o ¥ i˜5ã@sÞddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z dd lm Z dd lm Z dd l m Z dd l mZdd l mZddlmZddlmZGdd„dƒZdd„Zdd„Zdd„ZdS)é)Újson_b64encode)Úto_bytes)Ú to_unicode)Úurlsafe_b64encode)ÚBadSignatureError)Ú DecodeError)Ú#InvalidCritHeaderParameterNameError©ÚInvalidHeaderParameterNameError)ÚMissingAlgorithmError)ÚUnsupportedAlgorithmError)Ú ensure_dict)Úextract_header)Úextract_segmenté)Ú JWSHeader)Ú JWSObjectc@sžeZdZUegd¢ƒZdZeed<iZddd„Z e dd„ƒZ d d „Z d d d „Z d d„Zd dd„Zdd„Zd dd„Zdd„Zdd„Zdd„Zdd„Zdd„ZdS)!ÚJsonWebSignature) ÚalgÚjkuÚjwkÚkidÚx5uÚx5cÚx5tzx5t#S256ÚtypÚctyÚcritièÚMAX_CONTENT_LENGTHNcCs||_||_dS©N)Ú_private_headersÚ _algorithms)ÚselfÚ algorithmsÚprivate_headers©r%ú^/var/www/html/karishye-ai-python/venv/lib/python3.10/site-packages/authlib/jose/rfc7515/jws.pyÚ__init__*s zJsonWebSignature.__init__cCs,|r|jdkrtd|›ƒ‚||j|j<dS)NÚJWSzInvalid algorithm for JWS, )Úalgorithm_typeÚ ValueErrorÚALGORITHMS_REGISTRYÚname)ÚclsÚ algorithmr%r%r&Úregister_algorithm.sz#JsonWebSignature.register_algorithmc Cstt|dƒ}| |¡| |¡| |||¡\}}t|jƒ}tt|ƒƒ}d ||g¡}t|  ||¡ƒ} d ||| g¡S)a"Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per `Section 7.1`_. .. code-block:: text BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) :param protected: A dict of protected header :param payload: A bytes/string of payload :param key: Private key used to generate signature :return: byte Nó.) rÚ_validate_private_headersÚ_validate_crit_headersÚ_prepare_algorithm_keyrÚ protectedrrÚjoinÚsign) r"r4ÚpayloadÚkeyÚ jws_headerr.Úprotected_segmentÚpayload_segmentÚ signing_inputÚ signaturer%r%r&Úserialize_compact4s     z"JsonWebSignature.serialize_compactc CsÖt|ƒ|jkr tdƒ‚zt|ƒ}| dd¡\}}| dd¡\}}Wnty2}ztdƒ|‚d}~wwt|ƒ} | | ¡t | dƒ} t |ƒ} |rK|| ƒ} t |ƒ} t | | dƒ} |  | | |¡\}}| || |¡rg| St| ƒ‚)aúExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 zSerialization is too long.r0rzNot enough segmentsNÚcompact)Úlenrr*rÚrsplitÚsplitrÚ_extract_headerr2rÚ_extract_payloadÚ_extract_signaturerr3Úverifyr)r"Úsr8Údecoder<Úsignature_segmentr:r;Úexcr4r9r7r=Úrvr.r%r%r&Údeserialize_compactQs,  €ÿ   z$JsonWebSignature.deserialize_compactcsbtˆƒ‰‡‡‡‡fdd„‰t|tƒr!ˆt |¡ƒ}tˆƒ|d<|S‡fdd„|Dƒ}tˆƒ|dœS)ažGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. cs†ˆ |¡ˆ |j¡ˆ |j¡ˆ |ˆˆ¡\}}t|jƒ}d |ˆg¡}t|  ||¡ƒ}t |ƒt |ƒdœ}|jdurA|j|d<|S)Nr0)r4r=Úheader) r1Ú_reject_unprotected_critrMr2r4r3rr5rr6r)r9Ú_algÚ_keyr:r<r=rK)r8r7r;r"r%r&Ú_signs    þ  z.JsonWebSignature.serialize_json.._signr7csg|] }ˆt |¡ƒ‘qSr%)rÚ from_dict)Ú.0Úh)rQr%r&Ú §sz3JsonWebSignature.serialize_json..)r7Ú signatures)rÚ isinstanceÚdictrrRr)r"Ú header_objr7r8ÚdatarVr%)rQr8r7r;r"r&Úserialize_jsonws  zJsonWebSignature.serialize_jsonc CsÐt|dƒ}| d¡}|durtdƒ‚t|ƒ}t|ƒ}|r ||ƒ}d|vr<| ||||¡\}}t||dƒ}|r8|St|ƒ‚g} d} |dD]} | ||| |¡\}}|  |¡|sYd} qDt| |d ƒ}| rd|St|ƒ‚) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r(r7NzMissing "payload" valuerVÚflatTFÚjson) r ÚgetrrrDÚ_validate_json_jwsrrÚappend) r"Úobjr8rHr;r7r9ÚvalidrKÚheadersÚis_validrYr%r%r&Údeserialize_jsonªs< ÿ  ÿ € z!JsonWebSignature.deserialize_jsoncCs@t|ttfƒr| |||¡Sd|vr| |||¡S| |||¡S)aØGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r4)rWÚlistÚtupler[r>)r"rMr7r8r%r%r&Ú serializeÜs  zJsonWebSignature.serializecCsPt|tƒr | |||¡St|ƒ}| d¡r!| d¡r!| |||¡S| |||¡S)aÖDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. ó{ó})rWrXrerÚ startswithÚendswithrL)r"rGr8rHr%r%r&Ú deserializeîs zJsonWebSignature.deserializecCsˆd|vrtƒ‚|d}|jdur||jvrtƒ‚||jvr tƒ‚|j|}t|ƒr/|||ƒ}n |dur;d|vr;|d}| |¡}||fS)Nrr)r r!r r+ÚcallableÚ prepare_key)r"rMr7r8rr.r%r%r&r3s    z'JsonWebSignature._prepare_algorithm_keycCsB|jdur|j ¡}| |j¡}|D] }||vrt|ƒ‚qdSdSr)r Ú!REGISTERED_HEADER_PARAMETER_NAMESÚcopyÚunionr )r"rMÚnamesÚkr%r%r&r1s   ÿûz*JsonWebSignature._validate_private_headerscCs|r d|vr tdƒ‚dSdS)uGReject 'crit' when found in the unprotected header (RFC 7515 §4.1.11).rNr )r"Úunprotected_headerr%r%r&rN s ÿz)JsonWebSignature._reject_unprotected_critcCs‚d|vr=|d}t|tƒrtdd„|Dƒƒstdƒ‚|j ¡}|jr(| |j¡}|D]}||vr4t|ƒ‚||vr)s€  ÿz:JsonWebSignature._validate_crit_headers..) rWrfÚallr rprqr rrr)r"rMÚ crit_headersrsrtr%r%r&r2%s"ÿ  ÿó z'JsonWebSignature._validate_crit_headersc CsÄ| d¡}|s tdƒ‚| d¡}|stdƒ‚t|ƒ}t|ƒ}| d¡}|r.t|tƒs.tdƒ‚| |¡| |¡t||ƒ} |  | ||¡\} }d  ||g¡} t t|ƒƒ} |   | | |¡r^| dfS| d fS) Nr4zMissing "protected" valuer=zMissing "signature" valuerMzInvalid "header" valuer0TF) r^rrrCrWrXrNr2rr3r5rErF) r"r;r7rYr8r:rIr4rMr9r.r<r=r%r%r&r_6s(       z#JsonWebSignature._validate_json_jws)NNr)Ú__name__Ú __module__Ú __qualname__Ú frozensetrprÚintÚ__annotations__r+r'Ú classmethodr/r>rLr[rerhrmr3r1rNr2r_r%r%r%r&rs( ÿ    & 32   rcCs t|tƒSr)rr)Úheader_segmentr%r%r&rCUs rCcCó t|tdƒS)Nr=©rr)rIr%r%r&rEYó rEcCrƒ)Nr7r„)r;r%r%r&rD]r…rDN)Úauthlib.common.encodingrrrrÚauthlib.jose.errorsrrrr r r Úauthlib.jose.utilr rrÚmodelsrrrrCrErDr%r%r%r&Ús*              D