o Df/,@sddlZddlZddlmZddlmZddlmZddlm Z m Z ddl m Z ddl mZddlmZdd lmZdd lmZmZmZmZdd lmZd d lmZd dlmZd dlmZGdddeZ GdddeZ!GdddeZ"GdddeZ#GdddeZ$d&ddZ%e e!dde&e!dd e'e(e)e)de!d!d"e'e(e*e*de"d#e"d$e"d%e#d#e#d$e#d%e$de$d#e$d$e$d%gZ+dS)'N)padding)hashes)default_backend) aes_key_wrapaes_key_unwrap)Cipher)AES)GCM) ConcatKDFHash)to_bytes to_nativeurlsafe_b64decodeurlsafe_b64encode) JWEAlgorithm)RSAKey)ECKey)OctKeyc@s6eZdZdZdZddZddZd dd Zd d ZdS) DirectAlgorithmdirz$Direct use of a shared symmetric keycC t|SNr import_keyselfraw_datarV/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/jose/rfc7518/jwe_algs.py prepare_key zDirectAlgorithm.prepare_keycCsiSrr)renc_algkeyrrrgenerate_preset szDirectAlgorithm.generate_presetNcCs.|d}t|d|jkrtdd|dS)NencryptInvalid "cek" lengthekcek get_op_keylenCEK_SIZE ValueErrorrr!headersr"presetr*rrrwrap#s  zDirectAlgorithm.wrapcCs(|d}t|d|jkrtd|S)Ndecryptr%r&r+)rr!r)r1r"r*rrrunwrap)s zDirectAlgorithm.unwrapr) __name__ __module__ __qualname__name descriptionrr#r3r5rrrrrs  rc@s:eZdZdZddZddZddZd d d Zd d ZdS) RSAAlgorithmicCs||_||_||_dSr)r9r:r)rr9r:pad_fnrrr__init__5s zRSAAlgorithm.__init__cCrr)rrrrrrr:r zRSAAlgorithm.prepare_keycC|}d|iSNr* generate_cekrr!r"r*rrrr#=zRSAAlgorithm.generate_presetNcCsT|r d|vr |d}n|}|d}|j|jkrtd|||j}||dS)Nr*wrapKeyz.A key of size 2048 bits or larger MUST be usedr()rAr,key_sizer/r$r)rr!r1r"r2r*op_keyr)rrrr3As     zRSAAlgorithm.wrapcCs6|d}|||j}t|d|jkrtd|SN unwrapKeyr%r&)r,r4rr-r.r/rr!r)r1r"rFr*rrrr5Ms zRSAAlgorithm.unwrapr) r6r7r8rEr=rr#r3r5rrrrr;0s  r;c@sFeZdZddZddZddZddZd d Zdd d ZddZ d S) AESAlgorithmcC&d|d|_d|d|_||_dS)NAKWzAES Key Wrap using -bit keyr9r:rErrErrrr=W zAESAlgorithm.__init__cCrrrrrrrr\r zAESAlgorithm.prepare_keycCr>r?r@rBrrrr#_rCzAESAlgorithm.generate_presetcC(t|d|jkrtd|jddSNr%zA key of size z bits is required.r-rEr/rr"rrr _check_keyc  zAESAlgorithm._check_keycCs,|d}||t||t}||dS)NrDr()r,rVrr)rr*r"rFr)rrrwrap_cekhs   zAESAlgorithm.wrap_cekNcCs*|r d|vr |d}n|}|||Sr?)rArXr0rrrr3ns   zAESAlgorithm.wrapcCs@|d}||t||t}t|d|jkrtd|SrG)r,rVrrr-r.r/rIrrrr5us  zAESAlgorithm.unwrapr) r6r7r8r=rr#rVrXr3r5rrrrrJVs  rJc@sJeZdZeddgZddZddZddZd d Zdd d Z ddZ d S)AESGCMAlgorithmivtagcCrK)NrLGCMKWz Key wrapping with AES GCM using rNrOrPrrrr=rQzAESGCMAlgorithm.__init__cCrrrrrrrrr zAESGCMAlgorithm.prepare_keycCr>r?r@rBrrrr#rCzAESGCMAlgorithm.generate_presetcCrRrSrTrUrrrrVrWzAESGCMAlgorithm._check_keyNc Cs|r d|vr |d}n|}|d}||d}t|d}tt|t|td} | } | || } t t |t t | jd} | || dS)Nr*rD`r%backend)rZr[r)r*header)rAr,rVosurandomrrr r encryptorupdatefinalizer rr[) rr!r1r"r2r*rFiv_sizerZcipherencr)hrrrr3s       zAESGCMAlgorithm.wrapc Cs|d}|||d}|std|d}|s tdtt|}tt|}tt|t||t d}| } | || } t | d|jkrStd| S) NrHrZzMissing "iv" in headersr[zMissing "tag" in headersr^r%r&)r,rVgetr/r r rrr r decryptorrerfr-r.) rr!r)r1r"rFrZr[rhdr*rrrr5s      zAESGCMAlgorithm.unwrapr) r6r7r8 frozenset EXTRA_HEADERSr=rr#rVr3r5rrrrrY~s   rYc@sleZdZgdZeZdddZddZddZd d Z d d Z d dZ ddZ ddZ dddZddZdS)ECDHESAlgorithm)epkapuapvNcCsD|dur d|_d|_n d|d|_d||_||_t||_dS)NzECDH-ESz(ECDH-ES in the Direct Key Agreement modez ECDH-ES+ArMz3ECDH-ES using Concat KDF and CEK wrapped with A{}KW)r9r:formatrErJaeskwrPrrrr=szECDHESAlgorithm.__init__cCst||jr|St|Sr) isinstanceALLOWED_KEY_CLSrrrrrrrs  zECDHESAlgorithm.prepare_keycCs<||}||}||d}|jdur|}||d<|S)N)rqrar*)_generate_ephemeral_key_prepare_headersrErA)rr!r"rqrjr2r*rrrr#s    zECDHESAlgorithm.generate_presetcCs`|jdur t|d}nt|d}t|dd}t|dd}td|}||||S)NrialgrrTrs>I)rEu32be_len_inputrkstructpack)rr1bit_sizealg_idapu_infoapv_infopub_inforrrcompute_fixed_infos   z"ECDHESAlgorithm.compute_fixed_infocCs$tt|d|td}||S)Nr%) algorithmlength otherinfor_)r rSHA256rderive)r shared_key fixed_inforckdfrrrcompute_derived_keys z#ECDHESAlgorithm.compute_derived_keycCs$||}|||}||||Sr)exchange_shared_keyrr)rr"pubkeyr1rrrrrrdelivers  zECDHESAlgorithm.delivercCs|j|dddS)NcrvT) is_private) generate_keyrUrrrrxsz'ECDHESAlgorithm._generate_ephemeral_keycs&fddjD}j|d<d|iS)Ncsi|]}||qSrr).0krqrr sz4ECDHESAlgorithm._prepare_headers..ktyrq)REQUIRED_JSON_FIELDSr)rrqpub_epkrrrrys z ECDHESAlgorithm._prepare_headersc Cs|jdur |j}n|j}|rd|vr|d}i}n ||}||}|d}|||||} |jdur;d| |dS|rHd|vrHd|di} nd} |j| } |j||| | } || d<| S)NrqrDr'r`r*ra) rEr.rxryr,rrurr3) rr!r1r"r2rrqrj public_keydk preset_for_kwkekrvrrrr3 s&         zECDHESAlgorithm.wrapc Cs|d|vrtd|jdur|j}n|j}||d}|d}|||||}|jdur/|S|j|} |j|||| S)NrqzMissing "epk" in headersrD) r/rEr.rr,rrurr5) rr!r)r1r"rrqrrrrrrr5's    zECDHESAlgorithm.unwrapr)r6r7r8rorrwr=rr#rrrrxryr3r5rrrrrps      rpFcCs6|sdS|r tt|}nt|}tdt||S)Nsr{)r r r}r~r-)sbase64rrrr|;s r|RSA1_5zRSAES-PKCS1-v1_5zRSA-OAEPz#RSAES OAEP using default parametersz RSA-OAEP-256z.RSAES OAEP using SHA-256 and MGF1 with SHA-256)F),rbr})cryptography.hazmat.primitives.asymmetricrcryptography.hazmat.primitivesrcryptography.hazmat.backendsr&cryptography.hazmat.primitives.keywraprr&cryptography.hazmat.primitives.ciphersr1cryptography.hazmat.primitives.ciphers.algorithmsr,cryptography.hazmat.primitives.ciphers.modesr ,cryptography.hazmat.primitives.kdf.concatkdfr authlib.common.encodingr r r rauthlib.jose.rfc7516rrsa_keyrec_keyroct_keyrrr;rJrYrpr|PKCS1v15OAEPMGF1SHA1rJWE_ALG_ALGORITHMSrrrrsT           &(D y