o Df,@sddlmZmZmZmZddlmZmZmZddl m Z m Z m Z m Z mZddlmZmZGdddZdd Zd d Zd d ZdS))to_bytes to_unicodeurlsafe_b64encodejson_b64encode)extract_headerextract_segment ensure_dict) DecodeErrorMissingAlgorithmErrorUnsupportedAlgorithmErrorBadSignatureErrorInvalidHeaderParameterNameError) JWSHeader JWSObjectc@seZdZegdZiZdddZeddZddZ dd d Z d d Z dd dZ ddZ dddZddZddZddZdS)JsonWebSignature) algjkujwkkidx5ux5cx5tzx5t#S256typctycritNcCs||_||_dSN)_private_headers _algorithms)self algorithmsprivate_headersr"Q/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/jose/rfc7515/jws.py__init__!s zJsonWebSignature.__init__cCs,|r|jdkrtd|||j|j<dS)NJWSzInvalid algorithm for JWS, )algorithm_type ValueErrorALGORITHMS_REGISTRYname)cls algorithmr"r"r#register_algorithm%s z#JsonWebSignature.register_algorithmc Csjt|d}||||||\}}t|j}tt|}d||g}t|||} d||| gS)a"Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per `Section 7.1`_. .. code-block:: text BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) :param protected: A dict of protected header :param payload: A bytes/string of payload :param key: Private key used to generate signature :return: byte N.) r_validate_private_headers_prepare_algorithm_keyr protectedrrjoinsign) rr0payloadkey jws_headerr+protected_segmentpayload_segment signing_input signaturer"r"r#serialize_compact,s    z"JsonWebSignature.serialize_compactcCszt|}|dd\}}|dd\}}Wn ty!tdwt|}t|d} t|} |r5|| } t|} t | | d} | | | |\} }| || |rQ| St | )aExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 r-rzNot enough segmentsNcompact) rrsplitsplitr'r _extract_headerr_extract_payload_extract_signaturerr/verifyr )rsr4decoder8signature_segmentr6r7r0r5r3r9rvr+r"r"r#deserialize_compactHs$    z$JsonWebSignature.deserialize_compactcsbtfddt|tr!t|}t|d<|Sfdd|D}t|dS)aGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. csn||\}}t|j}d|g}t|||}t|t|d}|jdur5|j|d<|S)Nr-)r0r9header) r.r/rr0r1rr2rrG)r5_alg_keyr6r8r9rE)r4r3r7rr"r#_signs    z.JsonWebSignature.serialize_json.._signr3csg|] }t|qSr")r from_dict).0h)rJr"r# sz3JsonWebSignature.serialize_json..)r3 signatures)r isinstancedictrrKr)r header_objr3r4datarOr")rJr4r3r7rr#serialize_jsonjs  zJsonWebSignature.serialize_jsonc Cst|d}|d}|durtdt|}t|}|r ||}d|vr<|||||\}}t||d}|r8|St|g} d} |dD]} |||| |\}}| ||sYd} qDt| |d }| rd|St|) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r%r3NzMissing "payload" valuerOflatTFjson) rgetr rr?_validate_json_jwsrr append) robjr4rCr7r3r5validrEheadersis_validrRr"r"r#deserialize_jsons<     z!JsonWebSignature.deserialize_jsoncCs@t|ttfr||||Sd|vr||||S||||S)aGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r0)rPlisttuplerTr:)rrGr3r4r"r"r# serializes  zJsonWebSignature.serializecCsPt|tr ||||St|}|dr!|dr!||||S||||S)aDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. {})rPrQr^r startswithendswithrF)rrBr4rCr"r"r# deserializes zJsonWebSignature.deserializecCsd|vrt|d}|jdur||jvrt||jvr t|j|}t|r/|||}n |dur;d|vr;|d}||}||fS)Nrr)r rr r(callable prepare_key)rrGr3r4rr+r"r"r#r/s    z'JsonWebSignature._prepare_algorithm_keycCsB|jdur|j}||j}|D] }||vrt|qdSdSr)r!REGISTERED_HEADER_PARAMETER_NAMEScopyunionr )rrGnameskr"r"r#r.s   z*JsonWebSignature._validate_private_headersc Cs|d}|s td|d}|stdt|}t|}|d}|r.t|ts.tdt||} || ||\} }d||g} t t|} | | | |rT| dfS| d fS) Nr0zMissing "protected" valuer9zMissing "signature" valuerGzInvalid "header" valuer-TF) rWr rr>rPrQrr/r1r@rA) rr7r3rRr4r6rDr0rGr5r+r8r9r"r"r#rXs$     z#JsonWebSignature._validate_json_jws)NNr)__name__ __module__ __qualname__ frozensetrir(r$ classmethodr,r:rFrTr^rarfr/r.rXr"r"r"r#rs    " 10  rcCs t|tSr)rr )header_segmentr"r"r#r>'s r>cC t|tdS)Nr9rr )rDr"r"r#r@+ r@cCrt)Nr3ru)r7r"r"r#r?/rvr?N)authlib.common.encodingrrrrauthlib.jose.utilrrrauthlib.jose.errorsr r r r r modelsrrrr>r@r?r"r"r"r#s