Ki5ddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z dd lm Z dd lm Z dd l m Z dd l mZdd l mZddlmZddlmZGddZdZdZdZy))json_b64encode)to_bytes) to_unicode)urlsafe_b64encode)BadSignatureError) DecodeError)#InvalidCritHeaderParameterNameErrorInvalidHeaderParameterNameError)MissingAlgorithmError)UnsupportedAlgorithmError) ensure_dict)extract_header)extract_segment) JWSHeader) JWSObjectceZdZUegdZdZeed<iZddZ e dZ dZ ddZ d Zdd Zd Zdd Zd ZdZdZdZdZy)JsonWebSignature) algjkujwkkidx5ux5cx5tzx5t#S256typctycritiMAX_CONTENT_LENGTHNc ||_||_yN)_private_headers _algorithms)self algorithmsprivate_headerss d/home/jay/workspace/scripts/.codegraph-venv/lib/python3.12/site-packages/authlib/jose/rfc7515/jws.py__init__zJsonWebSignature.__init__*s /%ct|r|jdk7rtd|||j|j<y)NJWSzInvalid algorithm for JWS, )algorithm_type ValueErrorALGORITHMS_REGISTRYname)cls algorithms r(register_algorithmz#JsonWebSignature.register_algorithm.s9I44=:9-HI I2; /r*c`t|d}|j||j||j|||\}}t |j }t t|}dj||g}t |j||} dj||| gS)a"Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per `Section 7.1`_. .. code-block:: text BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) :param protected: A dict of protected header :param payload: A bytes/string of payload :param key: Private key used to generate signature :return: byte N.) r_validate_private_headers_validate_crit_headers_prepare_algorithm_keyr protectedrrjoinsign) r%r9payloadkey jws_headerr2protected_segmentpayload_segment signing_input signatures r(serialize_compactz"JsonWebSignature.serialize_compact4s y$/  &&y1 ##I.44YM 3*:+?+?@+HW,=> #4o"FG %inn]C&HI yy+_iHIIr*ct||jkDr td t|}|j dd\}}|j dd\}}t|} |j| t| d} t|} |r|| } t|} t| | d} |j| | |\}}|j|| |r| St| #t$r}t d|d}~wwxYw)aExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 zSerialization is too long.r5rzNot enough segmentsNcompact)lenr r.rrsplitsplitr_extract_headerr7r_extract_payload_extract_signaturerr8verifyr)r%sr=decoderAsignature_segmentr?r@excr9r>r<rBrvr2s r(deserialize_compactz$JsonWebSignature.deserialize_compactQs q6D++ +9: : > A/0xxa/@ ,M,1>1D1DT11M . $$56  ##I.y$/ "?3 WoG&'89 z7I 644Z#N 3   M9c :I##! >34# = >s5C%% C?. C::C?ctfd}t|tr+|tj|}t |d<|S|Dcgc]}|tj|}}t |dScc}w)aGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. c j| j|j j|j j |\}}t |j}dj| g}t|j||}t|t|d}|j|j|d<|S)Nr5)r9rBheader) r6_reject_unprotected_critrUr7r9r8rr:rr;r) r>_alg_keyr?rArBrQr=r<r@r%s r(_signz.JsonWebSignature.serialize_json.._signs  * *: 6  ) )**;*; <  ' ' (<(< =44Z#NJD$ .z/C/C D  II'8/&JKM)$))M4*HII((9:' 2B  ,)008 Ir*r<)r< signatures)r isinstancedictr from_dictr) r% header_objr<r=rYdatahrZr@s ` `` @r(serialize_jsonzJsonWebSignature.serialize_jsonws()1 * j$ ',,Z89D(9DOK=GHeI//23H H%o6jQQIs"B ct|d}|jd}| tdt|}t |}|r||}d|vr3|j ||||\}}t ||d}|r|St|g} d} |dD]/} |j ||| |\}}| j||r.d} 1t | |d}| r|St|) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r,r<zMissing "payload" valuerZflatTFjson) rgetrrrJ_validate_json_jwsrrappend) r%objr=rNr@r<r>validrQheadersis_validr^s r(deserialize_jsonz!JsonWebSignature.deserialize_jsons#u%''),  "78 8"?3"?3 WoG s " $ 7 7#s! J:w7B #B' 'l+ !J $ 7 7*c! J NN: &   !w 0 I##r*ct|ttfr|j|||Sd|vr|j|||S|j |||S)aGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r9)r[listtuplerarC)r%rUr<r=s r( serializezJsonWebSignature.serializesY ftUm ,&&vw< < & &&vw< <%%fgs;;r*ct|tr|j|||St|}|j dr$|j dr|j|||S|j |||S)aDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. {})r[r\rlr startswithendswithrR)r%rMr=rNs r( deserializezJsonWebSignature.deserializesm a ((C8 8 QK << !**T"2((C8 8''377r*c<d|vr t|d}||jvr t|j|}|j|jr"t||jvr tt |r |||}|j |}||fS)Nr)r r/r r$ deprecatedcallable prepare_key)r%rUr<r=rr2s r(r8z'JsonWebSignature._prepare_algorithm_keys  ') )Um d.. .+- -,,S1    ###/11 (( (+- - C=fg&C##C(#~r*c|jL|jj}|j|j}|D]}||vst |yyr")r#!REGISTERED_HEADER_PARAMETER_NAMEScopyunionr )r%rUnamesks r(r6z*JsonWebSignature._validate_private_headerss^  ,::??AEKK 5 56E =E>9!<< = -r*c(|rd|vr tdyy)uGReject 'crit' when found in the unprotected header (RFC 7515 §4.1.11).rNr )r%unprotected_headers r(rVz)JsonWebSignature._reject_unprotected_crit"s &,>">1&9 9#? r*c>d|vr|d}t|trtd|Ds td|jj }|j r|j|j }|D] }||vr t|||vst|yy)Nrc3<K|]}t|tywr")r[str).0xs r( z:JsonWebSignature._validate_crit_headers..+s='( 1c"=s) r[rnallr r|r}r#r~r )r%rU crit_headersrrs r(r7z'JsonWebSignature._validate_crit_headers's V !&>LlD1=,8=:6f==::??AE$$ D$9$9:! AE>=a@@f_=a@@  A r*c|jd}|s td|jd}|s tdt|}t|}|jd}|rt |t s td|j ||j|t||} |j| ||\} }dj||g} tt|} | j| | |r| dfS| d fS) Nr9zMissing "protected" valuerBzMissing "signature" valuerUzInvalid "header" valuer5TF) rerrrIr[r\rVr7rr8r:rKrL) r%r@r<r^r=r?rOr9rUr>r2rArBs r(rfz#JsonWebSignature._validate_json_jws8s &NN;7 9: :&NN;7 9: :$%67#$56 ) *VT267 7 %%f- ##I.y&1 44Z#N 3 #4o"FG &x0A'BC   M9c :t# #5  r*)NNr")__name__ __module__ __qualname__ frozensetr|r int__annotations__r/r) classmethodr3rCrRrarlrprvr8r6rVr7rfr*r(rrs}(1 )% %$&<< J:$$L1Rf0$d<$8*( =: A"!r*rc"t|tSr")rr)header_segments r(rIrIWs .+ 66r*c$t|tdS)NrBrr)rOs r(rKrK[s ,k; GGr*c$t|tdS)Nr<r)r@s r(rJrJ_s ?K CCr*N)authlib.common.encodingrrrrauthlib.jose.errorsrrr r r r authlib.jose.utilrrrmodelsrrrrIrKrJrr*r(rsP2,.51+C?59),-A!A!H 7HDr*