o Kja@sddlZddlmZddlmZmZddlmZmZmZddl m Z m Z m Z m Z mZmZddlmZddlmZmZmZmZmZmZmZGd d d ZeZejZejZejZdS) N)timegm)IterableMapping)datetime timedeltatimezone)AnyDictListOptionalTypeUnion)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimErrorc @s eZdZd&ddZedeeeee efffddZ   d'deee fd ed e ed e ed e e ejdef d dZ   d(ded ede ededeee ff ddZ   d(ded ede ededeee ff ddZ d)ddZddZddZddZd d!Zd"d#Zd$d%ZdS)*PyJWTNcCs"|duri}i|||_dSN)_get_default_optionsoptions)selfrr-/usr/lib/python3/dist-packages/jwt/api_jwt.py__init__szPyJWT.__init__returncCsddddddgdS)NT)verify_signature verify_exp verify_nbf verify_iat verify_aud verify_issrequirerrrrrrszPyJWT._get_default_optionsHS256payloadkey algorithmheaders json_encodercCspt|ts td|}dD]}t||tr#t||||<qtj |d|d d}t |||||S)NzJExpecting a mapping object, as JWT only supports JSON objects as payloads.)expiatnbf),:)Z separatorsclszutf-8) isinstancer TypeErrorcopygetrr utctimetuplejsondumpsencoder)rr(r)r*r+r,Z time_claimZ json_payloadrrrr:%s z PyJWT.encodejwt algorithmsrc Ks|dur ddi}n|dd|ds1|dd|dd|dd|dd|dd|dr;|s;td tj|f|||d |}z t|d }Wntyc}ztd |d}~wwt|tsmtd i|j |} |j || fi|||d <|S)Nr Tr!Fr"r#r$r%z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r)r=rr(zInvalid payload string: %sz-Invalid payload string: must be a json object) setdefaultrrdecode_completer8loads ValueErrorr3dictr_validate_claims) rr<r)r=rkwargsdecodedr(eZmerged_optionsrrrr?AsD          zPyJWT.decode_completecKs |j||||fi|}|dS)Nr()r?)rr<r)r=rrDrErrrdecodeosz PyJWT.decodercKst|tr |}t|tttdtfstd|||t t j t j d}d|vr8|dr8||||d|vrG|drG||||d|vrV|drV|||||d r`||||d rl|||dSdS) Nz,audience must be a string, iterable, or None)Ztzr.r#r/r"r-r!r%r$)r3rZ total_secondsbytesstrtyperr4_validate_required_claimsrrnowrZutcr7 _validate_iat _validate_nbf _validate_exp _validate_iss _validate_aud)rr(raudienceissuerleewayrDrLrrrrCzs"   zPyJWT._validate_claimscCs(|dD] }||durt|qdS)Nr&)r6r)rr(rZclaimrrrrKs zPyJWT._validate_required_claimscCs*z t|dWdStytdw)Nr.z)Issued At claim (iat) must be an integer.)intrAr)rr(rLrTrrrrMs  zPyJWT._validate_iatcCs@zt|d}Wn tytdw|||krtddS)Nr/z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rUrArr)rr(rLrTr/rrrrN  zPyJWT._validate_nbfcCs@zt|d}Wn tytdw|||krtddS)Nr-z/Expiration Time claim (exp) must be an integer.zSignature has expired)rUrArr)rr(rLrTr-rrrrOrVzPyJWT._validate_expcs|durd|vs |dsdStdd|vs|dstd|dttr*gtts3tdtddDr@tdt|trH|g}tfdd|DrWtddS)NaudzInvalid audiencezInvalid claim format in tokencss|] }t|t VqdSr)r3rI).0crrr sz&PyJWT._validate_aud..c3s|]}|vVqdSrr)rXrWZaudience_claimsrrrZs)rrr3rIlistanyall)rr(rRrr[rrQs$   zPyJWT._validate_audcCs4|durdSd|vrtd|d|krtddS)NZisszInvalid issuer)rr)rr(rSrrrrPs zPyJWT._validate_issr)r'NN)r;NN)NNr)__name__ __module__ __qualname__r staticmethodr rIr boolr rrr r r8Z JSONEncoderr:r?rGrCrKrMrNrOrQrPrrrrrsp $     1     r)r8ZcalendarrZcollections.abcrrrrrtypingrr r r r r r;r exceptionsrrrrrrrrZ_jwt_global_objr:r?rGrrrrs   $ H