o
    Df/,                     @   s  d dl Z d dlZd dlmZ d dlmZ d dlmZ d dlm	Z	m
Z
 d dlmZ d dlmZ d dlmZ d d	lmZ d d
lmZmZmZmZ d dlmZ ddlmZ ddlmZ ddlmZ G dd deZ G dd deZ!G dd deZ"G dd deZ#G dd deZ$d&ddZ%e  e!dde& e!dd e'e(e) e) de!d!d"e'e(e* e* de"d#e"d$e"d%e#d#e#d$e#d%e$de$d#e$d$e$d%gZ+dS )'    N)padding)hashes)default_backend)aes_key_wrapaes_key_unwrap)Cipher)AES)GCM)ConcatKDFHash)to_bytes	to_nativeurlsafe_b64decodeurlsafe_b64encode)JWEAlgorithm   )RSAKey)ECKey)OctKeyc                   @   s6   e Zd ZdZdZdd Zdd Zddd	Zd
d ZdS )DirectAlgorithmdirz$Direct use of a shared symmetric keyc                 C   
   t |S Nr   
import_keyselfraw_data r   V/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/jose/rfc7518/jwe_algs.pyprepare_key      
zDirectAlgorithm.prepare_keyc                 C   s   i S r   r   )r   enc_algkeyr   r   r   generate_preset    s   zDirectAlgorithm.generate_presetNc                 C   s.   | d}t|d |jkrtdd|dS )Nencrypt   Invalid "cek" length    ekcek
get_op_keylenCEK_SIZE
ValueErrorr   r!   headersr"   presetr*   r   r   r   wrap#   s   

zDirectAlgorithm.wrapc                 C   s(   | d}t|d |jkrtd|S )Ndecryptr%   r&   r+   )r   r!   r)   r1   r"   r*   r   r   r   unwrap)   s   
zDirectAlgorithm.unwrapr   )	__name__
__module____qualname__namedescriptionr   r#   r3   r5   r   r   r   r   r      s    
r   c                   @   s:   e Zd ZdZdd Zdd Zdd Zdd	d
Zdd ZdS )RSAAlgorithmi   c                 C   s   || _ || _|| _d S r   )r9   r:   r   )r   r9   r:   pad_fnr   r   r   __init__5   s   
zRSAAlgorithm.__init__c                 C   r   r   )r   r   r   r   r   r   r   :   r    zRSAAlgorithm.prepare_keyc                 C      |  }d|iS Nr*   generate_cekr   r!   r"   r*   r   r   r   r#   =      zRSAAlgorithm.generate_presetNc                 C   sT   |rd|v r|d }n|  }|d}|j| jk rtd||| j}||dS )Nr*   wrapKeyz.A key of size 2048 bits or larger MUST be usedr(   )rA   r,   key_sizer/   r$   r   )r   r!   r1   r"   r2   r*   op_keyr)   r   r   r   r3   A   s   


zRSAAlgorithm.wrapc                 C   s6   | d}||| j}t|d |jkrtd|S N	unwrapKeyr%   r&   )r,   r4   r   r-   r.   r/   r   r!   r)   r1   r"   rF   r*   r   r   r   r5   M   s
   
zRSAAlgorithm.unwrapr   )	r6   r7   r8   rE   r=   r   r#   r3   r5   r   r   r   r   r;   0   s    
r;   c                   @   sF   e Zd Zdd Zdd Zdd Zdd Zd	d
 ZdddZdd Z	dS )AESAlgorithmc                 C   &   d| d| _ d| d| _|| _d S )NAKWzAES Key Wrap using -bit keyr9   r:   rE   r   rE   r   r   r   r=   W      
zAESAlgorithm.__init__c                 C   r   r   r   r   r   r   r   r   \   r    zAESAlgorithm.prepare_keyc                 C   r>   r?   r@   rB   r   r   r   r#   _   rC   zAESAlgorithm.generate_presetc                 C   (   t |d | jkrtd| j dd S Nr%   zA key of size z bits is required.r-   rE   r/   r   r"   r   r   r   
_check_keyc   
   zAESAlgorithm._check_keyc                 C   s,   | d}| | t||t }||dS )NrD   r(   )r,   rV   r   r   )r   r*   r"   rF   r)   r   r   r   wrap_cekh   s   


zAESAlgorithm.wrap_cekNc                 C   s*   |rd|v r|d }n|  }| ||S r?   )rA   rX   r0   r   r   r   r3   n   s   
zAESAlgorithm.wrapc                 C   s@   | d}| | t||t }t|d |jkrtd|S rG   )r,   rV   r   r   r-   r.   r/   rI   r   r   r   r5   u   s   

zAESAlgorithm.unwrapr   )
r6   r7   r8   r=   r   r#   rV   rX   r3   r5   r   r   r   r   rJ   V   s    
rJ   c                   @   sJ   e Zd ZeddgZdd Zdd Zdd Zd	d
 ZdddZ	dd Z
dS )AESGCMAlgorithmivtagc                 C   rK   )NrL   GCMKWz Key wrapping with AES GCM using rN   rO   rP   r   r   r   r=      rQ   zAESGCMAlgorithm.__init__c                 C   r   r   r   r   r   r   r   r      r    zAESGCMAlgorithm.prepare_keyc                 C   r>   r?   r@   rB   r   r   r   r#      rC   zAESGCMAlgorithm.generate_presetc                 C   rR   rS   rT   rU   r   r   r   rV      rW   zAESGCMAlgorithm._check_keyNc                 C   s   |rd|v r|d }n|  }|d}| | d}t|d }tt|t|t d}	|		 }
|

||
  }tt|tt|
jd}|||dS )Nr*   rD   `   r%   backend)rZ   r[   r)   r*   header)rA   r,   rV   osurandomr   r   r	   r   	encryptorupdatefinalizer   r   r[   )r   r!   r1   r"   r2   r*   rF   iv_sizerZ   cipherencr)   hr   r   r   r3      s   



zAESGCMAlgorithm.wrapc                 C   s   | d}| | |d}|std|d}|s tdtt|}tt|}tt|t||t	 d}|
 }	|	||	  }
t|
d |jkrStd|
S )	NrH   rZ   zMissing "iv" in headersr[   zMissing "tag" in headersr^   r%   r&   )r,   rV   getr/   r   r   r   r   r	   r   	decryptorre   rf   r-   r.   )r   r!   r)   r1   r"   rF   rZ   r[   rh   dr*   r   r   r   r5      s    



zAESGCMAlgorithm.unwrapr   )r6   r7   r8   	frozensetEXTRA_HEADERSr=   r   r#   rV   r3   r5   r   r   r   r   rY   ~   s    
rY   c                   @   sl   e Zd Zg dZeZdddZdd Zdd Zd	d
 Z	dd Z
dd Zdd Zdd ZdddZdd ZdS )ECDHESAlgorithm)epkapuapvNc                 C   sD   |d u rd| _ d| _nd| d| _ d|| _|| _t|| _d S )NzECDH-ESz(ECDH-ES in the Direct Key Agreement modez	ECDH-ES+ArM   z3ECDH-ES using Concat KDF and CEK wrapped with A{}KW)r9   r:   formatrE   rJ   aeskwrP   r   r   r   r=      s   zECDHESAlgorithm.__init__c                 C   s   t || jr|S t|S r   )
isinstanceALLOWED_KEY_CLSr   r   r   r   r   r   r      s   
zECDHESAlgorithm.prepare_keyc                 C   s<   |  |}| |}||d}| jd ur| }||d< |S )N)rq   ra   r*   )_generate_ephemeral_key_prepare_headersrE   rA   )r   r!   r"   rq   rj   r2   r*   r   r   r   r#      s   



zECDHESAlgorithm.generate_presetc                 C   s`   | j d u rt|d }nt|d }t|dd}t|dd}td|}|| | | S )Nri   algrr   Trs   >I)rE   u32be_len_inputrk   structpack)r   r1   bit_sizealg_idapu_infoapv_infopub_infor   r   r   compute_fixed_info   s   
z"ECDHESAlgorithm.compute_fixed_infoc                 C   s$   t t |d |t d}||S )Nr%   )	algorithmlength	otherinfor_   )r
   r   SHA256r   derive)r   
shared_key
fixed_infor   ckdfr   r   r   compute_derived_key   s   
z#ECDHESAlgorithm.compute_derived_keyc                 C   s$   | |}| ||}| |||S r   )exchange_shared_keyr   r   )r   r"   pubkeyr1   r   r   r   r   r   r   deliver   s   
zECDHESAlgorithm.deliverc                 C   s   |j |d ddS )NcrvT)
is_private)generate_keyrU   r   r   r   rx     s   z'ECDHESAlgorithm._generate_ephemeral_keyc                    s&    fdd j D } j|d< d|iS )Nc                    s   i | ]}| | qS r   r   ).0krq   r   r   
<dictcomp>  s    z4ECDHESAlgorithm._prepare_headers.<locals>.<dictcomp>ktyrq   )REQUIRED_JSON_FIELDSr   )r   rq   pub_epkr   r   r   ry     s   
z ECDHESAlgorithm._prepare_headersc                 C   s   | j d u r	|j}n| j }|rd|v r|d }i }n
| |}| |}|d}| ||||}	| j d u r;d|	|dS |rHd|v rHd|d i}
nd }
| j|	}| j||||
}||d< |S )Nrq   rD   r'   r`   r*   ra   )	rE   r.   rx   ry   r,   r   ru   r   r3   )r   r!   r1   r"   r2   r   rq   rj   
public_keydkpreset_for_kwkekrvr   r   r   r3   
  s&   




zECDHESAlgorithm.wrapc           
      C   s|   d|vrt d| jd u r|j}n| j}||d }|d}| ||||}| jd u r/|S | j|}	| j||||	S )Nrq   zMissing "epk" in headersrD   )	r/   rE   r.   r   r,   r   ru   r   r5   )
r   r!   r)   r1   r"   r   rq   r   r   r   r   r   r   r5   '  s   


zECDHESAlgorithm.unwrapr   )r6   r7   r8   ro   r   rw   r=   r   r#   r   r   r   rx   ry   r3   r5   r   r   r   r   rp      s    
		
rp   Fc                 C   s6   | sdS |rt t| } nt| } tdt| |  S )Ns       r{   )r   r   r}   r~   r-   )sbase64r   r   r   r|   ;  s   r|   RSA1_5zRSAES-PKCS1-v1_5zRSA-OAEPz#RSAES OAEP using default parameterszRSA-OAEP-256z.RSAES OAEP using SHA-256 and MGF1 with SHA-256         )F),rb   r}   )cryptography.hazmat.primitives.asymmetricr   cryptography.hazmat.primitivesr   cryptography.hazmat.backendsr   &cryptography.hazmat.primitives.keywrapr   r   &cryptography.hazmat.primitives.ciphersr   1cryptography.hazmat.primitives.ciphers.algorithmsr   ,cryptography.hazmat.primitives.ciphers.modesr	   ,cryptography.hazmat.primitives.kdf.concatkdfr
   authlib.common.encodingr   r   r   r   authlib.jose.rfc7516r   rsa_keyr   ec_keyr   oct_keyr   r   r;   rJ   rY   rp   r|   PKCS1v15OAEPMGF1SHA1r   JWE_ALG_ALGORITHMSr   r   r   r   <module>   sT    &(D
y