U ڲg,@sddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z m Z ddl mZddlmZmZmZmZddlmZmZdd lmZerdd lmZmZGd d d ZeZejZejZejZejZej Z ej!Z!ej"Z"dS) ) annotationsN) TYPE_CHECKINGAny) Algorithmget_default_algorithms has_cryptorequires_cryptography)PyJWK) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc @s"eZdZdZd@ddddddZed d d d Zd dddddZd ddddZdd ddZ d ddddZ dAddd dd!d"d"d d#d$d%Z dBd'd(ddd)d*d+d,d-Z dCd'd(ddd)d.d+d/d0Z d'd*d1d2d3Zd'd4d1d5d6ZdDdd*dd(ddd7d8d9Zd*dd:d;d<Zd.dd=d>d?ZdS)EPyJWSZJWTNzlist[str] | Nonezdict[str, Any] | NoneNone) algorithmsoptionsreturncCsht|_|dk rt|nt|j|_t|jD]}||jkr2|j|=q2|dkrVi}|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsr)selfrrkeyr!//tmp/pip-unpacked-wheel-ecrjo5d0/jwt/api_jws.py__init__s  zPyJWS.__init__zdict[str, bool])rcCsddiS)Nverify_signatureTr!r!r!r!r"r2szPyJWS._get_default_optionsstrr)alg_idalg_objrcCs>||jkrtdt|ts$td||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)rr&r'r!r!r"register_algorithm6s    zPyJWS.register_algorithm)r&rcCs*||jkrtd|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr&r!r!r"unregister_algorithmCs  zPyJWS.unregister_algorithmz list[str]cCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rr!r!r"get_algorithmsQszPyJWS.get_algorithms)alg_namerc Cs\z |j|WStk rV}z,ts<|tkr>> jws_obj.get_algorithm_by_name("RS256") z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)rr-rr NotImplementedError)rr1er!r!r"get_algorithm_by_nameWs   zPyJWS.get_algorithm_by_nameHS256FTbytesz AllowedPrivateKeys | str | bytesz str | Noneztype[json.JSONEncoder] | Nonebool)payloadr algorithmheaders json_encoderis_payload_detached sort_headersrcCs,g}|dk r|nd} |rD|d} | r.|d} |d} | dkrDd}|j| d} |rh||| || dsv| d=|rd| d<nd| kr| d=tj| d||d } |t| |r|}nt|}||d |}| | }| |}| ||}|t||rd |d <d |}| d S)Nnonealgb64FT)typr@rB),:) separatorscls sort_keys.rutf-8)get header_typ_validate_headersupdatejsondumpsencodeappendrjoinr5 prepare_keysigndecode)rr9r r:r;r<r=r>segmentsZ algorithm_Z headers_algZ headers_b64headerZ json_headerZ msg_payload signing_inputr' signatureencoded_stringr!r!r"rQhsN              z PyJWS.encodez str | bytesz'AllowedPublicKeys | PyJWK | str | bytesz bytes | Nonezdict[str, Any])jwtr rrdetached_payloadrc Ks|rtdt|t|dkr*i}|j|}|d}|rV|sVt|tsVtd| |\} } } } | dddkr|dkrtd|} d | dd d | g} |r| | | | ||| | | d S) Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r$z\It is required that you pass in a value for the "algorithms" argument when calling decode().rATFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rHrr)r9rXrZ)warningswarntuplerrrr)r r _loadrKrSrsplit_verify_signature) rr]r rrr^kwargsZmerged_optionsr$r9rYrXrZr!r!r"decode_completes6  zPyJWS.decode_completercKs:|rtdt|t|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )r^r9)r_r`rarrrf)rr]r rrr^redecodedr!r!r"rVs z PyJWS.decode)r]rcCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete )rbrM)rr]r;r!r!r"get_unverified_headers zPyJWS.get_unverified_headerz*tuple[bytes, bytes, dict[str, Any], bytes]c Cst|tr|d}t|ts,tdtz$|dd\}}|dd\}}Wn,tk r|}ztd|W5d}~XYnXz t|}Wn2t t j fk r}ztd|W5d}~XYnXzt |}Wn2tk r} ztd| | W5d} ~ XYnXt|tstdz t|} Wn4t t j fk rT}ztd |W5d}~XYnXz t|} Wn4t t j fk r}ztd |W5d}~XYnX| ||| fS) NrJz$Invalid token type. Token must be a rHrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r)r%rQr7r rcsplitr(rr*binasciiErrorrOloadsdict) rr]rYZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarXr4r9rZr!r!r"rbs8    "   z PyJWS._load)rYrXrZr rrc Cs|dkrt|tr|jg}z |d}Wntk rBtdYnX|rX|dk r`||kr`tdt|trx|j}|j}nFz||}Wn,tk r} ztd| W5d} ~ XYnX| |}| |||st ddS)Nr@zAlgorithm not specifiedz&The specified alg value is not allowedr2zSignature verification failed) r)r Zalgorithm_namer-r rr r5r3rTverifyr ) rrYrXrZr rr@r'Z prepared_keyr4r!r!r"rd s$   zPyJWS._verify_signature)r;rcCsd|kr||ddS)Nkid) _validate_kid)rr;r!r!r"rM?szPyJWS._validate_headers)rqrcCst|tstddS)Nz(Key ID header parameter must be a string)r)r%r)rrqr!r!r"rrCs zPyJWS._validate_kid)NN)r6NNFT)r\NNN)r\NNN)r\N)__name__ __module__ __qualname__rLr# staticmethodrr,r/r0r5rQrfrVrirbrdrMrrr!r!r!r"rsB H0 +r)# __future__rrkrOr_typingrrrrrrr Zapi_jwkr exceptionsr r r rutilsrrrrrrZ_jws_global_objrQrfrVr,r/r5rir!r!r!r"s,   .