o s hv@spddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z m Z m Z mZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZmZzldd lm Z m!Z!dd l"m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4m5Z5ddl6m7Z7m8Z8ddl9m:Z:m;Z;mZ>m?Z?m@Z@mAZAddlBmCZCmDZDmEZEmFZFmGZGmHZHmIZIdZJWn eKydZJYnwe re:e ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kreturndict[str, Algorithm]cCstttjttjttjd}trG|ttjttjttjttjttjttjttjttjt t jt t jt t jt d |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rDrErFr<rGr=r?r>rArBrCr@) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm OKPAlgorithm)default_algorithmsrZb/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/jwt/algorithms.pyget_default_algorithmsis0r\c@seZdZdZd"ddZed#d d Zed$d d Zed%ddZe e ed&ddZ e e ed'd(ddZ e ed'd)ddZ e ed*dd Z d!S)+ AlgorithmzH The interface for an algorithm used to sign and verify tokens. bytestrbytesrHcCsjt|dd}|dur ttr-t|tr-t|tjr-tj|t d}| |t | St || S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrS isinstancetype issubclassr HashAlgorithmHashrrTr_finalizedigest)selfr^r`rjrZrZr[compute_hash_digests    zAlgorithm.compute_hash_digestkeyrcCdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). NrZrkrmrZrZr[ prepare_keyzAlgorithm.prepare_keymsgcCrn)zn Returns a digital signature for the specified message using the specified key value. NrZrkrrrmrZrZr[signrqzAlgorithm.signsigboolcCrn)zz Verifies that the specified digital signature is valid for the specified message and key values. NrZrkrrrmrurZrZr[verifyrqzAlgorithm.verifyas_dict Literal[True]rcCdSNrZkey_objryrZrZr[to_jwkzAlgorithm.to_jwkFLiteral[False]strcCr{r|rZr}rZrZr[rr JWKDict | strcCrn)z3 Serializes a given key into a JWK NrZr}rZrZr[rrqjwk str | JWKDictcCrn)zJ Deserializes a given key from JWK back into a key object NrZrrZrZr[from_jwkrqzAlgorithm.from_jwkN)r^r_rHr_)rmrrHr)rrr_rmrrHr_)rrr_rmrrur_rHrv)ryrzrHrF)ryrrHr)ryrvrHr)rrrHr) __name__ __module__ __qualname____doc__rlrrprtrxr staticmethodrrrZrZrZr[r]s.    r]c@sLeZdZdZdddZdd d ZdddZedd ddZed!ddZ dS)"rNzZ Placeholder for use when no signing or verification operations are required. rm str | NonerHNonecCs |dkrd}|durtd|S)Nz*When alg = "none", key value must be None.r rorZrZr[rps zNoneAlgorithm.prepare_keyrrr_cCrn)NrZrsrZrZr[rtzNoneAlgorithm.signrurvcCrn)NFrZrwrZrZr[rxrzNoneAlgorithm.verifyFr~rryr cCtr|rcr}rZrZr[rzNoneAlgorithm.to_jwkrrcCrr|rrrZrZr[rrzNoneAlgorithm.from_jwkN)rmrrHr)rrr_rmrrHr_)rrr_rmrrur_rHrvr)r~rryrvrHr )rrrHr ) rrrrrprtrxrrrrZrZrZr[rNs  rNc@seZdZUdZejZded<ejZ ded<ej Z ded<d)d d Z d*ddZ eed+ddZee d,d-ddZed,d.ddZed/d d!Zd0d#d$Zd1d&d'Zd(S)2rOzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rPrQrRr`rrHrcC ||_dSr|r`rkr`rZrZr[__init__ zHMACAlgorithm.__init__rm str | bytesr_cCs$t|}t|s t|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrrrkrm key_bytesrZrZr[rps zHMACAlgorithm.prepare_keyr~ryrzrcCr{r|rZr}rZrZr[r zHMACAlgorithm.to_jwkFrrcCr{r|rZr}rZrZr[rrrvrcCs(tt|dd}|r|St|S)Noct)kkty)rrdecodejsondumps)r~ryrrZrZr[rs  rrcCsjzt|tr t|}n t|tr|}ntWn ty#tddw|ddkr/tdt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rdrrloadsdict ValueErrorrgetr)robjrZrZr[r"s      zHMACAlgorithm.from_jwkrrcCst|||jSr|)hmacnewr`rjrsrZrZr[rt3zHMACAlgorithm.signrucCst||||Sr|)rcompare_digestrtrwrZrZr[rx6rzHMACAlgorithm.verifyN)r`rrHr)rmrrHr_)r~rryrzrHrr)r~rryrrHr)r~rryrvrHr)rrrHr_)rrr_rmr_rHr_)rrr_rmr_rur_rHrv)rrrrhashlibsha256rP__annotations__sha384rQsha512rRrrpr rrrrtrxrZrZrZr[rOs(      rOc@seZdZUdZejZded<ejZded<ejZded<d,d d Z d-ddZ e e d.ddZ e e d/d0ddZ e d/d1ddZ e d2d d!Zd3d%d&Zd4d)d*Zd+S)5rUz~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. $ClassVar[type[hashes.HashAlgorithm]]rPrQrRr`type[hashes.HashAlgorithm]rHrcCrr|rrrZrZr[rFrzRSAAlgorithm.__init__rmAllowedRSAKeys | str | bytesAllowedRSAKeysc Cst|ttfr |St|ttfstdt|}z|dr&ttt |WSttt |ddWSt yOz ttt |WYSt t fyNtddww)NExpecting a PEM-formatted key.sssh-rsapasswordz(Could not parse the provided public key.)rdr-r/r_r TypeErrorr startswithr r;r9rr:rrrrZrZr[rpIs,   zRSAAlgorithm.prepare_keyr~ryrzrcCr{r|rZr}rZrZr[rarzRSAAlgorithm.to_jwkFrrcCr{r|rZr}rZrZr[rgrrvrc Csd}t|drD|}ddgt|jjt|jjt|jt|jt|j t|j t|j t|j d }n t|dr`|}ddgt|jt|jd}nt d|rh|St|S)Nprivate_numbersRSArt) rkey_opsnedpqdpdqqirx)rrrrNot a public or private key)hasattrrrpublic_numbersrrrrrrdmp1dmq1iqmprrr)r~ryrnumbersrZrZr[rms2           rrc szt|tr t|n t|tr|ntWn ty#tddwddkr0tdddvrdvrdvrdvrDtd gd }fd d |D}t|}|r`t |s`td dt t dt d}|rt t dt dt dt dt dt d|d}|St d}t |j||j\}}t |||t||t||t|||d}|Sdvrdvrt t dt dStd)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcsg|]}|vqSrZrZ).0proprrZr[ sz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rdrrrrrrranyallr0rr.r4rrr1r2r3 private_key public_key) r other_props props_foundany_props_foundrrrrrrZrr[rs~                    zRSAAlgorithm.from_jwkrrr_r-cCs||t|Sr|)rtrPKCS1v15r`rsrZrZr[rtszRSAAlgorithm.signr/rucCs4z|||t|WdStyYdSw)NTF)rxrrr`rrwrZrZr[rxs  zRSAAlgorithm.verifyNr`rrHr)rmrrHr)r~rryrzrHrr)r~rryrrHr)r~rryrvrHr)rrrHrrrr_rmr-rHr_rrr_rmr/rur_rHrv)rrrrrrPrrQrRrrpr rrrrtrxrZrZrZr[rU<s(   &  GrUc@seZdZUdZejZded<ejZded<ejZded<d+d d Z d,ddZ d-ddZ d.ddZ e ed/ddZe e d0d1d#dZed0d2d%dZed3d(d)Zd*S)4rVzr Performs signing and verification operations using ECDSA and the specified hash function rrPrQrRr`rrHrcCrr|rrrZrZr[rrzECAlgorithm.__init__rmAllowedECKeys | str | bytes AllowedECKeyscCst|ttfr |St|ttfstdt|}z|dr#t|}nt |}Wnt y7t |dd}Ynwt|ttfsDt dd|S)Nrs ecdsa-sha2-rzcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms) rdr%r'r_rrrrr;r:rr9r)rkrmr crypto_keyrZrZr[rps,   zECAlgorithm.prepare_keyrrr_r%cCs ||t|}t||jSr|)rtrr`rcurve)rkrrrmder_sigrZrZr[rts zECAlgorithm.signrurvcCsnzt||j}Wn tyYdSwzt|tr|n|}|||t|WdSt y6YdSw)NFT) rrrrdr%rrxrr`r)rkrrrmrurrrZrZr[rxs   zECAlgorithm.verifyr~ryrzrcCr{r|rZr}rZrZr[r'rzECAlgorithm.to_jwkFrrcCr{r|rZr}rZrZr[r-rrcCst|tr |}nt|tr|}ntdt|jtr#d}n#t|jtr,d}nt|jt r5d}nt|jt r>d}ntd|jd|t |j |jj dt |j|jj dd }t|trst |j|jj d|d <|rw|St|S) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rdr%rrr'rrr!r"r#r rrkey_sizerrr private_valuerr)r~ryrrrrZrZr[r3sJ         rrcCszt|tr t|}n t|tr|}ntWn ty#tddw|ddkr0tddd|vs8d|vr=tddt|d}t|d}|d}|dkrmt |t |krbd krhnnt }netd d|d krt |t |krd krnnt }nHtd d|dkrt |t |krdkrnnt }n+tdd|dkrt |t |krd krntdt }n tdtd|ttj|ddtj|dd|d}d|vr|St|d}t |t |krtdt ||ttj|dd|S)NrrrzNot an Elliptic curve keyrrrr z)Coords should be 32 bytes for curve P-256r0z)Coords should be 48 bytes for curve P-384rBz)Coords should be 66 bytes for curve P-521rz-Coords should be 32 bytes for curve secp256k1rbig) byteorder)rrrrz!D should be {} bytes for curve {})rdrrrrrrrrlenr!r"r#r r(int from_bytesrr&r)rrrrr curve_objrrrZrZr[r_s              zECAlgorithm.from_jwkNr)rmrrHr)rrr_rmr%rHr_)rrr_rmrrur_rHrv)r~rryrzrHrr)r~rryrrHr)r~rryrvrHr)rrrHr)rrrrrrPrrQrRrrprtrxr rrrrZrZrZr[rVs(     +rVc@s$eZdZdZdddZdd d ZdS)rWzA Performs a signature using RSASSA-PSS with MGF1 rrr_rmr-rHcCs,||tjt||jd|S)Nmgf salt_length)rtrPSSMGF1r` digest_sizersrZrZr[rts zRSAPSSAlgorithm.signr/rurvc CsJz|||tjt||jd|WdSty$YdSw)NrTF)rxrrrr`rrrwrZrZr[rxs  zRSAPSSAlgorithm.verifyNrr)rrrrrtrxrZrZrZr[rWs  rWc@s~eZdZdZd'ddZd(d d Zd)ddZd*ddZee d+ddZ ee d,d-ddZ e d,d.d!dZ e d/d$d%Z d&S)0rXz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrHrcKr{r|rZ)rkrrZrZr[rrzOKPAlgorithm.__init__rmAllowedOKPKeys | str | bytesAllowedOKPKeyscCst|ttfr?t|tr|dn|}t|tr|dn|}d|vr(t|}nd|vr3t|dd}n |dddkr?t|}t|tt t t fsLt d|S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms) rdr_rrencoder:r9r;r+r,r)r*r)rkrmkey_strrrZrZr[rps"  zOKPAlgorithm.prepare_keyrrr#Ed25519PrivateKey | Ed448PrivateKeyr_cCs"t|tr |dn|}||S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes r)rdrrrt)rkrrrm msg_bytesrZrZr[rts zOKPAlgorithm.signrurvcCsrz.t|tr |dn|}t|tr|dn|}t|ttfr$|n|}|||WdSty8YdSw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rTF)rdrrr+r)rrxr)rkrrrmrur sig_bytesrrZrZr[rxs     zOKPAlgorithm.verifyryrzrcCr{r|rZrmryrZrZr[rrzOKPAlgorithm.to_jwkFrrcCr{r|rZr rZrZr[rrrcCst|ttfr.|jtjtjd}t|trdnd}tt| d|d}|r)|St |St|t t frp|jtjtjtd}|jtjtjd}t|t rRdnd}tt| tt| d|d}|rk|St |Std) N)encodingformatEd25519Ed448OKP)rrr)r r encryption_algorithm)rrrrr)rdr,r* public_bytesr5Rawr8rrrrrr+r) private_bytesr7r6rr)rmryrrrrrZrZr[rsB  rrc Cszt|tr t|}n t|tr|}ntWn ty#tddw|ddkr/td|d}|dkrC|dkrCtd|d |vrKtd t|d }z+d |vrg|dkrat |WSt |WSt|d }|dkrxt |WSt |WSty}ztd |d}~ww) NrrrzNot an Octet Key Pairrr r rrzOKP should have "x" parameterrzInvalid key parameter)rdrrrrrrrrr,from_public_bytesr*r+from_private_bytesr))rrrrrerrrZrZr[rJs>           zOKPAlgorithm.from_jwkN)rrrHr)rmrrHr)rrrrmrrHr_)rrrrmrrurrHrv)rmrryrzrHrr)rmrryrrHr)rmrryrvrHr)rrrHr) rrrrrrprtrxr rrrrZrZrZr[rXs"    .rX)rHrI)[ __future__rrrrabcrrtypingrrrrr r r exceptionsrtypesrrutilsrrrrrrrrrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricr,cryptography.hazmat.primitives.asymmetric.ecrr r!r"r#r$r%r&r'r(/cryptography.hazmat.primitives.asymmetric.ed448r)r*1cryptography.hazmat.primitives.asymmetric.ed25519r+r,-cryptography.hazmat.primitives.asymmetric.rsar-r.r/r0r1r2r3r4,cryptography.hazmat.primitives.serializationr5r6r7r8r9r:r;rSModuleNotFoundErrorrrr AllowedKeysAllowedPrivateKeysAllowedPublicKeysrequires_cryptographyr\r]rNrOrUrVrWrXrZrZrZr[sb $ ,    0 ($    "IH+D