U d[+@sddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z m Z ddl mZmZmZmZddlmZmZddlmZerdd lmZmZGd d d ZeZejZejZejZejZejZejZej Z dS) ) annotationsN) TYPE_CHECKINGAny) Algorithmget_default_algorithms has_cryptorequires_cryptography) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc @s"eZdZdZd@ddddddZed d d d Zd dddddZd ddddZdd ddZ d ddddZ dAddd dd!d"d"d d#d$d%Z dBd'd(ddd)d*d+d,d-Z dCd'd(ddd)d.d+d/d0Z d'd*d1d2d3Zd'd4d1d5d6ZdDdd*dd(ddd7d8d9Zd*dd:d;d<Zd.dd=d>d?ZdS)EPyJWSZJWTNzlist[str] | Nonezdict[str, Any] | NoneNone) algorithmsoptionsreturncCsht|_|dk rt|nt|j|_t|jD]}||jkr2|j|=q2|dkrVi}|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsr)selfrrkeyr //tmp/pip-unpacked-wheel-z041_nl0/jwt/api_jws.py__init__s  zPyJWS.__init__zdict[str, bool])rcCsddiS)Nverify_signatureTr r r r r!r1szPyJWS._get_default_optionsstrr)alg_idalg_objrcCs>||jkrtdt|ts$td||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)rr%r&r r r!register_algorithm5s    zPyJWS.register_algorithm)r%rcCs*||jkrtd|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr%r r r!unregister_algorithmBs  zPyJWS.unregister_algorithmz list[str]cCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rr r r!get_algorithmsPszPyJWS.get_algorithms)alg_namerc Cs\z |j|WStk rV}z,ts<|tkr>> jws_obj.get_algorithm_by_name("RS256") z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)rr,rr NotImplementedError)rr0er r r!get_algorithm_by_nameVs   zPyJWS.get_algorithm_by_nameHS256FTbytesz AllowedPrivateKeys | str | bytesz str | Noneztype[json.JSONEncoder] | Nonebool)payloadr algorithmheaders json_encoderis_payload_detached sort_headersrcCs,g}|dk r|nd} |rD|d} | r.|d} |d} | dkrDd}|j| d} |rh||| || dsv| d=|rd| d<nd| kr| d=tj| d||d } |t| |r|}nt|}||d |}| | }| |}| ||}|t||rd |d <d |}| d S)Nnonealgb64FT)typr?rA),:) separatorscls sort_keys.rutf-8)get header_typ_validate_headersupdatejsondumpsencodeappendrjoinr4 prepare_keysigndecode)rr8rr9r:r;r<r=segmentsZ algorithm_Z headers_algZ headers_b64headerZ json_headerZ msg_payload signing_inputr& signatureencoded_stringr r r!rPgsN              z PyJWS.encodez str | byteszAllowedPublicKeys | str | bytesz bytes | Nonezdict[str, Any])jwtrrrdetached_payloadrc Ks|rtdt|t|dkr*i}|j|}|d}|rL|sLtd||\} } } } | dddkr|dkr~td|} d | dd d | g} |r| | | | ||| | | d S) Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r#z\It is required that you pass in a value for the "algorithms" argument when calling decode().r@TFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rGrr)r8rWrY) warningswarntuplerrrr _loadrJrRrsplit_verify_signature) rr\rrrr]kwargsZmerged_optionsr#r8rXrWrYr r r!decode_completes6  zPyJWS.decode_completercKs:|rtdt|t|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )r]r8)r^r_r`rrre)rr\rrrr]rddecodedr r r!rUs z PyJWS.decode)r\rcCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete )rarL)rr\r:r r r!get_unverified_headers zPyJWS.get_unverified_headerz*tuple[bytes, bytes, dict[str, Any], bytes]c Cst|tr|d}t|ts,tdtz$|dd\}}|dd\}}Wn,tk r|}ztd|W5d}~XYnXz t|}Wn2t t j fk r}ztd|W5d}~XYnXzt |}Wn2tk r} ztd| | W5d} ~ XYnXt|tstdz t|} Wn4t t j fk rT}ztd |W5d}~XYnXz t|} Wn4t t j fk r}ztd |W5d}~XYnX| ||| fS) NrIz$Invalid token type. Token must be a rGrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r(r$rPr6r rbsplitr'rr)binasciiErrorrNloadsdict) rr\rXZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarWr3r8rYr r r!ras8    "   z PyJWS._load)rXrWrYrrrc Csz |d}Wntk r(tdYnX|r>|dk rF||krFtdz||}Wn,tk r}ztd|W5d}~XYnX||} ||| |stddS)Nr?zAlgorithm not specifiedz&The specified alg value is not allowedr1zSignature verification failed)r,r r4r2rSverifyr ) rrXrWrYrrr?r&r3Z prepared_keyr r r!rcs  zPyJWS._verify_signature)r:rcCsd|kr||ddS)Nkid) _validate_kid)rr:r r r!rL8szPyJWS._validate_headers)rprcCst|tstddS)Nz(Key ID header parameter must be a string)r(r$r )rrpr r r!rq<s zPyJWS._validate_kid)NN)r5NNFT)r[NNN)r[NNN)r[N)__name__ __module__ __qualname__rKr" staticmethodrr+r.r/r4rPrerUrhrarcrLrqr r r r!rsB H0 +r)! __future__rrjrNr^typingrrrrrrr exceptionsr r r r utilsrrrrrrZ_jws_global_objrPrerUr+r.r4rhr r r r!s*  (