o i:@sddlZddlZddlZddlZddlZeeZddZddZ Gddde Z Gdd d e Z Gd d d e Z e Ze Ze je_dS) NcCsz|jddWS|YS)Nzutf-8)encoding)encode)rawrO/home/app/Keep/.python/lib/python3.10/site-packages/msal/oauth2cli/assertion.py _str2bytes srcCstt|SN)base64urlsafe_b64encodebinasciia2b_hexdecode)Z thumbprintrrr_encode_thumbprintsrc@s&eZdZ  dddZ dddZdS) AssertionCreatorNXc Kstd)a+Create an assertion in bytes, based on the provided claims. All parameter names are defined in https://tools.ietf.org/html/rfc7521#section-5 except the expires_in is defined here as lifetime-in-seconds, which will be automatically translated into expires_at in UTC. z Will be implemented by sub-class)NotImplementedError) selfaudienceissuersubject expires_at expires_in issued_at assertion_idkwargsrrrcreate_normal_assertions z(AssertionCreator.create_normal_assertionc s*t|||||ffdd t|dddS)zCreate an assertion as a callable, which will then compute the assertion later when necessary. This is a useful optimization to reuse the client assertion. csj|||fd|i|S)Nr)r)aiserrrr)sz@AssertionCreator.create_regenerative_assertion..<r)r) AutoRefreshermax)rrrrrrrr rcreate_regenerative_assertion!s z.AssertionCreator.create_regenerative_assertion)NrNN)Nr)__name__ __module__ __qualname__rr%rrrrrs   rc@s"eZdZdZdddZddZdS) r#aCache the output of a factory, and auto-refresh it when necessary. Usage:: r = AutoRefresher(time.time, expires_in=5) for i in range(15): print(r()) # the timestamp change only after every 5 seconds time.sleep(1) cCs||_||_i|_dSr)_factory _expires_in_buf)rfactoryrrrr__init__6s zAutoRefresher.__init__cCs\d\}}t}|j|d|kr#td|||||ji|_ntd|j|S)N)rvaluerzRegenerating new assertionzReusing still valid assertion)timer,getloggerdebugr*r+)rZ EXPIRES_ATZVALUEnowrrr__call__:s   zAutoRefresher.__call__N)r))r&r'r(__doc__r.r5rrrrr#.s  r#c@s.eZdZ dddddZ   d ddZdS) JwtAssertionCreatorN)sha256_thumbprintcCsB||_||_|p i|_|rt||jd<|rt||jd<dSdS)a6Construct a Jwt assertion creator. Args: key (str): An unencrypted private key for signing, in a base64 encoded string. It can also be a cryptography ``PrivateKey`` object, which is how you can work with a previously-encrypted key. See also https://github.com/jpadilla/pyjwt/pull/525 algorithm (str): "RS256", etc.. See https://pyjwt.readthedocs.io/en/latest/algorithms.html RSA and ECDSA algorithms require "pip install cryptography". sha1_thumbprint (str): The x5t aka X.509 certificate SHA-1 thumbprint. headers (dict): Additional headers, e.g. "kid" or "x5c" etc. sha256_thumbprint (str): The x5t#S256 aka X.509 certificate SHA-256 thumbprint. zx5t#S256Zx5tN)key algorithmheadersr)rr9r:Zsha1_thumbprintr;r8rrrr.Fs zJwtAssertionCreator.__init__rc Ksddl} t} |||p ||p| ||p| |pttd} |r%|| d<| | p*iz| j| |j|j|j d}t |WS|j dsM|j drRt d) zCreate a JWT Assertion. Parameters are defined in https://tools.ietf.org/html/rfc7523#section-3 Key-value pairs in additional_claims will be added into payload as-is. rN)ZaudZisssubexpZiatZjtiZnbf)r:r;ZRSESzSome algorithms requires "pip install cryptography". See https://pyjwt.readthedocs.io/en/latest/installation.html#cryptographic-dependencies-optional)jwtr0struuiduuid4updaterr9r:r;r startswithr2 exception)rrrrrrrrZ not_beforeZadditional_claimsrr?r4payloadZ str_or_bytesrrrrcs.   z+JwtAssertionCreator.create_normal_assertion)NN)NNrNNNN)r&r'r(r.rrrrrr7Es r7)r0r r rAlogging getLoggerr&r2rrobjectrr#r7ZSignerZ JwtSignerrZsign_assertionrrrrs A