dbfdg 3 kZ@sddlZddlZddlZddlmZddlmZmZmZm Z ddl m Z m Z m Z ddlmZmZmZmZddlmZmZmZmZGdd d eZeZejZejZejZejZejZdS) N)Mapping) Algorithmget_default_algorithms has_cryptorequires_cryptography) binary_type string_types text_type) DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode force_bytes merge_dictc@s|eZdZdZdddZeddZddZd d Zd d Z dddZ d ddZ ddZ ddZ d!ddZddZddZdS)"PyJWSZJWTNcCsjt|_|dk rt|nt|j|_x(t|jjD]}||jkr4|j|=q4W|sVi}t|j||_dS)N) r _algorithmsset _valid_algslistkeysr_get_default_optionsoptions)self algorithmsrkeyr/usr/lib/python3.6/api_jws.py__init__s   zPyJWS.__init__cCsddiS)Nverify_signatureTrrrrrr#szPyJWS._get_default_optionscCs>||jkrtdt|ts$td||j|<|jj|dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r ValueError isinstancer TypeErrorradd)ralg_idalg_objrrrregister_algorithm)s    zPyJWS.register_algorithmcCs*||jkrtd|j|=|jj|dS)z Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)rKeyErrorrremove)rr&rrrunregister_algorithm6s zPyJWS.unregister_algorithmcCs t|jS)zM Returns a list of supported values for the 'alg' parameter. )rr)rrrrget_algorithmsBszPyJWS.get_algorithmsHS256c Csg}|dkrd}||jkr|j|d}|r>|j||j|ttj|d |d}|jt||jt|dj |} y$|j |} | j |}| j | |} Wn8t k rt r|tkrtd|ntdYnX|jt| dj |S) NZnone)typalg,:)Z separatorscls.zFAlgorithm '%s' could not be found. Do you have cryptography installed?zAlgorithm not supported)r0r1)r header_typ_validate_headersupdaterjsondumpsappendrjoinr prepare_keyZsignr)rrNotImplementedError) rpayloadr algorithmheadersZ json_encoderZsegmentsheaderZ json_header signing_inputr' signaturerrrencodeHs8         z PyJWS.encodeTc Ksnt|j|}|d}|r*| r*tjd t|j|\} } } } |sRtjdtddn|rj|j| | | | ||| S) Nr!z.It is strongly recommended that you pass in a z;value for the "algorithms" argument when calling decode(). z4This argument will be mandatory in a future version.zSThe verify parameter is deprecated. Please use verify_signature in options instead.) stacklevelziIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). zIt is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). This argument will be mandatory in a future version.)rrwarningswarnDeprecationWarning_load_verify_signature) rZjwsrverifyrrkwargsZmerged_optionsr!r=rAr@rBrrrdecodexs    z PyJWS.decodecCs|j|d}|j||S)zReturns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete rE)rJr5)rjwtr?rrrget_unverified_headers zPyJWS.get_unverified_headerc 2Csht|tr|jd}tt|ts0tdjty$|jdd\}}|j dd\}}Wnt k rptdYnXy t |}Wn"t t jfk rtdYnXytj|jd}Wn.t k r}ztd|WYdd}~XnXt|tstdy t |} Wn$t t jfk r(td YnXy t |} Wn$t t jfk rZtd YnX| ||| fS) Nzutf-8z'Invalid token type. Token must be a {0}r3rzNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r#r rC issubclasstyperr formatrsplitsplitr"rr$binasciiErrorr7loadsrNr) rrOrAZcrypto_segmentZheader_segmentZpayload_segmentZ header_datar@er=rBrrrrJs:      z PyJWS._loadc Csr|jd}|dk r"||kr"tdy.|j|}|j|}|j|||sNtdWntk rltdYnXdS)Nr/z&The specified alg value is not allowedzSignature verification failedzAlgorithm not supported)getr rr;rLr r)) rr=rAr@rBrrr/r'rrrrKs    zPyJWS._verify_signaturecCsd|kr|j|ddS)Nkid) _validate_kid)rr?rrrr5szPyJWS._validate_headerscCst|tstddS)Nz(Key ID header parameter must be a string)r#r r)rr[rrrr\s zPyJWS._validate_kid)NN)r-NN)rDTNN)rDN)__name__ __module__ __qualname__r4r staticmethodrr(r+r,rCrNrPrJrKr5r\rrrrrs     /  ( r) rVr7rG collectionsrrrrrrcompatrr r exceptionsr r r rZutilsrrrrobjectrZ_jws_global_objrCrNr(r+rPrrrrs O