HEX

File: //usr/lib/python3.9/site-packages/jwcrypto/__pycache__/jwt.cpython-39.opt-1.pyc
a

���f�e�@sFddlZddlZddlZzddlmZWneyBdd�ZYn0ddlmZmZddlm	Z	m
Z
ddlmZddlm
Zdd	lmZmZdd
lmZddlm
Zddd
ddddd�ZdZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�de�Zed�Gdd �d e��ZGd!d"�d"e�ZGd#d$�d$�ZdS)%�N)�
deprecatedcGsdd�}|S)NcSs|S�N�)�funcrr�0/usr/lib/python3.9/site-packages/jwcrypto/jwt.py�innerszdeprecated.<locals>.innerr)�argsrrrrr
sr)�JWException�
JWKeyNotFound)�json_decode�json_encode)�JWE)�default_allowed_algs)�JWK�JWKSet)�JWSZIssuerZSubjectZAudiencezExpiration Timez
Not Beforez	Issued AtzJWT ID)�iss�sub�aud�exp�nbf�iat�jtiTcs"eZdZdZd�fdd�	Z�ZS)�
JWTExpiredznJSON Web Token is expired.

    This exception is raised when a token is expired according to its claims.
    Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dS)Nz
Token expired� {%s})�str�superr�__init__��self�message�	exception�msg��	__class__rrr6s
zJWTExpired.__init__)NN��__name__�
__module__�__qualname__�__doc__r�
__classcell__rrr#rr0srcs"eZdZdZd�fdd�	Z�ZS)�JWTNotYetValidz~JSON Web Token is not yet valid.

    This exception is raised when a token is not valid yet according to its
    claims.
    Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dS)NzToken not yet validr)rrr+rrr#rrrHs
zJWTNotYetValid.__init__)NNr%rrr#rr+Asr+cs"eZdZdZd�fdd�	Z�ZS)�JWTMissingClaim�sJSON Web Token claim is invalid.

    This exception is raised when a claim does not match the expected value.
    Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dS�NzInvalid Claim Valuer)rrr,rrr#rrrYs
zJWTMissingClaim.__init__)NNr%rrr#rr,Ssr,cs"eZdZdZd�fdd�	Z�ZS)�JWTInvalidClaimValuer-Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dSr.)rrr/rrr#rrrjs
zJWTInvalidClaimValue.__init__)NNr%rrr#rr/dsr/cs"eZdZdZd�fdd�	Z�ZS)�JWTInvalidClaimFormatzqJSON Web Token claim format is invalid.

    This exception is raised when a claim is not in a valid format.
    Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dS)NzInvalid Claim Formatr)rrr0rrr#rrr{s
zJWTInvalidClaimFormat.__init__)NNr%rrr#rr0usr0�cs"eZdZdZd�fdd�	Z�ZS)�JWTMissingKeyIDz�JSON Web Token is missing key id.

    This exception is raised when trying to decode a JWT with a key set
    that does not have a kid value in its header.
    Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dS)NzMissing Key IDr)rrr2rrr#rrr�s
zJWTMissingKeyID.__init__)NNr%rrr#rr2�sr2cs"eZdZdZd�fdd�	Z�ZS)�
JWTMissingKeyz�JSON Web Token is using a key not in the key set.

    This exception is raised if the key that was used is not available
    in the passed key set.
    Ncs>d}|rt|�}nd}|r*|dt|�7}tt|��|�dS)NzMissing Keyr)rrr3rrr#rrr�s
zJWTMissingKey.__init__)NNr%rrr#rr3�sr3c@sxeZdZdZdFdd�Zedd��Zejdd��Zedd	��Zejd
d	��Zedd��Z	e	jd
d��Z	edd��Z
e
jdd��Z
edd��Zejdd��ZdGdd�Zedd��Z
e
jdd��Z
dd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�ZdHd9d:�ZdId<d=�Ze d>d?��Z!d@dA�Z"dBdC�Z#dDdE�Z$dS)J�JWTzFJSON Web token object

    This object represent a generic token.
    Nc		Cs�d|_d|_d|_||_d|_d|_d|_d|_d|_||_	|rF||_
|durT||_|durt|durn|�|�||_|dur�||_|dur�|�
||�dS)a�Creates a JWT object.

        :param header: A dict or a JSON string with the JWT Header data.
        :param claims: A dict or a string with the JWT Claims data.
        :param jwt: a 'raw' JWT token
        :param key: A (:class:`jwcrypto.jwk.JWK`) key to deserialize
         the token. A (:class:`jwcrypto.jwk.JWKSet`) can also be used.
        :param algs: An optional list of allowed algorithms
        :param default_claims: An optional dict with default values for
         registered claims. A None value for NumericDate type claims
         will cause generation according to system time. Only the values
         from RFC 7519 - 4.1 are evaluated.
        :param check_claims: An optional dict of claims that must be
         present in the token, if the value is not None the claim must
         match exactly.
        :param expected_type: An optional string that defines what kind
         of token to expect when validating a deserialized token.
         Supported values: "JWS" or "JWE"
         If left to None the code will try to detect what the expected
         type is based on other parameters like 'algs' and will default
         to JWS if no hints are found. It has no effect on token creation.

        Note: either the header,claims or jwt,key parameters should be
        provided as a deserialization operation (which occurs if the jwt
        is provided) will wipe any header or claim provided by setting
        those obtained from the deserialization of the jwt token.

        Note: if check_claims is not provided the 'exp' and 'nbf' claims
        are checked if they are set on the token but not enforced if not
        set. Any other RFC 7519 registered claims are checked only for
        format conformance.
        N�<iXF)�_header�_claims�_token�_algs�_reg_claims�
_check_claims�_leeway�	_validity�deserializelog�_expected_type�header�_check_check_claims�claims�deserialize)	rr@rB�jwt�keyZalgsZdefault_claims�check_claims�
expected_typerrrr�s,$
zJWT.__init__cCs|jdurtd��|jS)Nz'header' not set)r6�KeyError�rrrrr@�s
z
JWT.headercCs@t|t�rt|�}n|}t|�}|�d�dur6td��||_dS)NZb64Fz8b64 header is invalid.JWTs cannot use unencoded payloads)�
isinstance�dictrr�get�
ValueErrorr6)r�hZehrrrr@�s

cCs|jdurtd��|jS)Nz'claims' not set)r7rHrIrrrrBs
z
JWT.claimscCsFt|t�s$|js||_dSt|�}n
t�|�}|�|�t|�|_dSr)	rJrKr:r7r�copy�deepcopy�_add_default_claimsr)r�datarrrrB
s



cCs|jSr)r8rIrrr�tokensz	JWT.tokencCs2t|t�st|t�st|t�r&||_ntd��dS)Nz.Invalid token type, must be one of JWS,JWE,JWT)rJrr
r4r8�	TypeError)r�trrrrSscCs|jSr)r<rIrrr�leeway%sz
JWT.leewaycCst|�|_dSr)�intr<)rZlwyrrrrV)scCs|jSr)r=rIrrr�validity-szJWT.validitycCst|�|_dSr)rWr=�r�vrrrrX1scCs�|jdurD|jrDt|j��tdg�r.d|_nt|j��t�rDd|_|jdurh|jrhdt|j�vrhd|_|jdu�r|du�rt|t	�r�|�
d�}|dkr�d|_n|dkr�d|_ndt|t��rd}|D],}|�
d�}|dur�|}q�||kr�d}q�q�|dk�rd|_n|dk�rd|_|jdu�rn|du�rnt|t	��r�|�
d�}|�rnt|t��sZ|g}t|��dd	g��rvd|_nt|��d
dg��rnd|_n�t|t��rnd}d}|D]�}|�
d�}|�rNt|t��s�|g}|du�r2t|��dd	g��rtdd	g�}d}n0t|��d
dg��r&td
dg�}d}n
d}�qbnt|��|��s^d}�qbn|�r�d}�qb�q�|�rn||_|jdu�r�d|_|jS)NZRSA1_5r
r�enc�useZsigZkey_ops�sign�verifyZencrypt�decrypt)
r?r9�set�issubset�jwe_algs�jws_algsr6rrJrrLr�list)rrEr\Zall_use�k�opsZall_opsZttyperrr�_expected_type_heuristics5s�








zJWT._expected_type_heuristicscCs|jdur|jS|��Sr)r?rgrIrrrrG}s
zJWT.expected_typecCs|dvr||_ntd��dS)N)rr
z%Invalid value, must be 'JWS' or 'JWE')r?rMrYrrrrG�scCs.||vrdS|j�|d�}|dur*|||<dSr)r:rL)r�namerB�valrrr�_add_optional_claim�s
zJWT._add_optional_claimcCs@||vrdS||jvr<|j|dur.|||<n|j|||<dSr)r:)rrhrBZdefvalrrr�_add_time_claim�s

zJWT._add_time_claimcCs*d|vsd|jvrdStt���|d<dS)Nr)r:r�uuidZuuid4�rrBrrr�_add_jti_claim�szJWT._add_jti_claimcCs||jdurdStt���}|�d|�|�d|�|�d|�|�d|||j�|�d||�|�d||�|�|�dS)Nrrrrrr)r:rW�timerjrkrXrn)rrBZnowrrrrQ�s
zJWT._add_default_claimscCs8||vs||durdSt||t�s4td|f��dS)N�"Claim %s is not a StringOrURI type)rJrr0�rrhrBrrr�_check_string_claim�s�zJWT._check_string_claimcCsh||vs||durdSt||t�rHtdd�|D��rdtd|f��nt||t�sdtd|f��dS)Ncss|]}t|t�VqdSr)rJr)�.0�claimrrr�	<genexpr>��z3JWT._check_array_or_string_claim.<locals>.<genexpr>z'Claim %s contains non StringOrURI typesrp)rJrd�anyr0rrqrrr�_check_array_or_string_claim�s��z JWT._check_array_or_string_claimc
Csb||vs||durdSzt||�Wn4ty\}ztd|f�|�WYd}~n
d}~00dS)NzClaim %s is not an integer)rWrMr0)rrhrB�errr�_check_integer_claim�s��zJWT._check_integer_claimcCs"|||krtd|||f��dS)Nz#Expired at %d, time: %d(leeway: %d))r�rrt�limitrVrrr�
_check_exp�s�zJWT._check_expcCs"|||krtd|||f��dS)Nz#Valid from %d, time: %d(leeway: %d))r+r{rrr�
_check_nbf�s�zJWT._check_nbfcCs�|�d|�|�d|�|�d|�|�d|�|�d|�|�d|�|�d|�|�d|�|jdur�d|vr�|�|dt��|j�d|vr�|�|dt��|j�dS�	Nrrrrrrr�typ)rrrxrzr;r}ror<r~rmrrr�_check_default_claims�s
zJWT._check_default_claimscCsd|�d|�|�d|�|�d|�|�d|�|�d|�|�d|�|�d|�|�d|�dSr)rrrxrz)rrFrrrrA�szJWT._check_check_claimsc	
Csj|jdurdSzt|j�}t|t�s*t��Wn:tyf}z"|jdurPtd�|�WYd}~dSd}~00|�|�|jdur�dS|j��D�]�\}}||vr�t	d|f��|dvr�|dur�|||kr�t
d||||f��q�|dk�rp|du�rdt||t��r||}n
||g}t|t��r(|}n|g}d}|D]}||v�r6d}�qR�q6|�sdt
d�||||���q�|d	k�r�|du�r�|�
|||d
�n|�
||t��|j�q�|dk�r�|du�r�|�|||d
�n|�||t��|j�q�|dk�r:|du�rd|�|�|�||�k�rdt
d
||||f��q�|dur�|||kr�t
d||||f��q�dS)NFz4Claims check requested but claims is not a json dictzClaim %s is missing)rrrz*Invalid '%s' value. Expected '%s' got '%s'rTz)Invalid '{}' value. Expected '{}' in '{}'rrrr�z3Invalid '%s' value. '%s' does not normalize to '%s')r;rrBrJrKrMr0r��itemsr,r/rd�formatr}ror<r~�norm_typ)	rrBryrh�valueZtclaimsZcclaims�foundrZrrr�_check_provided_claims�s�




�


��






��





��
��zJWT._check_provided_claimscCs |��}d|vr|Sd|SdS)N�/zapplication/)�lower)rriZlcrrrr�>szJWT.norm_typcCs8t|j�}|jr|j|_|j||jd�||_d|_dS)aSigns the payload.

        Creates a JWS token with the header as the JWS protected header and
        the claims as the payload. See (:class:`jwcrypto.jws.JWS`) for
        details on the exceptions that may be raised.

        :param key: A (:class:`jwcrypto.jwk.JWK`) key.
        )Z	protectedrN)rrBr9�allowed_algsZ
add_signaturer@rSr?�rrErUrrr�make_signed_tokenEs

zJWT.make_signed_tokencCs6t|j|j�}|jr|j|_|�|�||_d|_dS)a"Encrypts the payload.

        Creates a JWE token with the header as the JWE protected header and
        the claims as the plaintext. See (:class:`jwcrypto.jwe.JWE`) for
        details on the exceptions that may be raised.

        :param key: A (:class:`jwcrypto.jwk.JWK`) key.
        r
N)r
rBr@r9r�Z
add_recipientrSr?r�rrr�make_encrypted_tokenVs

zJWT.make_encrypted_tokenc
Csbg|_|jdurtd��|�|�}d}t|jt�rV|dkrLtrLtd�|���|jj	}n8t|jt
�r�|dkr|tr|td�|���|jj}ntd��z||�|j�d�Wn�t
�y&}zft|jt�r�|jj|_nt|jt
�r�|jj|_|j�d	�t|���t|t��rt�|��WYd}~n
d}~00|jj|_|jj}t|t��rP|�d
�}||_|��dS)aValidate a JWT token that was deserialized w/o providing a key

        :param key: A (:class:`jwcrypto.jwk.JWK`) verification or
         decryption key, or a (:class:`jwcrypto.jwk.JWKSet`) that
         contains a key indexed by the 'kid' header.
        NzToken emptyrzExpected {}, got JWSr
zExpected {}, got JWE�Token format unrecognizedZSuccesszValidation failed: [{}]zutf-8)r>rSrMrgrJr�JWT_expect_typerTr�r^r
r_�append�	ExceptionZ	verifylogZ
decryptlog�reprr
r3Zjose_headerr@�payload�bytes�decoderBr�)rrE�etZvalidate_fnryr�rrr�validategsD




�

zJWT.validatecCsl|�d�}|dkrt�|_n|dkr.t�|_ntd��|jrF|j|j_d|_|j�|d�|rh|�	|�dS)aaDeserialize a JWT token.

        NOTE: Destroys any current status and tries to import the raw
        token provided.

        :param jwt: a 'raw' JWT token.
        :param key: A (:class:`jwcrypto.jwk.JWK`) verification or
         decryption key, or a (:class:`jwcrypto.jwk.JWKSet`) that
         contains a key indexed by the 'kid' header.
        �.��r�N)
�countrrSr
rMr9r�r>rCr�)rrDrErRrrrrC�s



zJWT.deserializeTcCs|std��|j�|�S)aSerializes the object into a JWS token.

        :param compact(boolean): must be True.

        Note: the compact parameter is provided for general compatibility
        with the serialize() functions of :class:`jwcrypto.jws.JWS` and
        :class:`jwcrypto.jwe.JWE` so that these objects can all be used
        interchangeably. However the only valid JWT representation is the
        compact representation.

        :return: A json formatted string or a compact representation string
        :rtype: `str`
        z)Only the compact serialization is allowed)rMrS�	serialize)rZcompactrrrr��sz
JWT.serializecCs|�}|�|�|S)a3Creates a JWT object from a serialized JWT token.

        :param token: A string with the json or compat representation
         of the token.

        :raises InvalidJWEData or InvalidJWSObject: if the raw object is an
         invalid JWT token.

        :return: A JWT token
        :rtype: JWT
        )rC)�clsrS�objrrr�from_jose_token�s
zJWT.from_jose_tokencCs2t|t�sdS|j|jko0|j|jko0|j|jkS)NF)rJr4r7r6rS)r�otherrrr�__eq__�s

�
�z
JWT.__eq__cCs*z
|��WSty$|��YS0dSr)r�r��__repr__rIrrr�__str__�s
zJWT.__str__cCs\t|j�}d|j�d�d|j�d�d|�d�d|j�d�d|j�d�d|j�d�S)	NzJWT(header=z, zclaims=zjwt=zkey=None, algs=zdefault_claims=z
check_claims=�))r�rSr6r7r9r:r;)rrDrrrr��s
�
����zJWT.__repr__)NNNNNNNN)N)N)T)%r&r'r(r)r�propertyr@�setterrBrSrVrXrgrGrjrkrnrQrrrxrzr}r~r�rAr�r�r�r�r�rCr��classmethodr�r�r�r�rrrrr4�sj�
@










H


	
	
N.


r4)rOrorlZtyping_extensionsr�ImportErrorZjwcrypto.commonr	r
rrZjwcrypto.jwer
rrbZjwcrypto.jwkrrZjwcrypto.jwsrrcZJWTClaimsRegistryr�rr+r,r/r0r2r3r4rrrr�<module>s>�