a `mg@sddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z m Z ddlmZmZde jfdd Zd"d d Zd dZddZddZd#ddZddZddZddZddZddZd$d d!ZdS)%N)IterableMapping)jwk)Key) ALGORITHMS)JWSErrorJWSSignatureError)base64url_decodebase64url_encodecCs<|tjvrtd|t||d}t|}t||||}|S)awSigns a claims set and returns a JWS string. Args: payload (str or dict): A string to sign key (str or dict): The key to use for signing the claim set. Can be individual JWK or JWK set. headers (dict, optional): A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers. algorithm (str, optional): The algorithm to use for signing the the claims. Defaults to HS256. Returns: str: The string representation of the header, claims, and signature. Raises: JWSError: If there is an error signing the token. Examples: >>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256') 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' zAlgorithm %s not supported.)additional_headers)rZ SUPPORTEDr_encode_header_encode_payload_sign_header_and_claims)payloadkeyheaders algorithmencoded_headerZencoded_payloadZ signed_outputr?/var/www/html/idle/venv/lib/python3.9/site-packages/jose/jws.pysign s    rTcCs(t|\}}}}|r$t||||||S)aVerifies a JWS string's signature. Args: token (str): A signed JWS to be verified. key (str or dict): A key to attempt to verify the payload with. Can be individual JWK or JWK set. algorithms (str or list): Valid algorithms that should be used to verify the JWS. Returns: str: The str representation of the payload, assuming the signature is valid. Raises: JWSError: If there is an exception verifying a token. Examples: >>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' >>> jws.verify(token, 'secret', algorithms='HS256') )_load_verify_signature)tokenr algorithmsverifyheaderr signing_input signaturerrrr0srcCst|\}}}}|S)a!Returns the decoded headers without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. rrrZclaimsrrrrrget_unverified_headerNs r!cCst|S)a{Returns the decoded headers without verification of any kind. This is simply a wrapper of get_unverified_header() for backwards compatibility. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. )r!)rrrrget_unverified_headers^sr"cCst|\}}}}|S)aReturns the decoded claims without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: str: The str representation of the token claims. Raises: JWSError: If there is an exception decoding the token. rr rrrget_unverified_claimsps r#cCs6d|d}|r||tj|dddd}t|S)NZJWT)typalg,:T) separators sort_keysutf-8)updatejsondumpsencoder )rr rZ json_headerrrrr s  r cCs>t|tr6ztj|ddd}Wnty4Yn0t|S)Nr&)r)r+) isinstancerr-r.r/ ValueErrorr )rrrrr s  r c Csd||g}z$t|ts&t||}||}Wn,ty^}zt|WYd}~n d}~00t|}d|||g}| dS)N.r+) joinr0rr constructr Exceptionrr decode) rZencoded_claimsrrrreZencoded_signatureencoded_stringrrrrs  rc Cs<t|tr|d}z,|dd\}}|dd\}}t|}Wn8tyZtdYn tt j fyxtdYn0zt | d}Wn0ty}ztd|WYd}~n d}~00t|tstdz t|}Wn tt j fytdYn0z t|} Wn"tt j fy.td Yn0|||| fS) Nr+r2zNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r0strr/rsplitsplitr r1r TypeErrorbinasciiErrorr-loadsr6r) ZjwtrZcrypto_segmentZheader_segmentZclaims_segmentZ header_datarr7rrrrrrs2     "   rc CsP|D]F}t|tst||}z|||r4WdSWqtyHYq0qdS)NTF)r0rrr4rr5)keysrrr%rrrr_sig_matches_keyss     rBcCst|tr|fSztj|ttd}Wnty6Yn0t|trxd|vrR|dSd|vr`|fS|}|rp|S|fSn(t|trt|tst|t s|S|fSdS)N) parse_int parse_floatrAZkty) r0rr-r@r:r5rvaluesrbytes)rrErrr _get_keyss$   rGcCs|d}|std|dur.||vr.tdt|}zt||||sLtWn6tyhtdYntytd|Yn0dS)Nr%z-No algorithm was specified in the JWS header.z&The specified alg value is not allowedzSignature verification failed.z$Invalid or unsupported algorithm: %s)getrrGrBr)rrrrrr%rArrrrs     r)T)N)rHN)r>r-collections.abcrrZjoserZjose.backends.baserZjose.constantsrZjose.exceptionsrrZ jose.utilsr r ZHS256rrr!r"r#r r rrrBrGrrrrrs&   $   ! !