o c6@sdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZddlZddlmZddlmZmZddlmZmZddlZddlmZmZmZeeZ Gdd d ej!ej"d Z#e#j$Gd d d e#Z%e#j$Gd dde#Z&e#j$Gddde#Z'dS) JSON Web Key.N) AnyCallableDictMappingOptionalSequenceTupleTypeUnion)default_backend)hashes serialization)ecrsa)errors json_utilutilc @seZdZUdZdZiZeeedfe d<dZ e ee dfe d< e Zeee d< dd d d Zeeeeeeeeffe d <e e d <ejfdegejfdefddZejdddZe  ddedeedee de fddZe  ddedeedee ddfddZ dS)JWKrktyTYPES.cryptography_key_typesrequiredN),:T)indent separators sort_keys_thumbprint_json_dumps_paramskey hash_functionreturncsNtj|td}|tjfddDfij | S)zgCompute JWK Thumbprint. https://tools.ietf.org/html/rfc7638 :returns: bytes )backendcs i|] \}}|jvr||qSr)r).0kvselfr7/opt/certbot/lib/python3.10/site-packages/josepy/jwk.py =s  z"JWK.thumbprint..) r Hashr updatejsondumpsto_jsonitemsrencodefinalize)r(r!digestrr'r) thumbprint2s zJWK.thumbprintcCst)ziGenerate JWK with public key. For symmetric cryptosystems, this would return ``self``. )NotImplementedErrorr'rrr) public_keyBszJWK.public_keydatapasswordr#c Cs|durtn|}i}tjtjfD](}z ||||WStttjjfy9}z ||t |<WYd}~qd}~wwtj tj fD]&}z|||WSttjjfyf}z ||t |<WYd}~q@d}~wwt d|)NzUnable to deserialize key: {0})r rload_pem_private_keyload_der_private_key ValueError TypeError cryptography exceptionsUnsupportedAlgorithmstrload_pem_public_keyload_der_public_keyrErrorformat)clsr7r8r#r>loader_privateerror loader_publicrrr)_load_cryptography_keyKs2  zJWK._load_cryptography_keyc Csz ||||}Wntjy'}ztd|t|dWYd}~Sd}~ww|jtur>t||j s>td |j |j |j D]}t||j rR||dSqCtd |j )aLoad serialized key as JWK. :param str data: Public or private key serialized as PEM or DER. :param str password: Optional password. :param backend: A `.PEMSerializationBackend` and `.DERSerializationBackend` provider. :raises errors.Error: if unable to deserialize, or unsupported JWK algorithm :returns: JWK of an appropriate type. :rtype: `JWK` z,Loading symmetric key, asymmetric failed: %sr Nz"Unable to deserialize {0} into {1}zUnsupported algorithm: {0})rIrrCloggerdebugJWKOcttypNotImplemented isinstancerrD __class__rvalues)rEr7r8r#r rGjwk_clsrrr)loadhs   zJWK.load)r"r)NN)!__name__ __module__ __qualname____doc__type_field_namerrr@r __annotations__rr rrOrrrr rintboolr SHA256r HashAlgorithmbytesr4abcabstractmethodr6 classmethodrIrTrrrr)rsJ (     r) metaclassc@sjeZdZUdZdZdZdejfZe e d<de e e ffddZ ed ee efddfd d Zdd d ZdS)rMzSymmetric JWK.octrJr%r r"cCsdt|jiS)Nr%)rencode_b64joser r'rrr)fields_to_partial_jsonszJWKOct.fields_to_partial_jsonjobjcCs|t|ddS)Nr%rJ)rdecode_b64joserErgrrr)fields_from_jsonszJWKOct.fields_from_jsoncCs|SNrr'rrr)r6szJWKOct.public_keyN)r"rM)rUrVrWrXrN __slots__rrYrr_rZrr@rfrbrrrjr6rrrr)rMs  rMcseZdZUdZdZejejfZdZ de j dfZ e jjed<deded d ffd d Zed ed efddZed ed efddZdddZedeeefd dfddZd eeeffddZZS)JWKRSAzRSA JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` wrapped in :class:`~josepy.util.ComparableRSAKey` RSArJenr argskwargsr"Nc@d|vrt|dtjst|d|d<tj|i|dSNr )rPrComparableRSAKeysuper__init__r(rqrrrQrr)rw  zJWKRSA.__init__r7cCs0t|d}t|d}t|jd|dS)zOEncode Base64urlUInt. :type data: long :rtype: unicode big byteorderlength)max bit_lengthmathceilrreto_bytesrEr7rrrr) _encode_paramszJWKRSA._encode_paramcCs>zt|}|s ttj|ddWStytw)Decode Base64urlUInt.r|r~)rrhrDeserializationErrorr[ from_bytesr;)rEr7binaryrrr) _decode_params  zJWKRSA._decode_paramcCst||jdS)NrJ)typer r6r'rrr)r6szJWKRSA.public_keyrgc sDfdddD\}}tj||d}dvr |tdSd}dvs?dvs?d vs?d vs?d vs?d vrstfd ddD\}}}} } } tdd| Drbtd| tfdd| D\}}}} } nt |||\}}t ||}t ||} t ||} t ||||| | |t} | dS)Nc3s|] }|VqdSrkrr$xrirr) sz*JWKRSA.fields_from_json..rpro)rorpdrJpqdpdqqiothc3s|]}|VqdSrk)getr)rgrr)rs  )rrrrrcss|] }|dur|VqdSrkr)r$paramrrr)rsz(Some private parameters are missing: {0}c3s|] }t|VqdSrk)rr@r)rErr)rs )rRSAPublicNumbersr6r rtuplerrCrDrsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpRSAPrivateNumbers private_key) rErgrpropublic_numbersrrrrrr all_paramsr rrir)rjsH      zJWKRSA.fields_from_jsonc s~tjjtjrj}|j|jd}nj}j }|j|j|j |j |j |j |j|jd}fdd|DS)Nr)rprorrrrrrcsi|] \}}||qSr)rr$r valuer'rr)r* sz1JWKRSA.fields_to_partial_json..)rPr _wrappedr RSAPublicKeyrrproprivate_numbersr6rrrdmp1dmq1iqmpr0)r(numbersparamsprivatepublicrr'r)rfs&   zJWKRSA.fields_to_partial_json)r"rm)rUrVrWrXrNrr RSAPrivateKeyrrlrrYrjosepyrrurZrrwrbr[r@rrr6rrjrrf __classcell__rrryr)rms      (rmc seZdZUdZdZdZejejfZ de j ddfZ e jjed<ded ed d ffd d Zededed efddZedededed efddZeded efddZeded ejfddZedejd efddZd eeeffddZed eeefd dfd!d"Zd%d#d$Z Z!S)&JWKECzEC JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` wrapped in :class:`~josepy.util.ComparableECKey` ECrJcrvryr rqrrr"Ncrsrt)rPrComparableECKeyrvrwrxryrr)rwrzzJWKEC.__init__r7rcCst|jd|dS)zlEncode Base64urlUInt. :type data: long :type key_size: long :rtype: unicode r|r})rrerrrrr)r#szJWKEC._encode_paramname valid_lengthc Cs`z$t|}t||krtd|d|dt|dtj|ddWSty/tw)rzExpected parameter "z" to be z" bytes after base64-decoding; got z bytes insteadr|r)rrhlenrrr[rr;)rEr7rrrrrr)r,s   zJWKEC._decode_param curve_namecCs,|dkrdS|dkr dS|dkrdSt)N secp256r1P-256 secp384r1P-384 secp521r1P-521)rSerializationError)rErrrr)_curve_name_to_crv:szJWKEC._curve_name_to_crvcCs8|dkrtS|dkrtS|dkrtSt)Nrrr)r SECP256R1 SECP384R1 SECP521R1rr)rErrrr) _crv_to_curveDszJWKEC._crv_to_curvecurvecCs>t|tjrdSt|tjrdSt|tjrdStd|)N 0BzUnexpected curve: )rPrrrrr;)rErrrr)expected_length_for_curveOs   zJWKEC.expected_length_for_curvecsi}tjjtjrjntjjtjr*j}j|j |d<nt dj |d<j |d<fdd|D}jj|d<|S)NrzRSupplied key is neither of type EllipticCurvePublicKey nor EllipticCurvePrivateKeyrrc s&i|]\}}||jqSr)rrrrrr(rr)r*hsz0JWKEC.fields_to_partial_json..r)rPr rrEllipticCurvePublicKeyrEllipticCurvePrivateKeyrr6 private_valuerrrrr0rrr)r(rrrrr)rfYs"      zJWKEC.fields_to_partial_jsonrgcsd}|fdddD\}}tj|||d}dvr.|tdSdd}t||t}|dS)Nrc3s"|] }||VqdSrkr)r$rprEexpected_lengthrgrr)rss z)JWKEC.fields_from_json..)rr)rrrrrJ) rrrEllipticCurvePublicNumbersr6r rEllipticCurvePrivateNumbersr)rErgrrrrrr rrr)rjos  zJWKEC.fields_from_jsoncCs8t|jdr |j}n |jt}t||dS)Nr6rJ)hasattrr r6rr r)r(r rrr)r6s  zJWKEC.public_key)r"r)"rUrVrWrXrNrlrrrrrrYrrrrrZrrwrbr[r@rrr EllipticCurverrrrfrrjr6rrrryr)r s.      r)(rXr`r-loggingrtypingrrrrrrr r r cryptography.exceptionsr=cryptography.hazmat.backendsr cryptography.hazmat.primitivesr r)cryptography.hazmat.primitives.asymmetricrr josepy.utilrrrr getLoggerrUrKTypedJSONObjectWithFieldsABCMetarregisterrMrmrrrrr)s(,  km