o Kjar@sddlZddlZddlmZddlmZmZmZmZm Z ddl m Z m Z m Z mZddlmZmZmZmZddlmZmZGdd d ZeZejZejZejZejZejZejZdS) N)Mapping)AnyDictListOptionalType) Algorithmget_default_algorithms has_cryptorequires_cryptography) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encodec @seZdZdZd(ddZeddZddZd d Zd d Z  d)de de de e de e de eejde f ddZ   d*de de dee de de e eff ddZ   d*de de dee de de f ddZddZd d!Z  d+d"d#Zd$d%Zd&d'ZdS),PyJWSJWTNcCslt|_|dur t|nt|j|_t|jD] }||jvr$|j|=q|dur+i}i|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsoptions)self algorithmsrkeyr-/usr/lib/python3/dist-packages/jwt/api_jws.py__init__s zPyJWS.__init__cCsddiS)Nverify_signatureTrrrrr r'szPyJWS._get_default_optionscCs>||jvr tdt|tstd||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)ralg_idalg_objrrr register_algorithm+s   zPyJWS.register_algorithmcCs*||jvr td|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr'rrr unregister_algorithm8s zPyJWS.unregister_algorithmcCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rrrr get_algorithmsFs zPyJWS.get_algorithmsHS256payloadr algorithmheaders json_encoderreturnc Csg}|durd}|rd|vr|dr|d}|j|d}|r/|||||ds/|d=tj|d|d}|t||t|d|} z|j |} | |}| | |} Wnt y|} zt ss|tvrstd|| td | d} ~ ww|t| d|} | d S) Nnonealg)typr5r6),:) separatorscls.zFAlgorithm '%s' could not be found. Do you have cryptography installed?Algorithm not supportedutf-8) header_typ_validate_headersupdatejsondumpsencodeappendrjoinr prepare_keysignr*r r NotImplementedErrordecode)rr/rr0r1r2segmentsheader json_header signing_inputr( signatureeencoded_stringrrr rCLsL          z PyJWS.encodejwtrrc Ksf|duri}i|j|}|d}|r|std||\}} } } |r-|| | | |||| | dS)Nr"z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r/rKrN)rr _load_verify_signature) rrRrrrkwargsmerged_optionsr"r/rMrKrNrrr decode_completeszPyJWS.decode_completecKs |j||||fi|}|dS)Nr/)rW)rrRrrrrUdecodedrrr rIsz PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete )rSr?)rrRr1rrr get_unverified_headers zPyJWS.get_unverified_headerc Csjt|tr |d}t|tstdtz|dd\}}|dd\}}Wnty9}ztd|d}~wwzt|}Wnt t j fyT}ztd|d}~wwzt |}Wntyo} ztd| | d} ~ wwt|tsytdzt|} Wnt t j fy}ztd |d}~wwzt|} Wnt t j fy}ztd |d}~ww| ||| fS) Nr=z$Invalid token type. Token must be a r;rzNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r$strrCbytesr rsplitsplitr#rr%binasciiErrorrAloadsr) rrRrMcrypto_segmentheader_segmentpayload_segmenterr header_datarKrOr/rNrrr rSsL            z PyJWS._loadc Csv|d}|dur||vrtdz|j|}||}||||s'tdWdSty:}ztd|d}~ww)Nr5z&The specified alg value is not allowedzSignature verification failedr<)getrrrFverifyrr*) rrMrKrNrrr5r(rOrrr rTs    zPyJWS._verify_signaturecCsd|vr ||ddSdS)Nkid) _validate_kid)rr1rrr r?szPyJWS._validate_headerscCst|ts tddS)Nz(Key ID header parameter must be a string)r$r[r)rrirrr rjs zPyJWS._validate_kid)NN)r.NN)rQNN)rQN)__name__ __module__ __qualname__r>r! staticmethodrr)r,r-r\r[rrrrA JSONEncoderrCrrrWrIrZrSrTr?rjrrrr rsv      :      +  r)r_rAcollections.abcrtypingrrrrrrr r r r exceptionsr rrrutilsrrr_jws_global_objrCrWrIr)r,rZrrrr s  i