o 6 hX@slddlZddlZddlmZmZddlmZddlmZddl m Z m Z m Z ddl mZmZmZddlmZmZddlmZmZmZmZdd lmZmZmZdd lmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%ddl&m'Z'ddl(m)Z)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4da5ddZ6Gddde4Z7Gddde4Z8Gddde4Z9Gddde4Z:dS)N)InvalidSignature InvalidTag)default_backend)Binding)hasheshmac serialization)ecpaddingrsa)decode_dss_signatureencode_dss_signature)Cipheraead algorithmsmodes) InvalidUnwrapaes_key_unwrap aes_key_wrap)PKCS7)load_pem_private_keyload_pem_public_key) int_to_bytes)load_pem_x509_certificate) ALGORITHMS)JWEErrorJWKError)base64_to_longbase64url_decodebase64url_encode ensure_binary is_pem_format is_ssh_keylong_to_base64)KeycCsDtdurtatjd|}tj||tj||dd}|S)aK Get random bytes Currently, Cryptography returns OS random bytes. If you want OpenSSL generated random bytes, you'll have to switch the RAND engine after initializing the OpenSSL backend Args: num_bytes (int): Number of random bytes to generate and return Returns: bytes: Random bytes Nzchar[])_bindingrffinewlib RAND_bytesbuffer) num_bytesbuf rand_bytesr0v/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/jose/backends/cryptography_backend.pyget_random_bytes!s r2c@szeZdZejZejZejZefddZddZ ddZ ddZ d d Z d d Z d dZddZddZddZddZdS)CryptographyECKeyc Cs(|tjvr td|tj|jtj|jtj|ji ||_ ||_ ||_ t |ds-t |dr2||_dSt |dr>|d}t|trK|||_dSt|trU|d}t|trzz t|| }Wntyvt|d| d}YnwWnty}zt|d}~ww||_dStd|)N*hash_alg: %s is not a valid hash algorithm public_bytes private_bytesto_pemutf-8passwordbackendz%Unable to parse an ECKey from key: %s)rECrES256SHA256ES384SHA384ES512SHA512gethash_alg _algorithmcryptography_backendhasattr prepared_keyr7decode isinstancedict _process_jwkstrencodebytesr ValueErrorr Exceptionselfkey algorithmrFer0r0r1__init__=sF          zCryptographyECKey.__init__csddkstddtfdddDstdtd}td }tjtjtjd d }t|||}d vrZtd }t ||}| | S| | S) Nktyr<z0Incorrect key type. Expected: 'EC', Received: %sc3|]}|vVqdSNr0.0kjwk_dictr0r1 nz1CryptographyECKey._process_jwk..)xycrvz Mandatory parameters are missingrbrc)P-256P-384P-521rdd) rCrallrr SECP256R1 SECP384R1 SECP521R1EllipticCurvePublicNumbersEllipticCurvePrivateNumbers private_keyrF public_key)rSr_rbrccurvepublicrhprivater0r^r1rLjs$ zCryptographyECKey._process_jwkcCstt|jjdS)zDetermine the correct serialization length for an encoded signature component. This is the number of bytes required to encode the maximum key value. g @)intmathceilrHkey_sizerSr0r0r1_sig_component_lengthsz'CryptographyECKey._sig_component_lengthcCs(t|\}}|}t||t||S)z4Convert signature from DER encoding to RAW encoding.)r ryr)rS der_signaturerscomponent_lengthr0r0r1 _der_to_raws zCryptographyECKey._der_to_rawcCs^|}t|td|krtd|d|}||d}t|d}t|d}t||S)z4Convert signature from RAW encoding to DER encoding.rzInvalid signatureNbig)rylenrtrP from_bytesr )rS raw_signaturer}r_bytess_bytesr{r|r0r0r1 _raw_to_ders     zCryptographyECKey._raw_to_dercCsV|jjd|jjjkrtd|jjjd|jjf|j|t |}| |S)Nz1this curve (%s) is too short for your digest (%d)) rD digest_sizerHrqrw TypeErrornamesignr ECDSAr~)rSmsg signaturer0r0r1rs zCryptographyECKey.signcCs@z||}|j||t|WdStyYdSw)NTF)rrHverifyr rrDrQ)rSrsigrr0r0r1rs  zCryptographyECKey.verifycC t|jdSNr5rGrHrxr0r0r1 is_public zCryptographyECKey.is_publiccC |r|S||j|jSrZr __class__rHrprErxr0r0r1rpzCryptographyECKey.public_keycCsF|r|jjtjjtjjd}|S|jjtjjtj j t d}|S)Nencodingformatrrencryption_algorithm) rrHr5rEncodingPEM PublicFormatSubjectPublicKeyInfor6 PrivateFormatTraditionalOpenSSL NoEncryption)rSpemr0r0r1r7s zCryptographyECKey.to_pemcCs|s |j}n|j}dddd|jjj}|jjjdd}|jd|t|j |d d t|j |d d d }|sS|j j }t||d d |d <|S) Nrerfrg) secp256r1 secp384r1 secp521r1rr<)sizeASCII)algrXrdrbrcrh)rrHrprqrrwrEr$public_numbersrbrIrcprivate_numbers private_value)rSrprdrwdatarr0r0r1to_dicts(   zCryptographyECKey.to_dictN)__name__ __module__ __qualname__rr>r@rBrrWrLryr~rrrrrpr7rr0r0r0r1r38s -   r3c@seZdZejZejZejZeZ e e e e dZ e e eedZefddZddZddZdd Zd d Zd d ZddZdddZddZddZddZdS)CryptographyRSAKeyNc CsL|tjvr td|tj|jtj|jtj|ji ||_ ||_ tj |j tj |j tj|ji ||_||_t|drDt|drD||_dSt|trQ|||_dSt|tr[|d}t|trz/|drn||WdSz t|||_WWdStyt|d|d|_YWdSwty}zt|d}~wwtd|)Nr4r5rr8s-----BEGIN CERTIFICATE-----r9z'Unable to parse an RSA_JWK from key: %s)rRSArRS256r>RS384r@RS512rBrCrDrERSA1_5RSA_OAEP RSA_OAEP_256r rFrGrHrJrKrLrMrNrO startswith _process_certrrPrrQrRr0r0r1rWsR           zCryptographyRSAKey.__init__c sBddkstddtdd}td}t||}dvr0||Std}gd}tfd d |Drttfd d |DsUtd td }td}td} td} td} nt |||\}}t ||} t ||} t ||} t |||| | | |} | |S)NrXrz1Incorrect key type. Expected: 'RSA', Received: %srVnrh)pqdpdqqic3rYrZr0r[r^r0r1r`*raz2CryptographyRSAKey._process_jwk..c3rYrZr0r[r^r0r1r`,raz2Precomputed private key parameters are incomplete.rrrrr)rCrrr RSAPublicNumbersrprFanyrirsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpRSAPrivateNumbersro) rSr_rVrrrrh extra_paramsrrrrrrsr0r^r1rLs.        zCryptographyRSAKey._process_jwkcCst||}||_dSrZ)rrFrprH)rSrTr0r0r1rCsz CryptographyRSAKey._process_certc Cs@z|j|t|}W|Sty}zt|d}~wwrZ)rHrr PKCS1v15rDrQr)rSrrrVr0r0r1rGszCryptographyRSAKey.signcCsL|s tdz|j||t|WdSt y%YdSw)NzKAttempting to verify a message with a private key. This is not recommended.TF) rwarningswarnrprHrr rrDr)rSrrr0r0r1rNs  zCryptographyRSAKey.verifycCrrrrxr0r0r1rXrzCryptographyRSAKey.is_publiccCrrZrrxr0r0r1rp[rzCryptographyRSAKey.public_keyPKCS8cCs|r(|dkr tjj}n|dkrtjj}ntd||jjtjj |d}|S|dkr1tj j }n|dkr:tj j }ntd||jj tjj |tdS)NrPKCS1zInvalid format specified: %rrr)rrrrrrPrHr5rrrrrr6r)rS pem_formatfmtrr0r0r1r7`s       zCryptographyRSAKey.to_pemc Cs|s |j}n|j}|jdt|jdt|jdd}|sk| t|j j dt|j j dt|j j dt|j jdt|j jdt|j jdd|S)Nrr)rrXrrV)rhrrrrr)rrHrprEr$rrrIrVupdaterrhrrdmp1dmq1iqmp)rSrprr0r0r1rvs&  zCryptographyRSAKey.to_dictc Cs8z |j||j}W|Sty}zt|d}~wwrZ)rHencryptr rQr)rSkey_data wrapped_keyrVr0r0r1wrap_keyszCryptographyRSAKey.wrap_keyc Cs8z |j||j}|WSty}zt|d}~wwrZ)rHdecryptr rQr)rSr unwrapped_keyrVr0r0r1 unwrap_keyszCryptographyRSAKey.unwrap_key)r)rrrrr>r@rBr rrOAEPMGF1SHA1rrrrWrLrrrrrpr7rrrr0r0r0r1rs$ /)   rc@s(eZdZejejejejfZej ej ej ej fZ ejejejejejfZejfZejfZejej ejfZejejej ejejejejejejejejejejejej ejejejejejej ejejejejdej dejdiZejjdddZ ddZ!ddZ"dd d Z#dd d Z$d dZ%ddZ&dS)CryptographyAESKeyNr )CBCGCMcCs|tjvr td||tjtjvrtd|||_|j|j|_ ||j vr7t |dkr7td|||j vrIt |dkrItd|||j vr[t |dkr[td|||jvrmt |d krmtd |||jvrt |d krtd |||_dS) Nz%s is not a valid AES algorithmz%s is not a supported algorithmzKey must be 128 bit for alg zKey must be 192 bit for alg zKey must be 256 bit for alg 0zKey must be 384 bit for alg @zKey must be 512 bit for alg )rAESr SUPPORTEDunion AES_PSEUDOrEMODESrC_modeKEY_128rKEY_192KEY_256KEY_384KEY_512_keyrSrTrUr0r0r1rWs"    zCryptographyAESKey.__init__cCs|jdt|jd}|S)NoctrrXr])rEr r)rSrr0r0r1rszCryptographyAESKey.to_dictc Cst|}zk|j|jjtjj}t|}||}|jdkrs  z CryptographyHMACKey._process_jwkcCs|jdt|jddS)Nrrr)rEr rHrIrxr0r0r1rIszCryptographyHMACKey.to_dictcCs4t|}tj|j|jtd}|||}|S)Nr)r!rr"rHr$rrr)rSrhrr0r0r1rPs  zCryptographyHMACKey.signcCs^t|}t|}tj|j|jtd}||z ||d}W|Sty.d}Y|Sw)NrTF) r!rr"rHr$rrrr)rSrrr%verifiedr0r0r1rWs   zCryptographyHMACKey.verifyN)rrr__doc__rHS256rr>HS384r@HS512rBr#rWrLrrrr0r0r0r1r!s"  r!);rurcryptography.exceptionsrrcryptography.hazmat.backendsr,cryptography.hazmat.bindings.openssl.bindingrcryptography.hazmat.primitivesrrr)cryptography.hazmat.primitives.asymmetricr r r /cryptography.hazmat.primitives.asymmetric.utilsr r &cryptography.hazmat.primitives.ciphersrrrr&cryptography.hazmat.primitives.keywraprrr&cryptography.hazmat.primitives.paddingr,cryptography.hazmat.primitives.serializationrrcryptography.utilsrcryptography.x509r constantsr exceptionsrrutilsrrr r!r"r#r$baser&r'r2r3rrr!r0r0r0r1s4      $ +@}