Ld,ddlmZmZmZmZddlmZmZmZddl m Z m Z m Z m Z mZddlmZmZGddeZdZd Zd Zd S) )to_bytes to_unicodeurlsafe_b64encodejson_b64encode)extract_headerextract_segment ensure_dict) DecodeErrorMissingAlgorithmErrorUnsupportedAlgorithmErrorBadSignatureErrorInvalidHeaderParameterNameError) JWSHeader JWSObjectceZdZegdZiZddZedZdZ ddZ dZ ddZ d Z dd Zd Zd Zd ZdS)JsonWebSignature) algjkujwkkidx5ux5cx5tzx5t#S256typctycritNc"||_||_dSN)_private_headers _algorithms)self algorithmsprivate_headerss >F:\djangOuth\env\Lib\site-packages\authlib/jose/rfc7515/jws.py__init__zJsonWebSignature.__init__!s /%c|r |jdkr"td|||j|j<dS)NJWSzInvalid algorithm for JWS, {!r})algorithm_type ValueErrorformatALGORITHMS_REGISTRYname)cls algorithms r%register_algorithmz#JsonWebSignature.register_algorithm%sS EI4==188CCEE E2; ///r'ct|d}||||||\}}t|j}t t |}d||g}t |||} d||| gS)a"Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per `Section 7.1`_. .. code-block:: text BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) :param protected: A dict of protected header :param payload: A bytes/string of payload :param key: Private key used to generate signature :return: byte N.) r_validate_private_headers_prepare_algorithm_keyr protectedrrjoinsign) r"r6payloadkey jws_headerr0protected_segmentpayload_segment signing_input signatures r%serialize_compactz"JsonWebSignature.serialize_compact,s y$//  &&y11144YMM 3*:+?@@+HW,=,=>> #4o"FGG %inn]C&H&HII yy+_iHIIIr'c t|}|dd\}}|dd\}}n#t$rt dwxYwt |}t |d} t|} |r || } t|} t| | d} | | | |\} }| || |r| St| )aExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 r3rzNot enough segmentsNcompact) rrsplitsplitr+r _extract_headerr_extract_payload_extract_signaturerr5verifyr )r"sr:decoder>signature_segmentr<r=r6r;r9r?rvr0s r%deserialize_compactz$JsonWebSignature.deserialize_compactHs 5 A/0xxa/@/@ ,M,1>1D1DT11M1M .  5 5 5344 4 5$$566 y$// "?33  &fWooG&'899 z7I 6 644Z#NN 3   M9c : : I###s AAActfdt|tr1tj|}t |d<|Sfd|D}t |dS)aGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. cb | |\}}t|j}d| g}t |||}t|t|d}|j |j|d<|S)Nr3)r6r?header) r4r5rr6r7rr8rrP) r;_alg_keyr<r>r?rLr:r9r=r"s r%_signz.JsonWebSignature.serialize_json.._signs  * *: 6 6 644Z#NNJD$ .z/C D D  II'8/&JKKM)$))M4*H*HIII((9::' 22B ,)08 Ir'r9cJg|]}tj| S)r from_dict).0hrSs r% z3JsonWebSignature.serialize_json..s.HHHeeI/2233HHHr')r9 signatures)r isinstancedictrrVr)r" header_objr9r:datarZrSr=s` `` @@r%serialize_jsonzJsonWebSignature.serialize_jsonjs()11         j$ ' ' 5,Z8899D(99DOKHHHHZHHH !/22$   r'ct|d}|d}|tdt|}t |}|r ||}d|vr?|||||\}}t ||d}|r|St|g} d} |dD]6} |||| |\}}| ||sd} 7t | |d }| r|St|) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r)r9NzMissing "payload" valuerZflatTFjson) r getr rrF_validate_json_jwsrr append) r"objr:rJr=r9r;validrLheadersis_validr]s r%deserialize_jsonz!JsonWebSignature.deserialize_jsonsQ#u%%''),,  "788 8"?33"?33  &fWooG s " " $ 7 7#s!4!4 J:w77B  #B'' 'l+ ! !J $ 7 7*c!;!; J NN: & & & !  w 0 0  I###r'ct|ttfr||||Sd|vr||||S||||S)aGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r6)r[listtupler_r@)r"rPr9r:s r% serializezJsonWebSignature.serializesm ftUm , , =&&vw<< < & &&vw<< <%%fgs;;;r'c(t|tr||||St|}|dr,|dr||||S||||S)aDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. {})r[r\rjr startswithendswithrM)r"rIr:rJs r% deserializezJsonWebSignature.deserializes a   9((C88 8 QKK <<   9!**T"2"2 9((C88 8''3777r'c@d|vrt|d}|j||jvrt||jvrt|j|}t |r |||}n| d|vr|d}||}||fS)Nrr)r r!r r-callable prepare_key)r"rPr9r:rr0s r%r5z'JsonWebSignature._prepare_algorithm_keys   ')) )Um   'Ct7G,G,G+-- - d. . .+-- -,S1 C== #fg&&CC [Uf__-C##C((#~r'c|jK|j}||j}|D]}||vrt |dSdSr)r !REGISTERED_HEADER_PARAMETER_NAMEScopyunionr)r"rPnamesks r%r4z*JsonWebSignature._validate_private_headerssr  ,:??AAEKK 566E = =E>>9!<<<" - , = =r'cD|d}|std|d}|stdt|}t|}|d}|r$t |t stdt ||} || ||\} }d||g} tt|} | | | |r| dfS| d fS) Nr6zMissing "protected" valuer?zMissing "signature" valuerPzInvalid "header" valuer3TF) rcr rrEr[r\rr5r7rGrH) r"r=r9r]r:r<rKr6rPr;r0r>r?s r%rdz#JsonWebSignature._validate_json_jwss1&NN;77  ;9:: :&NN;77  ;9:: :$%677#$566 ))  8*VT22 8677 7y&11 44Z#NN 3 #4o"FGG &x0A'B'BCC   M9c : : $t# #5  r')NNr)__name__ __module__ __qualname__ frozensetryr-r& classmethodr1r@rMr_rjrnrtr5r4rdrUr'r%rrs )2 333))%&&&&<<[< JJJ8 $ $ $ $D/ / / b.$.$.$.$`<<<$8888*$ = = =!!!!!r'rc,t|tSr)rr )header_segments r%rErE's .+ 6 66r'c.t|tdS)Nr?rr )rKs r%rGrG+s ,k; G GGr'c.t|tdS)Nr9r)r=s r%rFrF/s ?K C CCr'N)authlib.common.encodingrrrrauthlib.jose.utilrrr authlib.jose.errorsr r r r rmodelsrrobjectrrErGrFrUr'r%rsE )(((((((O!O!O!O!O!vO!O!O!d777HHHDDDDDr'