]fddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z m Z ddlmZmZde jfdZdd Zd Zd Zd ZddZdZdZdZdZdZddZdS)N)IterableMapping)jwk)Key) ALGORITHMS)JWSErrorJWSSignatureError)base64url_decodebase64url_encodec|tjvrtd|zt||}t |}t ||||}|S)awSigns a claims set and returns a JWS string. Args: payload (str or dict): A string to sign key (str or dict): The key to use for signing the claim set. Can be individual JWK or JWK set. headers (dict, optional): A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers. algorithm (str, optional): The algorithm to use for signing the the claims. Defaults to HS256. Returns: str: The string representation of the header, claims, and signature. Raises: JWSError: If there is an error signing the token. Examples: >>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256') 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' zAlgorithm %s not supported.)additional_headers)r SUPPORTEDr_encode_header_encode_payload_sign_header_and_claims)payloadkeyheaders algorithmencoded_headerencoded_payload signed_outputs :/var/www/html/env/lib/python3.11/site-packages/jose/jws.pysignr s_4 ,,,4y@AAA#I'JJJN%g..O+NOYX[\\M TcXt|\}}}}|rt||||||S)aVerifies a JWS string's signature. Args: token (str): A signed JWS to be verified. key (str or dict): A key to attempt to verify the payload with. Can be individual JWK or JWK set. algorithms (str or list): Valid algorithms that should be used to verify the JWS. Returns: str: The str representation of the payload, assuming the signature is valid. Raises: JWSError: If there is an exception verifying a token. Examples: >>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' >>> jws.verify(token, 'secret', algorithms='HS256') )_load_verify_signature)tokenr algorithmsverifyheaderr signing_input signatures rr!r!0s<,16e -FG]I M-CLLL Nrc.t|\}}}}|S)a!Returns the decoded headers without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. rrr"claimsr#r$s rget_unverified_headerr)N05U||,FFM9 Mrc t|S)a{Returns the decoded headers without verification of any kind. This is simply a wrapper of get_unverified_header() for backwards compatibility. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. )r))rs rget_unverified_headersr,^s ! ' ''rc.t|\}}}}|S)aReturns the decoded claims without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: str: The str representation of the token claims. Raises: JWSError: If there is an exception decoding the token. r&r's rget_unverified_claimsr.pr*rcd|d}|r||tj|ddd}t |S)NJWT)typalg,:T) separators sort_keysutf-8)updatejsondumpsencoder )rr r" json_headers rrrsi9 - -F* ()))* fWoo  K ( ((rct|tr; tj|dd}n#t $rYnwxYwt |S)Nr3)r6r8) isinstancerr:r;r< ValueErrorr )rs rrrsy'7## j%fWoo G    D  G $ $$s)A A Acld||g} t|tstj||}||}n!#t $r}t|d}~wwxYwt|}d|||g}| dS)N.r8) joinr?rr constructr Exceptionrr decode) rencoded_claimsrrr#r$eencoded_signatureencoded_strings rrrsII~~>??M#s## 0-Y//CHH]++ qkk)33YY@QRSSN   ) ))s?A A7#A22A7c4t|tr|d} |dd\}}|dd\}}t |}nA#t $rtdttj f$rtdwxYw tj | d}n$#t $r}td|zd}~wwxYwt|tstd t |}n)#ttj f$rtdwxYw t |} n)#ttj f$rtd wxYw|||| fS) Nr8rBzNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r?strr<rsplitsplitr r@r TypeErrorbinasciiErrorr:loadsrFr) jwtr#crypto_segmentheader_segmentclaims_segment header_datar"rHrr$s rrrs#s"jj!!1(+ 4(;(;% ~)6)<)22 x~ &222011121$^44 x~ &111/0001 G]I 66s<AA..>B,0'C C9"C44C9!D11&EE++&Fc|D]V}t|tstj||} |||rdSG#t $rYSwxYwdS)NTF)r?rrrDr!rE)keysr#r$r2rs r_sig_matches_keysr[s#s## *-S))C zz-33 tt     D  5sA  AAct|tr|fS tj|tt}n#t $rYnwxYwt|t r.d|vr|dSd|vr|fS|}|r|S|fSt|tr,t|tst|ts|S|fS)N) parse_int parse_floatrZkty) r?rr:rSrMrErvaluesrbytes)rr`s r _get_keysrbs#sv  j===      #w S==v;  c\\6MZZ\\F  6M C " "JsC,@,@JsTYDZDZ v s!< A A cL|d}|std|||vrtdt|} t||||st dS#t$rtdt$rtd|zwxYw)Nr2z-No algorithm was specified in the JWS header.z&The specified alg value is not allowedzSignature verification failed.z$Invalid or unsupported algorithm: %s)getrrbr[r )r#r"r$rr r2rZs rrrs **U  C HFGGG#Z"7"7?@@@ S>>DE }iEE &#%% % & & 9997888 EEE=CDDDEs A..5B#)T)N)rcN)rQr:collections.abcrrjoserjose.backends.baserjose.constantsrjose.exceptionsrr jose.utilsr r HS256rr!r)r,r.rrrrr[rbrrrrnsz --------""""""%%%%%%7777777799999999 $z/?!!!!H<    ((($    ) ) ) ) % % % * * * 777B   BEEEEEEr