U d)@sddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z m Z ddl mZmZmZmZddlmZmZddlmZGd d d ZeZejZejZejZejZejZejZejZdS) ) annotationsN)AnyType) Algorithmget_default_algorithms has_cryptorequires_cryptography) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)RemovedInPyjwt3Warningc @seZdZdZdd d d#dd$d%d&d'd(Z d?d d d#dd$d d&d)d*Z d+d,d-d.d/Zd+d0d-d1d2Zd@dd,dd d#dd3d4d5Zd%dd6d7d8Zd dd9d:d;ZdS)APyJWSZJWTNNone)returncCsht|_|dk rt|nt|j|_t|jD]}||jkr2|j|=q2|dkrVi}|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsoptions)self algorithmsrkeyr//tmp/pip-unpacked-wheel-cf9_iply/jwt/api_jws.py__init__s  zPyJWS.__init__zdict[str, bool]cCsddiS)Nverify_signatureTrrrrrr*szPyJWS._get_default_optionsstrr)alg_idalg_objrcCs>||jkrtdt|ts$td||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)rr#r$rrrregister_algorithm.s    zPyJWS.register_algorithm)r#rcCs*||jkrtd|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr#rrrunregister_algorithm;s  zPyJWS.unregister_algorithmz list[str]cCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rrrrget_algorithmsIszPyJWS.get_algorithms)alg_namerc Cs\z |j|WStk rV}z,ts<|tkr>> jws_obj.get_algorithm_by_name("RS256") z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)rr*rr NotImplementedError)rr.errrget_algorithm_by_nameOs   zPyJWS.get_algorithm_by_nameHS256Fbytesz str | Nonezdict[str, Any] | NonezType[json.JSONEncoder] | Nonebool)payloadr algorithmheaders json_encoderis_payload_detachedrcCs,g}|dk r|nd}|rD|d} | r.|d}|d} | dkrDd}|j|d} |rh||| || dsv| d=|rd| d<nd| kr| d=tj| d|dd } |t| |r|} nt|} || d |}| |}| |}| ||}|t||rd |d <d |}| d S)Nnonealgb64FT)typr<r>),:) separatorscls sort_keys.rutf-8)get header_typ_validate_headersupdatejsondumpsencodeappendrjoinr2 prepare_keysigndecode)rr6rr7r8r9r:segmentsZ algorithm_Z headers_algZ headers_b64headerZ json_headerZ msg_payload signing_inputr$ signatureencoded_stringrrrrM`sN              z PyJWS.encodezlist[str] | Nonez bytes | Nonezdict[str, Any])jwtrrrdetached_payloadrc Ks|rtdt|t|dkr*i}|j|}|d}|rL|sLtd||\} } } } | dddkr|dkr~td|} d | dd d | g} |r| | | | ||| | | d S) Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r!z\It is required that you pass in a value for the "algorithms" argument when calling decode().r=TFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rDrr)r6rTrV) warningswarntuplerrrr _loadrGrOrsplit_verify_signature) rrYrrrrZkwargsZmerged_optionsr!r6rUrTrVrrrdecode_completes6  zPyJWS.decode_completecKs:|rtdt|t|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )rZr6)r[r\r]rrrb)rrYrrrrZradecodedrrrrRs z PyJWS.decodez str | bytesdict)rYrcCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete )r^rI)rrYr8rrrget_unverified_headers zPyJWS.get_unverified_headerz tuple[bytes, bytes, dict, bytes]c Cst|tr|d}t|ts,tdtz$|dd\}}|dd\}}Wn,tk r|}ztd|W5d}~XYnXz t|}Wn2t t j fk r}ztd|W5d}~XYnXzt |}Wn2tk r} ztd| | W5d} ~ XYnXt|tstdz t|} Wn4t t j fk rT}ztd |W5d}~XYnXz t|} Wn4t t j fk r}ztd |W5d}~XYnX| ||| fS) NrFz$Invalid token type. Token must be a rDrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r&r"rMr4r r_splitr%rr'binasciiErrorrKloadsrd) rrYrUZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarTr1r6rVrrrr^s8    "   z PyJWS._load)rUrTrVrrrc Cs|d}|r|dk r&||kr&tdz||}Wn,tk r`}ztd|W5d}~XYnX||}||||stddS)Nr<z&The specified alg value is not allowedr/zSignature verification failed)rGr r2r0rPverifyr ) rrUrTrVrrr<r$r1rrrr`s  zPyJWS._verify_signature)r8rcCsd|kr||ddS)Nkid) _validate_kid)rr8rrrrI/szPyJWS._validate_headers)rmrcCst|tstddS)Nz(Key ID header parameter must be a string)r&r"r )rrmrrrrn3s zPyJWS._validate_kid)NN)r3NNF)rXNNN)rXNNN)rXN)__name__ __module__ __qualname__rHr staticmethodrr)r,r-r2rMrbrRrfr^r`rIrnrrrrrs< H0 +r) __future__rrhrKr[typingrrrrrrr exceptionsr r r r utilsrrrrZ_jws_global_objrMrbrRr)r,r2rfrrrrs&  "