o Kjar@sddlZddlZddlmZddlmZmZmZmZm Z ddl m Z m Z m Z mZddlmZmZmZmZddlmZmZGdd d ZeZejZejZejZejZejZejZdS) N)Mapping)AnyDictListOptionalType) Algorithmget_default_algorithms has_cryptorequires_cryptography) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encodec @seZdZdZd(ddZeddZddZd d Zd d Z  d)de de de e de e de eejde f ddZ   d*de de dee de de e eff ddZ   d*de de dee de de f ddZddZd d!Z  d+d"d#Zd$d%Zd&d'ZdS),PyJWSZJWTNcCslt|_|dur t|nt|j|_t|jD] }||jvr$|j|=q|dur+i}i|||_dS)N)r _algorithmsset _valid_algslistkeys_get_default_optionsoptions)self algorithmsrkeyr-/usr/lib/python3/dist-packages/jwt/api_jws.py__init__s zPyJWS.__init__cCsddiS)Nverify_signatureTrrrrrr'szPyJWS._get_default_optionscCs>||jvr tdt|tstd||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)ralg_idalg_objrrrregister_algorithm+s   zPyJWS.register_algorithmcCs*||jvr td|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr&rrrunregister_algorithm8s zPyJWS.unregister_algorithmcCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rrrrget_algorithmsFs zPyJWS.get_algorithmsHS256payloadr algorithmheaders json_encoderreturnc Csg}|durd}|rd|vr|dr|d}|j|d}|r/|||||ds/|d=tj|d|d}|t||t|d|} z|j |} | |}| | |} Wnt y|} zt ss|tvrstd|| td | d} ~ ww|t| d|} | d S) NZnonealg)typr3r4),:)Z separatorscls.zFAlgorithm '%s' could not be found. Do you have cryptography installed?Algorithm not supportedutf-8) header_typ_validate_headersupdatejsondumpsencodeappendrjoinr prepare_keysignr)r r NotImplementedErrordecode)rr.rr/r0r1ZsegmentsheaderZ json_header signing_inputr' signatureeZencoded_stringrrrr@LsL          z PyJWS.encodejwtrrc Ksf|duri}i|j|}|d}|r|std||\}} } } |r-|| | | |||| | dS)Nr!z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r.rGrI)rr _load_verify_signature) rrLrrrkwargsZmerged_optionsr!r.rHrGrIrrrdecode_completeszPyJWS.decode_completecKs |j||||fi|}|dS)Nr.)rP)rrLrrrrOZdecodedrrrrFsz PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete )rMr<)rrLr0rrrget_unverified_headers zPyJWS.get_unverified_headerc Csjt|tr |d}t|tstdtz|dd\}}|dd\}}Wnty9}ztd|d}~wwzt|}Wnt t j fyT}ztd|d}~wwzt |}Wntyo} ztd| | d} ~ wwt|tsytdzt|} Wnt t j fy}ztd |d}~wwzt|} Wnt t j fy}ztd |d}~ww| ||| fS) Nr:z$Invalid token type. Token must be a r8rzNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r#strr@bytesr rsplitsplitr"rr$binasciiErrorr>loadsr) rrLrHZcrypto_segmentZheader_segmentZpayload_segmenterrZ header_datarGrJr.rIrrrrMsL            z PyJWS._loadc Csv|d}|dur||vrtdz|j|}||}||||s'tdWdSty:}ztd|d}~ww)Nr3z&The specified alg value is not allowedzSignature verification failedr9)getrrrCZverifyrr)) rrHrGrIrrr3r'rJrrrrNs    zPyJWS._verify_signaturecCsd|vr ||ddSdS)Nkid) _validate_kid)rr0rrrr<szPyJWS._validate_headerscCst|ts tddS)Nz(Key ID header parameter must be a string)r#rSr)rr\rrrr]s zPyJWS._validate_kid)NN)r-NN)rKNN)rKN)__name__ __module__ __qualname__r;r staticmethodrr(r+r,rTrSrrrr>Z JSONEncoderr@rrrPrFrRrMrNr<r]rrrrrsv      :      +  r)rWr>Zcollections.abcrtypingrrrrrrr r r r exceptionsr rrrZutilsrrrZ_jws_global_objr@rPrFr(r+rRrrrrs  i