a "h-@sddlmZddlZddlZddlZddlmZddlmZm Z ddl m Z m Z m Z mZddlmZddlmZmZmZmZdd lmZmZdd lmZerdd l mZmZGd d d ZeZejZejZej Z ej!Z!ej"Z"ej#Z#ej$Z$dS)) annotationsN)Sequence) TYPE_CHECKINGAny) Algorithmget_default_algorithms has_cryptorequires_cryptography)PyJWK) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc @s"eZdZdZd?ddddddZed d d d Zd dddddZd ddddZdd ddZ d ddddZ d@ddddd d!d!d d"d#d$Z dAd&d'ddd(d)d*d+d,Z dBd&d'ddd(d-d*d.d/Z d&d)d0d1d2Zd&d3d0d4d5ZdCdd)dd'ddd6d7d8Zd)dd9d:d;Zd-dd<d=d>ZdS)DPyJWSZJWTNzSequence[str] | Nonezdict[str, Any] | NoneNone) algorithmsoptionsreturncCslt|_|durt|nt|j|_t|jD]}||jvr2|j|=q2|durVi}i|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsr)selfrrkeyr"G/var/www/html/requester/venv/lib/python3.9/site-packages/jwt/api_jws.py__init__ s  zPyJWS.__init__zdict[str, bool])rcCsddiS)Nverify_signatureTr"r"r"r"r#r3szPyJWS._get_default_optionsstrr)alg_idalg_objrcCs>||jvrtdt|ts$td||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)r r'r(r"r"r#register_algorithm7s    zPyJWS.register_algorithm)r'rcCs*||jvrtd|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)r r'r"r"r#unregister_algorithmDs  zPyJWS.unregister_algorithmz list[str]cCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)r r"r"r#get_algorithmsRszPyJWS.get_algorithms)alg_namerc Cs^z |j|WStyX}z4ts:|tvr:td|d|td|WYd}~n d}~00dS)z For a given string name, return the matching Algorithm object. Example usage: >>> jws_obj.get_algorithm_by_name("RS256") z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)rr.r r NotImplementedError)r r2er"r"r#get_algorithm_by_nameXs   zPyJWS.get_algorithm_by_nameFTbytesz(AllowedPrivateKeys | PyJWK | str | bytesz str | Noneztype[json.JSONEncoder] | Nonebool)payloadr! algorithmheaders json_encoderis_payload_detached sort_headersrcCsRg}|dur$t|tr|j} q(d} n|} |rX|d} | rB|d} |d} | durXd}|j| d} |r|||| || ds| d=|rd| d<nd| vr| d=tj| d||d  } | t | |r|}nt |}| |d |}| | }t|tr |j}||}|||}| t ||r>d |d <d |}|d S)NZHS256algb64FT)typr?rA),:) separatorscls sort_keys.rutf-8)r*r algorithm_nameget header_typ_validate_headersupdatejsondumpsencodeappendrjoinr6r! prepare_keysigndecode)r r9r!r:r;r<r=r>segmentsZ algorithm_Z headers_algZ headers_b64headerZ json_headerZ msg_payload signing_inputr( signatureencoded_stringr"r"r#rQisT                z PyJWS.encodez str | bytesz'AllowedPublicKeys | PyJWK | str | bytesz bytes | Nonezdict[str, Any])jwtr!rrdetached_payloadrc Ks|r"tjdt|tdd|dur.i}i|j|}|d}|r^|s^t|ts^td| |\} } } } | dddur|durtd |} d | d d d | g} |r| | | | ||| | | d S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelr%z\It is required that you pass in a value for the "algorithms" argument when calling decode().r@TFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rGrr)r9rXrZ)warningswarntuplerrrr*r r _loadrKrSrsplit_verify_signature) r r]r!rrr^kwargsZmerged_optionsr%r9rYrXrZr"r"r#decode_completes<  zPyJWS.decode_completercKs>|r"tjdt|tdd|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r_r`)r^r9)rbrcrdrrri)r r]r!rrr^rhdecodedr"r"r#rVs   z PyJWS.decode)r]rcCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete r_)rerM)r r]r;r"r"r#get_unverified_headers zPyJWS.get_unverified_headerz*tuple[bytes, bytes, dict[str, Any], bytes]c Cst|tr|d}t|ts,tdtz$|dd\}}|dd\}}Wn.ty~}ztd|WYd}~n d}~00z t|}Wn4t t j fy}ztd|WYd}~n d}~00zt |}Wn6ty} ztd| | WYd} ~ n d} ~ 00t|tstdz t|} Wn6t t j fy^}ztd |WYd}~n d}~00z t|} Wn6t t j fy}ztd |WYd}~n d}~00| ||| fS) NrIz$Invalid token type. Token must be a rGrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r*r&rQr7r rfsplitr)rr+binasciiErrorrOloadsdict) r r]rYZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarXr5r9rZr"r"r#res8      &     z PyJWS._load)rYrXrZr!rrc Cs|durt|tr|jg}z |d}WntyBtddYn0|rX|dur`||vr`tdt|trx|j}|j}nHz||}Wn.ty} ztd| WYd} ~ n d} ~ 00| |}| |||st ddS)Nr?zAlgorithm not specifiedz&The specified alg value is not allowedr3zSignature verification failed) r*r rJr.r rr!r6r4rTverifyr) r rYrXrZr!rr?r(Z prepared_keyr5r"r"r#rg+s$     zPyJWS._verify_signature)r;rcCsd|vr||ddS)Nkid) _validate_kid)r r;r"r"r#rMJszPyJWS._validate_headers)rsrcCst|tstddS)Nz(Key ID header parameter must be a string)r*r&r)r rsr"r"r#rtNs zPyJWS._validate_kid)NN)NNNFT)r\NNN)r\NNN)r\N)__name__ __module__ __qualname__rLr$ staticmethodrr-r0r1r6rQrirVrkrergrMrtr"r"r"r#rsB P1 +r)% __future__rrmrOrbcollections.abcrtypingrrrrrr r Zapi_jwkr exceptionsr r rrutilsrrrrrrZ_jws_global_objrQrirVr-r0r6rkr"r"r"r#s.    8