o s h-@sddlmZddlZddlZddlZddlmZddlmZm Z ddl m Z m Z m Z mZddlmZddlmZmZmZmZdd lmZmZdd lmZerVdd l mZmZGd d d ZeZejZejZej Z ej!Z!ej"Z"ej#Z#ej$Z$dS)) annotationsN)Sequence) TYPE_CHECKINGAny) Algorithmget_default_algorithms has_cryptorequires_cryptography)PyJWK) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc@seZdZdZ  dGdHd d ZedId d ZdJddZdKddZdLddZ dMddZ     dNdOd*d+Z ,   dPdQd3d4Z ,   dPdRd6d7Z dSd8d9ZdTd;d<Z , dUdVd@dAZdWdBdCZdXdEdFZdS)YPyJWSJWTN algorithmsSequence[str] | Noneoptionsdict[str, Any] | NonereturnNonecCslt|_|dur t|nt|j|_t|jD] }||jvr$|j|=q|dur+i}i|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsr)selfrrkeyr%_/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/jwt/api_jws.py__init__ s zPyJWS.__init__dict[str, bool]cCsddiS)Nverify_signatureTr%r%r%r%r&r"3szPyJWS._get_default_optionsalg_idstralg_objrcCs>||jvr tdt|tstd||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)r#r*r,r%r%r&register_algorithm7s   zPyJWS.register_algorithmcCs*||jvr td|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)r#r*r%r%r&unregister_algorithmDs zPyJWS.unregister_algorithm list[str]cCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )r r)r#r%r%r&get_algorithmsRs zPyJWS.get_algorithmsalg_namec CsNz|j|WSty&}zts|tvrtd|d|td|d}~ww)z For a given string name, return the matching Algorithm object. Example usage: >>> jws_obj.get_algorithm_by_name("RS256") z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedN)rr2r r NotImplementedError)r#r7er%r%r&get_algorithm_by_nameXs    zPyJWS.get_algorithm_by_nameFTpayloadbytesr$(AllowedPrivateKeys | PyJWK | str | bytes algorithm str | Noneheaders json_encodertype[json.JSONEncoder] | Noneis_payload_detachedbool sort_headerscCsNg}|durt|tr|j} nd} n|} |r,|d} | r!|d} |d} | dur,d}|j| d} |r>||| || dsE| d=|rLd| d<nd| vrS| d=tj| d||d  } | t | |rj|}nt |}| |d |}| | }t|tr|j}||}|||}| t ||rd |d <d |}|d S)NHS256algb64FT)typrHrJ),:) separatorscls sort_keys.rutf-8)r.r algorithm_nameget header_typ_validate_headersupdatejsondumpsencodeappendrjoinr;r$ prepare_keysigndecode)r#r<r$r?rArBrDrFsegments algorithm_ headers_alg headers_b64header json_header msg_payload signing_inputr, signatureencoded_stringr%r%r&rZisX                z PyJWS.encodejwt str | bytes'AllowedPublicKeys | PyJWK | str | bytesdetached_payload bytes | Nonedict[str, Any]c Ks|rtjdt|tdd|duri}i|j|}|d}|r/|s/t|ts/td| |\} } } } | dddurW|durHtd |} d | d d d | g} |rb| | | | ||| | | d S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelr)z\It is required that you pass in a value for the "algorithms" argument when calling decode().rITFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rPrr)r<rdrh)warningswarntupler!rrr.r r _loadrTr\rsplit_verify_signature) r#rkr$rrrnkwargsmerged_optionsr)r<rgrdrhr%r%r&decode_completes<  zPyJWS.decode_completercKs>|rtjdt|tdd|j|||||d}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rqrr)rnr<)rtrurvr!rr|)r#rkr$rrrnrzdecodedr%r%r&r_s   z PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete rq)rwrV)r#rkrAr%r%r&get_unverified_headers zPyJWS.get_unverified_header*tuple[bytes, bytes, dict[str, Any], bytes]c Cslt|tr |d}t|tstdtz|dd\}}|dd\}}Wnty9}ztd|d}~wwzt|}Wnt t j fyT}ztd|d}~wwzt |}Wntyp} ztd| | d} ~ wwt|tsztdzt|} Wnt t j fy}ztd |d}~wwzt|} Wnt t j fy}ztd |d}~ww| ||| fS) NrRz$Invalid token type. Token must be a rPrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r.r+rZr=r rxsplitr-rr/binasciiErrorrXloadsdict) r#rkrgcrypto_segmentheader_segmentpayload_segmenterr header_datardr:r<rhr%r%r&rwsL            z PyJWS._loadrgrdrhc Cs|dur t|tr |jg}z|d}Wn tytddw|r*|dur.||vr.tdt|tr:|j}|j}nz||}WntyR} ztd| d} ~ ww| |}| |||sct ddS)NrHzAlgorithm not specifiedz&The specified alg value is not allowedr8zSignature verification failed) r.r rSr2r rr$r;r9r]verifyr) r#rgrdrhr$rrHr, prepared_keyr:r%r%r&ry+s,      zPyJWS._verify_signaturecCsd|vr ||ddSdS)Nkid) _validate_kid)r#rAr%r%r&rVJszPyJWS._validate_headersrcCst|ts tddS)Nz(Key ID header parameter must be a string)r.r+r)r#rr%r%r&rNs zPyJWS._validate_kid)NN)rrrrrr)rr()r*r+r,rrr)r*r+rr)rr5)r7r+rr)NNNFT)r<r=r$r>r?r@rArrBrCrDrErFrErr+)rjNNN) rkrlr$rmrrrrrnrorrp) rkrlr$rmrrrrrnrorr)rkrlrrp)rkrlrr)rjN) rgr=rdrprhr=r$rmrrrr)rArprr)rrrr)__name__ __module__ __qualname__rUr' staticmethodr"r1r4r6r;rZr|r_r~rwryrVrr%r%r%r&rsD      P 1  + r)% __future__rrrXrtcollections.abcrtypingrrrrrr r api_jwkr exceptionsr r rrutilsrrrrrr_jws_global_objrZr|r_r1r4r;r~r%r%r%r&s0    8