d} ~ ww| |}| |} | rr|j ddrjt | tj| tdd||||s}td dS) NrLzAlgorithm not specifiedz&The specified alg value is not allowedr:r+FrVzSignature verification failed)r0r rZr4r rr&r=r;rdrerr[rrfrgrverifyr) r%rlrkrnr&rrLr.Z prepared_keyr<rmr'r'r(r{Cs6       zPyJWS._verify_signaturecCsd|vr ||ddSdS)Nkid) _validate_kid)r%rDr'r'r(r]iszPyJWS._validate_headersrcCst|ts tddS)Nz(Key ID header parameter must be a string)r0r-r)r%rr'r'r(rms zPyJWS._validate_kid)NN)rrrrrr)rr)r,r-r.rrr)r,r-rr)rr7)r9r-rr)r>NNFT)r?r@r&rArBrCrDrErFrGrHrIrJrIrr-)rpNNN)rqrrr&rsrrrrrtrurvrwrrw)rqrrr&rsrrrrrtrurvrwrr)rqrrrrw)rqrrrr)rpN) rlr@rkrwrnr@r&rsrrrr)rDrwrr)rrrr)__name__ __module__ __qualname__r\r) staticmethodr$r3r6r8r=rar|rir~ryr{r]rr'r'r'r(rsD       X 4  + &r)) __future__rrr_rfcollections.abcrtypingrrrrrr r Zapi_jwkr exceptionsr r rrrutilsrrrrrrtypesrrZ_jws_global_objrar|rir3r6r=r~r'r'r'r(s2    U