o
    Df>                     @   s   d dl Z d dlZd dlZd dlZd dlmZmZmZmZ ddl	m
Z
 ddlmZmZ ddlmZ ddlmZ dd	lmZmZ G d
d dZdd Zdd Zdd Zdd ZdS )    N)to_bytes
to_unicode
json_loads
json_dumps   )	JWTClaims   )DecodeErrorInsecureClaimError)JsonWebSignature)JsonWebEncryption)KeySetKeyc                   @   sR   e Zd ZdZedg dejZdddZ	dd Z
dd
dZ		dddZdS )JsonWebToken)passwordtokensecret
secret_key|)z1\b(?:3[47]\d|(?:4\d|5[1-5]|65)\d{2}|6011)\d{12}\bzB-----BEGIN[A-Z ]+PRIVATE KEY-----.+-----END[A-Z ]+PRIVATE KEY-----z3^\b(?!(000|666|9))\d{3}-(?!00)\d{2}-(?!0000)\d{4}\bNc                 C   s    t ||d| _t||d| _d S )N)private_headers)r   _jwsr   _jwe)self
algorithmsr    r   Q/home/ubuntu/webapp/venv/lib/python3.10/site-packages/authlib/jose/rfc7519/jwt.py__init__   s   zJsonWebToken.__init__c                 C   sF   |D ]}|| j v rt||| }t|tr | j|r t|qdS )z0Check if payload contains sensitive information.N)SENSITIVE_NAMESr
   
isinstancestrSENSITIVE_VALUESsearch)r   payloadkvr   r   r   check_sensitive_data    s   
z!JsonWebToken.check_sensitive_dataTc                 C   s   | dd dD ]}||}t|tjrt| ||< q|r&| | t||}t	t
|}d|v r=| j|||S | j|||S )a  Encode a JWT with the given header, payload and key.

        :param header: A dict of JWS header
        :param payload: A dict to be encoded
        :param key: key used to sign the signature
        :param check: check if sensitive data in payload
        :return: bytes
        typJWT)expiatnbfenc)
setdefaultgetr   datetimecalendartimegmutctimetupler%   find_encode_keyr   r   r   serialize_compactr   )r   headerr"   keycheckr#   claimtextr   r   r   encode,   s   	


zJsonWebToken.encodec           	      C   s   |du rt }t|r|}ntt|}t|}|d}|dkr)| j||t}n|dkr6| j	||t}nt
d||d |d ||dS )	a  Decode the JWT with the given key. This is similar with
        :meth:`verify`, except that it will raise BadSignatureError when
        signature doesn't match.

        :param s: text of JWT
        :param key: key used to verify the signature
        :param claims_cls: class to be used for JWT claims
        :param claims_options: `options` parameters for claims_cls
        :param claims_params: `params` parameters for claims_cls
        :return: claims_cls instance
        :raise: BadSignatureError
        N   .r      zInvalid input segments lengthr"   r4   )optionsparams)r   callablecreate_load_keyprepare_raw_keyr   countr   deserialize_compactdecode_payloadr   r	   )	r   sr5   
claims_clsclaims_optionsclaims_paramsload_key	dot_countdatar   r   r   decodeG   s"   
zJsonWebToken.decode)N)T)NNN)__name__
__module____qualname__r   recompilejoinDOTALLr    r   r%   r9   rK   r   r   r   r   r      s    
	
r   c                 C   s>   zt t| }W n ty   tdw t|tstd|S )NzInvalid payload valuezInvalid payload type)r   r   
ValueErrorr	   r   dict)bytes_payloadr"   r   r   r   rC   l   s   
rC   c                 C   sR   t | tr| S t | tr| dr| drt| } | S t | ttfr'd| i} | S )N{}keys)r   r   r   
startswithendswithr   tuplelist)rawr   r   r   r@   v   s   

r@   c                 C   s   t | tr|d}|r| |S t| j}|j|d< |S t | trSd| v rS| d }|d}|D ]}|d|kr?|  S q2|sOt|}|d |d< |S t	dt | trdd| v rd| d |d< | S t | t
rq| jrq| j|d< | S )NkidrX   Invalid JSON Web Key Set)r   r   r-   find_by_kidrandomchoicerX   r^   rT   rS   r   )r5   r4   r^   rvrX   r#   r   r   r   r2      s2   






r2   c                    s    fdd}|S )Nc                    s   t  tr | dS t  trEd v rE d }| d}|d ur7|D ]}|d|kr2|  S q%tdt|dkrA|d S td S )Nr^   rX   r   r   r_   )r   r   r`   r-   rT   lenrS   )r4   r"   rX   r^   r#   r5   r   r   rH      s   

z!create_load_key.<locals>.load_keyr   )r5   rH   r   re   r   r?      s   r?   )rO   ra   r.   r/   authlib.common.encodingr   r   r   r   claimsr   errorsr	   r
   rfc7515r   rfc7516r   rfc7517r   r   r   rC   r@   r2   r?   r   r   r   r   <module>   s    \
 