([f,ddlmZmZmZmZddlmZmZmZddl m Z m Z m Z m Z mZddlmZmZGddZdZd Zd Zd S) )to_bytes to_unicodeurlsafe_b64encodejson_b64encode)extract_headerextract_segment ensure_dict) DecodeErrorMissingAlgorithmErrorUnsupportedAlgorithmErrorBadSignatureErrorInvalidHeaderParameterNameError) JWSHeader JWSObjectceZdZegdZiZddZedZdZ ddZ dZ ddZ d Z dd Zd Zd Zd ZdS)JsonWebSignature) algjkujwkkidx5ux5cx5tzx5t#S256typctycritNc"||_||_dSN)_private_headers _algorithms)self algorithmsprivate_headerss L/var/www/piapp/venv/lib/python3.11/site-packages/authlib/jose/rfc7515/jws.py__init__zJsonWebSignature.__init__!s /%cb|r |jdkrtd|||j|j<dS)NJWSzInvalid algorithm for JWS, )algorithm_type ValueErrorALGORITHMS_REGISTRYname)cls algorithms r%register_algorithmz#JsonWebSignature.register_algorithm%sI =I4==;i;;== =2; ///r'ct|d}||||||\}}t|j}t t |}d||g}t |||} d||| gS)a"Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per `Section 7.1`_. .. code-block:: text BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) :param protected: A dict of protected header :param payload: A bytes/string of payload :param key: Private key used to generate signature :return: byte N.) r_validate_private_headers_prepare_algorithm_keyr protectedrrjoinsign) r"r5payloadkey jws_headerr/protected_segmentpayload_segment signing_input signatures r%serialize_compactz"JsonWebSignature.serialize_compact,s y$//  &&y11144YMM 3*:+?@@+HW,=,=>> #4o"FGG %inn]C&H&HII yy+_iHIIIr'c t|}|dd\}}|dd\}}n#t$rt dwxYwt |}t |d} t|} |r || } t|} t| | d} | | | |\} }| || |r| St| )aExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 r2rzNot enough segmentsNcompact) rrsplitsplitr+r _extract_headerr_extract_payload_extract_signaturerr4verifyr )r"sr9decoder=signature_segmentr;r<r5r:r8r>rvr/s r%deserialize_compactz$JsonWebSignature.deserialize_compactHs 5 A/0xxa/@/@ ,M,1>1D1DT11M1M .  5 5 5344 4 5$$566 y$// "?33  &fWooG&'899 z7I 6 644Z#NN 3   M9c : : I###s AAActfdt|tr1tj|}t |d<|Sfd|D}t |dS)aGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. cb | |\}}t|j}d| g}t |||}t|t|d}|j |j|d<|S)Nr2)r5r>header) r3r4rr5r6rr7rrO) r:_alg_keyr;r=r>rKr9r8r<r"s r%_signz.JsonWebSignature.serialize_json.._signs  * *: 6 6 644Z#NNJD$ .z/C D D  II'8/&JKKM)$))M4*H*HIII((9::' 22B ,)08 Ir'r8cJg|]}tj| S)r from_dict).0hrRs r% z3JsonWebSignature.serialize_json..s.HHHeeI/2233HHHr')r8 signatures)r isinstancedictrrUr)r" header_objr8r9datarYrRr<s` `` @@r%serialize_jsonzJsonWebSignature.serialize_jsonjs()11         j$ ' ' 5,Z8899D(99DOKHHHHZHHH !/22$   r'ct|d}|d}|tdt|}t |}|r ||}d|vr?|||||\}}t ||d}|r|St|g} d} |dD]6} |||| |\}}| ||sd} 7t | |d }| r|St|) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r)r8NzMissing "payload" valuerYflatTFjson) r getr rrE_validate_json_jwsrr append) r"objr9rIr<r8r:validrKheadersis_validr\s r%deserialize_jsonz!JsonWebSignature.deserialize_jsonsQ#u%%''),,  "788 8"?33"?33  &fWooG s " " $ 7 7#s!4!4 J:w77B  #B'' 'l+ ! !J $ 7 7*c!;!; J NN: & & & !  w 0 0  I###r'ct|ttfr||||Sd|vr||||S||||S)aGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r5)rZlisttupler^r?)r"rOr8r9s r% serializezJsonWebSignature.serializesm ftUm , , =&&vw<< < & &&vw<< <%%fgs;;;r'c(t|tr||||St|}|dr,|dr||||S||||S)aDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. {})rZr[rir startswithendswithrL)r"rHr9rIs r% deserializezJsonWebSignature.deserializes a   9((C88 8 QKK <<   9!**T"2"2 9((C88 8''3777r'c@d|vrt|d}|j||jvrt||jvrt|j|}t |r |||}n| d|vr|d}||}||fS)Nrr)r r!r r,callable prepare_key)r"rOr8r9rr/s r%r4z'JsonWebSignature._prepare_algorithm_keys   ')) )Um   'Ct7G,G,G+-- - d. . .+-- -,S1 C== #fg&&CC [Uf__-C##C((#~r'c|jK|j}||j}|D]}||vrt |dSdSr)r !REGISTERED_HEADER_PARAMETER_NAMEScopyunionr)r"rOnamesks r%r3z*JsonWebSignature._validate_private_headerssr  ,:??AAEKK 566E = =E>>9!<<<" - , = =r'cD|d}|std|d}|stdt|}t|}|d}|r$t |t stdt ||} || ||\} }d||g} tt|} | | | |r| dfS| d fS) Nr5zMissing "protected" valuer>zMissing "signature" valuerOzInvalid "header" valuer2TF) rbr rrDrZr[rr4r6rFrG) r"r<r8r\r9r;rJr5rOr:r/r=r>s r%rcz#JsonWebSignature._validate_json_jwss1&NN;77  ;9:: :&NN;77  ;9:: :$%677#$566 ))  8*VT22 8677 7y&11 44Z#NN 3 #4o"FGG &x0A'B'BCC   M9c : : $t# #5  r')NNr)__name__ __module__ __qualname__ frozensetrxr,r& classmethodr0r?rLr^rirmrsr4r3rcrTr'r%rrs )2 333))%&&&&<<[< JJJ8 $ $ $ $D/ / / b.$.$.$.$`<<<$8888*$ = = =!!!!!r'rc,t|tSr)rr )header_segments r%rDrD's .+ 6 66r'c.t|tdS)Nr>rr )rJs r%rFrF+s ,k; G GGr'c.t|tdS)Nr8r)r<s r%rErE/s ?K C CCr'N)authlib.common.encodingrrrrauthlib.jose.utilrrr authlib.jose.errorsr r r r rmodelsrrrrDrFrErTr'r%rsC )(((((((O!O!O!O!O!O!O!O!d777HHHDDDDDr'