U b[@sddlZddlZddlZz ddlmZmZmZmZmZWne k rLYnXddl m Z m Z m Z mZddlmZmZmZmZddlmZmZmZmZddlmZmZmZmZGdd d eZeZ e j!Z!e j"Z"e j#Z#e j$Z$e j%Z%dS) N)CallableDictListOptionalUnion) Algorithmget_default_algorithms has_cryptorequires_cryptography)Mapping binary_type string_types text_type) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode force_bytes merge_dictc@s|eZdZdZdddZeddZddZd d Zd d Z dddZ d ddZ ddZ ddZ d!ddZddZddZdS)"PyJWSZJWTNcCsft|_|dk rt|nt|j|_t|jD]}||jkr2|j|=q2|sRi}t|||_dS)N) r _algorithmsset _valid_algslistkeysr_get_default_optionsoptions)self algorithmsrkeyr#-/usr/lib/python3/dist-packages/jwt/api_jws.py__init__s  zPyJWS.__init__cCsddiS)Nverify_signatureTr#r#r#r#r$r'szPyJWS._get_default_optionscCs>||jkrtdt|ts$td||j|<|j|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)r alg_idalg_objr#r#r$register_algorithm-s    zPyJWS.register_algorithmcCs*||jkrtd|j|=|j|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)r r+r#r#r$unregister_algorithm:s zPyJWS.unregister_algorithmcCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)r r#r#r$get_algorithmsFszPyJWS.get_algorithmsHS256c Csg}|dkrd}||jkr|j|d}|r>||||ttj|d|d}|t||t|d |} z$|j |} | |}| | |} Wn6t k rts|tkrtd|ntdYnX|t| d |S)NZnone)typalg),:)Z separatorscls.zFAlgorithm '%s' could not be found. Do you have cryptography installed?Algorithm not supported)r header_typ_validate_headersupdaterjsondumpsappendrjoinr prepare_keyZsignr.r r NotImplementedError) r payloadr" algorithmheadersZ json_encoderZsegmentsheaderZ json_header signing_inputr, signaturer#r#r$encodeLs@        z PyJWS.encodeTc Kslt|j|}|d}|r(|s(tdt||\} } } } |sPtjdtddn|rh|| | | | ||| S)Nr&zIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). This argument will be mandatory in a future version.zSThe verify parameter is deprecated. Please use verify_signature in options instead.) stacklevel)rrwarningswarnDeprecationWarning_load_verify_signature) r jwtr"verifyr!rkwargsZmerged_optionsr&rCrGrFrHr#r#r$decodes&  z PyJWS.decodecCs||d}|||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete rK)rPr;)r rRrEr#r#r$get_unverified_headers zPyJWS.get_unverified_headerc Csht|tr|d}tt|ts0tdtz$|dd\}}| dd\}}Wnt k rptdYnXz t |}Wn"t t jfk rtdYnXzt|d}Wn.t k r}ztd|W5d}~XYnXt|tstdz t |} Wn$t t jfk r(td YnXz t |} Wn$t t jfk rZtd YnX| ||| fS) Nzutf-8z'Invalid token type. Token must be a {0}r8rzNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r(rrI issubclasstyper rformatrsplitsplitr'rr)binasciiErrorr=loadsrUr ) r rRrGZcrypto_segmentZheader_segmentZpayload_segmentZ header_datarFerCrHr#r#r$rPs<      z PyJWS._loadc Csr|d}|dk r"||kr"tdz.|j|}||}||||sNtdWntk rltdYnXdS)Nr4z&The specified alg value is not allowedzSignature verification failedr9)getrrrArSrr.) r rCrGrFrHr"r!r4r,r#r#r$rQs    zPyJWS._verify_signaturecCsd|kr||ddS)Nkid) _validate_kid)r rEr#r#r$r;szPyJWS._validate_headerscCst|tstddS)Nz(Key ID header parameter must be a string)r(rr)r rar#r#r$rbs zPyJWS._validate_kid)NN)r2NN)rJTNN)rJN)__name__ __module__ __qualname__r:r% staticmethodrr-r0r1rIrUrVrPrQr;rbr#r#r#r$rs.      7  ( r)&r\r=rMtypingrrrrr ImportErrorr!rr r r compatr r rr exceptionsrrrrZutilsrrrrobjectrZ_jws_global_objrIrUr-r0rVr#r#r#r$s$ Y