U DbX3 @sddlZddlZddlZddlmZmZddlmZddlm Z m Z m Z m Z m Z mZmZmZmZmZzddlmZddlmZmZmZddlmZmZmZmZmZmZm Z m!Z!dd l"m#Z#m$Z$dd l%m&Z&m'Z'dd l(m)Z)dd l*m+Z+d Z,Wne-k rdZ,YnXe.ddddddddddg Z/ddZ0Gddde1Z2Gddde2Z3Gdd d e2Z4e,rGd!d"d"e2Z5Gd#d$d$e2Z6Gd%d&d&e5Z7dS)'N)constant_time_compare string_typesInvalidKeyError) base64url_decodebase64url_encodeder_to_raw_signature force_bytes force_unicodefrom_base64url_uintraw_to_der_signatureto_base64url_uint is_pem_format is_ssh_key)hashes)load_pem_private_keyload_pem_public_keyload_ssh_public_key) RSAPrivateKey RSAPublicKeyRSAPrivateNumbersRSAPublicNumbersrsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmp)EllipticCurvePrivateKeyEllipticCurvePublicKey)ecpadding)default_backend)InvalidSignatureTFRS256RS384RS512ES256ES384ES521ES512PS256PS384PS512c Cstttjttjttjd}tr|ttjttjttjttjttjttjttjt t jt t jt t jd |S)zE Returns the algorithms that are implemented by the library. )ZnoneZHS256ZHS384ZHS512) r#r$r%r&r'r(r)r*r+r,) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm)Zdefault_algorithmsr70/usr/lib/python3/dist-packages/jwt/algorithms.pyget_default_algorithms's& r9c@s@eZdZdZddZddZddZedd Zed d Z d S) AlgorithmzH The interface for an algorithm used to sign and verify tokens. cCstdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). NNotImplementedErrorselfkeyr7r7r8 prepare_keyGszAlgorithm.prepare_keycCstdS)zn Returns a digital signature for the specified message using the specified key value. Nr;r>msgr?r7r7r8signNszAlgorithm.signcCstdS)zz Verifies that the specified digital signature is valid for the specified message and key values. Nr;r>rBr?sigr7r7r8verifyUszAlgorithm.verifycCstdS)z7 Serializes a given RSA key into a JWK Nr;key_objr7r7r8to_jwk\szAlgorithm.to_jwkcCstdS)zb Deserializes a given RSA key from JWK back into a PublicKey or PrivateKey object Nr;)jwkr7r7r8from_jwkcszAlgorithm.from_jwkN) __name__ __module__ __qualname____doc__r@rCrF staticmethodrIrKr7r7r7r8r:Cs r:c@s(eZdZdZddZddZddZdS) r-zZ Placeholder for use when no signing or verification operations are required. cCs |dkr d}|dk rtd|S)Nz*When alg = "none", key value must be None.rr=r7r7r8r@ps zNoneAlgorithm.prepare_keycCsdS)Nr7rAr7r7r8rCyszNoneAlgorithm.signcCsdS)NFr7rDr7r7r8rF|szNoneAlgorithm.verifyN)rLrMrNrOr@rCrFr7r7r7r8r-ks r-c@sZeZdZdZejZejZej Z ddZ ddZ e ddZe dd Zd d Zd d ZdS)r.zf Performs signing and verification operations using HMAC and the specified hash function. cCs ||_dSNhash_algr>rUr7r7r8__init__szHMACAlgorithm.__init__cCs$t|}t|st|r td|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)r rrrr=r7r7r8r@s zHMACAlgorithm.prepare_keycCstttt|ddS)Noct)kkty)jsondumpsr rr rGr7r7r8rIszHMACAlgorithm.to_jwkcCs,t|}|ddkr tdt|dS)NrZrXzNot an HMAC keyrY)r[loadsgetrr)rJobjr7r7r8rKs zHMACAlgorithm.from_jwkcCst|||jSrS)hmacnewrUZdigestrAr7r7r8rCszHMACAlgorithm.signcCst||||SrS)rrCrDr7r7r8rFszHMACAlgorithm.verifyN)rLrMrNrOhashlibZsha256r/Zsha384r0Zsha512r1rWr@rPrIrKrCrFr7r7r7r8r.s   r.c@sZeZdZdZejZejZejZddZddZ e ddZ e dd Z d d Z d d ZdS)r4z~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. cCs ||_dSrSrTrVr7r7r8rWszRSAAlgorithm.__init__cCst|tst|tr|St|tr~t|}z.|drFt|td}nt|dtd}Wqt k rzt |td}YqXnt d|S)Nsssh-rsabackendZpasswordrdExpecting a PEM-formatted key.) isinstancerrrr startswithrr!r ValueErrorr TypeErrorr=r7r7r8r@s   zRSAAlgorithm.prepare_keyc Csd}t|ddr|}ddgtt|jjtt|jjtt|jtt|jtt|j tt|j tt|j tt|j d }nBt|ddr|}ddgtt|jtt|jd}nt dt|S)Nprivate_numbersRSArC) rZkey_opsnedpqdpdqqirF)rZrmrnroNot a public or private key)getattrrkr rpublic_numbersrnrorprqrrdmp1dmq1iqmprr[r\)rHr_numbersr7r7r8rIs.          zRSAAlgorithm.to_jwkc szt|Wntk r*tdYnXddkrBtddkrhdkrhdkrhdkrptd d d d d dg}fdd|D}t|}|rt|stdttdtd}|rt tdtd td td td td|d}nHtd}t |j ||j \}}t |||t ||t||t|||d}|tSdkrdkrttdtd}|tStddS)NzKey is not valid JSONrZrlzNot an RSA keyrprornZothz5Unsupported RSA private key: > 2 primes not supportedrqrrrsrtrucsg|] }|kqSr7r7).0Zpropr_r7r8 sz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides d)rprqrrryrzr{rxrv)r[r]rirr^anyallrr rrrnrorrrZ private_keyr!Z public_key) rJZ other_propsZ props_foundZany_props_foundrxr|rprqrrr7r~r8rKsf            zRSAAlgorithm.from_jwkcCs||t|SrS)rCr PKCS1v15rUrAr7r7r8rC2szRSAAlgorithm.signcCs:z|||t|WdStk r4YdSXdS)NTF)rFr rrUr"rDr7r7r8rF5s zRSAAlgorithm.verifyN)rLrMrNrOrr/r0r1rWr@rPrIrKrCrFr7r7r7r8r4s # >r4c@sBeZdZdZejZejZejZddZddZ ddZ dd Z d S) r5zr Performs signing and verification operations using ECDSA and the specified hash function cCs ||_dSrSrTrVr7r7r8rWEszECAlgorithm.__init__cCst|tst|tr|St|tr~t|}z,|drFt|td}nt|td}Wqt k rzt |dtd}YqXnt d|S)Ns ecdsa-sha2-rcrerf) rgrrrr rhrr!rrirrjr=r7r7r8r@Hs   zECAlgorithm.prepare_keycCs"||t|}t||jSrS)rCrECDSArUr curve)r>rBr?der_sigr7r7r8rC`szECAlgorithm.signcCsbzt||j}Wntk r&YdSXz|||t|WdStk r\YdSXdS)NFT)r rrirFrrrUr")r>rBr?rErr7r7r8rFeszECAlgorithm.verifyN) rLrMrNrOrr/r0r1rWr@rCrFr7r7r7r8r5<sr5c@s eZdZdZddZddZdS)r6zA Performs a signature using RSASSA-PSS with MGF1 cCs*||tjt||jjd|S)NZmgfZ salt_length)rCr PSSMGF1rU digest_sizerAr7r7r8rCvs zRSAPSSAlgorithm.signc CsNz2|||tjt||jjd|WdStk rHYdSXdS)NrTF)rFr rrrUrr"rDr7r7r8rFs  zRSAPSSAlgorithm.verifyN)rLrMrNrOrCrFr7r7r7r8r6qs r6)8rbr`r[compatrr exceptionsrZutilsrrr r r r r rrrZcryptography.hazmat.primitivesrZ,cryptography.hazmat.primitives.serializationrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrrrrrrZ,cryptography.hazmat.primitives.asymmetric.ecrrZ)cryptography.hazmat.primitives.asymmetricrr Zcryptography.hazmat.backendsr!Zcryptography.exceptionsr"r2 ImportErrorsetZrequires_cryptographyr9objectr:r-r.r4r5r6r7r7r7r8s@ 0 (    (-5