o
    Df,                     @   s   d dl mZmZmZmZ d dlmZmZmZ d dl	m
Z
mZmZmZmZ ddlmZmZ G dd dZdd	 Zd
d Zdd ZdS )    )to_bytes
to_unicodeurlsafe_b64encodejson_b64encode)extract_headerextract_segmentensure_dict)DecodeErrorMissingAlgorithmErrorUnsupportedAlgorithmErrorBadSignatureErrorInvalidHeaderParameterNameError   )	JWSHeader	JWSObjectc                   @   s   e Zd Zeg dZi ZdddZedd Zdd Z	dd	d
Z
dd ZdddZdd ZdddZdd Zdd Zdd ZdS )JsonWebSignature)algjkujwkkidx5ux5cx5tzx5t#S256typctycritNc                 C   s   || _ || _d S N)_private_headers_algorithms)self
algorithmsprivate_headers r"   Q/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/jose/rfc7515/jws.py__init__!   s   
zJsonWebSignature.__init__c                 C   s,   |r|j dkrtd||| j|j< d S )NJWSzInvalid algorithm for JWS, )algorithm_type
ValueErrorALGORITHMS_REGISTRYname)cls	algorithmr"   r"   r#   register_algorithm%   s
   z#JsonWebSignature.register_algorithmc           
      C   sj   t |d}| | | |||\}}t|j}tt|}d||g}t|||}	d|||	gS )a"  Generate a JWS Compact Serialization. The JWS Compact Serialization
        represents digitally signed or MACed content as a compact, URL-safe
        string, per `Section 7.1`_.

        .. code-block:: text

            BASE64URL(UTF8(JWS Protected Header)) || '.' ||
            BASE64URL(JWS Payload) || '.' ||
            BASE64URL(JWS Signature)

        :param protected: A dict of protected header
        :param payload: A bytes/string of payload
        :param key: Private key used to generate signature
        :return: byte
        N   .)	r   _validate_private_headers_prepare_algorithm_keyr   	protectedr   r   joinsign)
r   r0   payloadkey
jws_headerr+   protected_segmentpayload_segmentsigning_input	signaturer"   r"   r#   serialize_compact,   s   


z"JsonWebSignature.serialize_compactc                 C   s   zt |}|dd\}}|dd\}}W n ty!   tdw t|}t|d}	t|}
|r5||
}
t|}t	|	|
d}| 
|	|
|\}}||||rQ|S t|)a  Exact JWS Compact Serialization, and validate with the given key.
        If key is not provided, the returned dict will contain the signature,
        and signing input values. Via `Section 7.1`_.

        :param s: text of JWS Compact Serialization
        :param key: key used to verify the signature
        :param decode: a function to decode payload data
        :return: JWSObject
        :raise: BadSignatureError

        .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1
        r-   r   zNot enough segmentsNcompact)r   rsplitsplitr'   r	   _extract_headerr   _extract_payload_extract_signaturer   r/   verifyr   )r   sr4   decoder8   signature_segmentr6   r7   r0   r5   r3   r9   rvr+   r"   r"   r#   deserialize_compactH   s$   
z$JsonWebSignature.deserialize_compactc                    sb   t fdd t|tr! t|}t|d< |S  fdd|D }t|dS )a  Generate a JWS JSON Serialization. The JWS JSON Serialization
        represents digitally signed or MACed content as a JSON object,
        per `Section 7.2`_.

        :param header_obj: A dict/list of header
        :param payload: A string/dict of payload
        :param key: Private key used to generate signature
        :return: JWSObject

        Example ``header_obj`` of JWS JSON Serialization::

            {
                "protected: {"alg": "HS256"},
                "header": {"kid": "jose"}
            }

        Pass a dict to generate flattened JSON Serialization, pass a list of
        header dict to generate standard JSON Serialization.
        c                    sn    |  |  \}}t| j}d|g}t|||}t|t|d}| jd ur5| j|d< |S )Nr-   )r0   r9   header)	r.   r/   r   r0   r1   r   r2   r   rG   )r5   _alg_keyr6   r8   r9   rE   )r4   r3   r7   r   r"   r#   _sign   s   



z.JsonWebSignature.serialize_json.<locals>._signr3   c                    s   g | ]	} t |qS r"   )r   	from_dict).0h)rJ   r"   r#   
<listcomp>   s    z3JsonWebSignature.serialize_json.<locals>.<listcomp>)r3   
signatures)r   
isinstancedictr   rK   r   )r   
header_objr3   r4   datarO   r"   )rJ   r4   r3   r7   r   r#   serialize_jsonj   s   
zJsonWebSignature.serialize_jsonc                 C   s   t |d}|d}|du rtdt|}t|}|r ||}d|vr<| ||||\}}t||d}|r8|S t|g }	d}
|d D ]}| ||||\}}|	| |sYd}
qDt|	|d	}|
rd|S t|)
a  Exact JWS JSON Serialization, and validate with the given key.
        If key is not provided, it will return a dict without signature
        verification. Header will still be validated. Via `Section 7.2`_.

        :param obj: text of JWS JSON Serialization
        :param key: key used to verify the signature
        :param decode: a function to decode payload data
        :return: JWSObject
        :raise: BadSignatureError

        .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2
        r%   r3   NzMissing "payload" valuerO   flatTFjson)	r   getr	   r   r?   _validate_json_jwsr   r   append)r   objr4   rC   r7   r3   r5   validrE   headersis_validrR   r"   r"   r#   deserialize_json   s<   


z!JsonWebSignature.deserialize_jsonc                 C   s@   t |ttfr| |||S d|v r| |||S | |||S )a  Generate a JWS Serialization. It will automatically generate a
        Compact or JSON Serialization depending on the given header. If a
        header is in a JSON header format, it will call
        :meth:`serialize_json`, otherwise it will call
        :meth:`serialize_compact`.

        :param header: A dict/list of header
        :param payload: A string/dict of payload
        :param key: Private key used to generate signature
        :return: byte/dict
        r0   )rP   listtuplerT   r:   )r   rG   r3   r4   r"   r"   r#   	serialize   s
   zJsonWebSignature.serializec                 C   sP   t |tr| |||S t|}|dr!|dr!| |||S | |||S )a  Deserialize JWS Serialization, both compact and JSON format.
        It will automatically deserialize depending on the given JWS.

        :param s: text of JWS Compact/JSON Serialization
        :param key: key used to verify the signature
        :param decode: a function to decode payload data
        :return: dict
        :raise: BadSignatureError

        If key is not provided, it will still deserialize the serialization
        without verification.
           {   })rP   rQ   r^   r   
startswithendswithrF   )r   rB   r4   rC   r"   r"   r#   deserialize   s   
zJsonWebSignature.deserializec                 C   s   d|vrt  |d }| jd ur|| jvrt || jvr t | j| }t|r/|||}n|d u r;d|v r;|d }||}||fS )Nr   r   )r
   r   r   r(   callableprepare_key)r   rG   r3   r4   r   r+   r"   r"   r#   r/      s   


z'JsonWebSignature._prepare_algorithm_keyc                 C   sB   | j d ur| j }|| j }|D ]}||vrt|qd S d S r   )r   !REGISTERED_HEADER_PARAMETER_NAMEScopyunionr   )r   rG   nameskr"   r"   r#   r.     s   

z*JsonWebSignature._validate_private_headersc                 C   s   | d}|std| d}|stdt|}t|}| d}|r.t|ts.tdt||}	| |	||\}
}d||g}t	t|}|

|||rT|	dfS |	d	fS )
Nr0   zMissing "protected" valuer9   zMissing "signature" valuerG   zInvalid "header" valuer-   TF)rW   r	   r   r>   rP   rQ   r   r/   r1   r@   rA   )r   r7   r3   rR   r4   r6   rD   r0   rG   r5   r+   r8   r9   r"   r"   r#   rX     s$   



z#JsonWebSignature._validate_json_jws)NNr   )__name__
__module____qualname__	frozensetri   r(   r$   classmethodr,   r:   rF   rT   r^   ra   rf   r/   r.   rX   r"   r"   r"   r#   r      s    


"
10
r   c                 C   s
   t | tS r   )r   r	   )header_segmentr"   r"   r#   r>   '  s   
r>   c                 C      t | tdS )Nr9   r   r	   )rD   r"   r"   r#   r@   +     r@   c                 C   rt   )Nr3   ru   )r7   r"   r"   r#   r?   /  rv   r?   N)authlib.common.encodingr   r   r   r   authlib.jose.utilr   r   r   authlib.jose.errorsr	   r
   r   r   r   modelsr   r   r   r>   r@   r?   r"   r"   r"   r#   <module>   s      