U b#@sddlZddlZddlmZddlmZmZmZmZm Z ddl m Z m Z m Z mZddlmZmZmZmZddlmZmZGdd d ZeZejZejZejZejZejZejZdS) N)Mapping)AnyDictListOptionalType) Algorithmget_default_algorithms has_cryptorequires_cryptography) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encodec @seZdZdZd#ddZeddZddZd d Zd d Z d$e e e e e e e eejee dddZd%e e e ee e e e e e e efdddZd&e e e ee e e e dddZddZddZd'ddZdd Zd!d"ZdS)(PyJWSZJWTNcCsht|_|dk rt|nt|j|_t|jD]}||jkr2|j|=q2|dkrVi}|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsoptions)self algorithmsrkeyr//tmp/pip-unpacked-wheel-ivybibab/jwt/api_jws.py__init__s  zPyJWS.__init__cCsddiS)Nverify_signatureTrrrrrr'szPyJWS._get_default_optionscCs>||jkrtdt|ts$td||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)ralg_idalg_objrrrregister_algorithm+s    zPyJWS.register_algorithmcCs*||jkrtd|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr&rrrunregister_algorithm8s  zPyJWS.unregister_algorithmcCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rrrrget_algorithmsFszPyJWS.get_algorithmsHS256F)payloadr algorithmheaders json_encoderis_payload_detachedreturnc Cs|g}|dkrd}|r@|d}|r*|d}|d} | dkr@d}|j|d} |rd||| || dsr| d=|rd| d<nd| kr| d=tj| d|d } |t| |r|} nt|} || d |} z$|j |}| |}| | |}WnPt k rJ}z0ts0|tkr0td |d |td |W5d}~XYnX|t||rhd|d<d |}|dS)Nnonealgb64FT)typr5r7),:) separatorscls.z Algorithm 'z9' could not be found. Do you have cryptography installed?Algorithm not supportedrutf-8)get header_typ_validate_headersupdatejsondumpsencodeappendrjoinr prepare_keysignr)r r NotImplementedErrordecode)rr.rr/r0r1r2segmentsZ headers_algZ headers_b64headerZ json_headerZ msg_payload signing_inputr' signatureeencoded_stringrrrrFLs`              z PyJWS.encode)jwtrrrdetached_payloadr3c Ks|dkr i}|j|}|d}|r.|s.td||\} } } } | dddkr~|dkr`td|} d| ddd | g} |r|| | | ||| | | d S) Nr!z\It is required that you pass in a value for the "algorithms" argument when calling decode().r6TFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.r<rr)r.rNrP)rr _loadr@rHrsplit_verify_signature) rrTrrrrUkwargsZmerged_optionsr!r.rOrNrPrrrdecode_completes,  zPyJWS.decode_complete)rTrrrr3cKs|j||||f|}|dS)Nr.)rZ)rrTrrrrYdecodedrrrrLsz PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete )rVrB)rrTr0rrrget_unverified_headers zPyJWS.get_unverified_headerc Cst|tr|d}t|ts,tdtz$|dd\}}|dd\}}Wn,tk r|}ztd|W5d}~XYnXz t|}Wn2t t j fk r}ztd|W5d}~XYnXzt |}Wn2tk r} ztd| | W5d} ~ XYnXt|tstdz t|} Wn4t t j fk rT}ztd |W5d}~XYnXz t|} Wn4t t j fk r}ztd |W5d}~XYnX| ||| fS) Nr?z$Invalid token type. Token must be a r<rzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r#strrFbytesr rWsplitr"rr$binasciiErrorrDloadsr) rrTrOZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarNrQr.rPrrrrVs8    "   z PyJWS._loadc Cs|d}|dk r"||kr"tdz.|j|}||}||||sNtdWn,tk r|}ztd|W5d}~XYnXdS)Nr5z&The specified alg value is not allowedzSignature verification failedr=)r@rrrIverifyrr)) rrOrNrPrrr5r'rQrrrrXs    zPyJWS._verify_signaturecCsd|kr||ddS)Nkid) _validate_kid)rr0rrrrBszPyJWS._validate_headerscCst|tstddS)Nz(Key ID header parameter must be a string)r#r^r)rrfrrrrgs zPyJWS._validate_kid)NN)r-NNF)rSNNN)rSNN)rSN)__name__ __module__ __qualname__rAr staticmethodrr(r+r,r_r^rrrrD JSONEncoderboolrFrrrZrLr]rVrXrBrgrrrrrsb      O  )   + r)rarDcollections.abcrtypingrrrrrrr r r r exceptionsr rrrutilsrrrZ_jws_global_objrFrZrLr(r+r]rrrrs