dbfdg 3 kZ4@sddlZddlZddlZddlmZmZddlmZddlm Z m Z m Z m Z m Z mZmZmZyddlmZddlmZmZmZddlmZmZmZmZmZmZmZmZdd l m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)d Z*Wne+k rdZ*YnXe,ddddddddddg Z-ddZ.Gddde/Z0Gddde0Z1Gdd d e0Z2e*rGd!d"d"e0Z3Gd#d$d$e0Z4Gd%d&d&e3Z5dS)'N)constant_time_compare string_types)InvalidKeyError)base64url_decodebase64url_encodeder_to_raw_signature force_bytes force_unicodefrom_base64url_uintraw_to_der_signatureto_base64url_uint)hashes)load_pem_private_keyload_pem_public_keyload_ssh_public_key) RSAPrivateKey RSAPublicKeyRSAPrivateNumbersRSAPublicNumbersrsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmp)EllipticCurvePrivateKeyEllipticCurvePublicKey)ecpadding)default_backend)InvalidSignatureTFRS256RS384RS512ES256ES384ES521ES512PS256PS384PS512c Cstttjttjttjd}tr|jttjttjttjttjttjttjttjt t jt t jt t jd |S)zE Returns the algorithms that are implemented by the library. )ZnoneZHS256ZHS384ZHS512) r r!r"r#r$r%r&r'r(r)) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm)Zdefault_algorithmsr4 /usr/lib/python3.6/algorithms.pyget_default_algorithms&s"r6c@s@eZdZdZddZddZddZedd Zed d Z d S) AlgorithmzH The interface for an algorithm used to sign and verify tokens. cCstdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). N)NotImplementedError)selfkeyr4r4r5 prepare_keyFszAlgorithm.prepare_keycCstdS)zn Returns a digital signature for the specified message using the specified key value. N)r8)r9msgr:r4r4r5signMszAlgorithm.signcCstdS)zz Verifies that the specified digital signature is valid for the specified message and key values. N)r8)r9r<r:sigr4r4r5verifyTszAlgorithm.verifycCstdS)z7 Serializes a given RSA key into a JWK N)r8)key_objr4r4r5to_jwk[szAlgorithm.to_jwkcCstdS)zb Deserializes a given RSA key from JWK back into a PublicKey or PrivateKey object N)r8)jwkr4r4r5from_jwkbszAlgorithm.from_jwkN) __name__ __module__ __qualname____doc__r;r=r? staticmethodrArCr4r4r4r5r7Bs  r7c@s(eZdZdZddZddZddZdS) r*zZ Placeholder for use when no signing or verification operations are required. cCs |dkr d}|dk rtd|S)Nz*When alg = "none", key value must be None.)r)r9r:r4r4r5r;os zNoneAlgorithm.prepare_keycCsdS)Nr4)r9r<r:r4r4r5r=xszNoneAlgorithm.signcCsdS)NFr4)r9r<r:r>r4r4r5r?{szNoneAlgorithm.verifyN)rDrErFrGr;r=r?r4r4r4r5r*js r*c@sZeZdZdZejZejZej Z ddZ ddZ e ddZe dd Zd d Zd d ZdS)r+zf Performs signing and verification operations using HMAC and the specified hash function. cCs ||_dS)N)hash_alg)r9rKr4r4r5__init__szHMACAlgorithm.__init__cs6tddddg}tfdd|Dr2tdS)Ns-----BEGIN PUBLIC KEY-----s-----BEGIN CERTIFICATE-----s-----BEGIN RSA PUBLIC KEY-----sssh-rsacsg|] }|kqSr4r4).0Z string_value)r:r4r5 sz-HMACAlgorithm.prepare_key..zdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)r anyr)r9r:Zinvalid_stringsr4)r:r5r;szHMACAlgorithm.prepare_keycCstjttt|ddS)Noct)kkty)jsondumpsr rr )r@r4r4r5rAszHMACAlgorithm.to_jwkcCs,tj|}|jddkr tdt|dS)NrRrPzNot an HMAC keyrQ)rSloadsgetrr)rBobjr4r4r5rCs zHMACAlgorithm.from_jwkcCstj|||jjS)N)hmacnewrKZdigest)r9r<r:r4r4r5r=szHMACAlgorithm.signcCst||j||S)N)rr=)r9r<r:r>r4r4r5r?szHMACAlgorithm.verifyN)rDrErFrGhashlibZsha256r,Zsha384r-Zsha512r.rLr;rHrArCr=r?r4r4r4r5r+s  r+c@sZeZdZdZejZejZejZddZddZ e ddZ e dd Z d d Z d d ZdS)r1z~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. cCs ||_dS)N)rK)r9rKr4r4r5rLszRSAAlgorithm.__init__c Cst|tst|tr|St|tr~t|}y.|jdrFt|td}nt|dtd}Wqt k rzt |td}YqXnt d|S)Nsssh-rsa)backend)passwordr[zExpecting a PEM-formatted key.) isinstancerrrr startswithrrr ValueErrorr TypeError)r9r:r4r4r5r;s    zRSAAlgorithm.prepare_keyc Csd}t|ddr|j}ddgtt|jjtt|jjtt|jtt|jtt|j tt|j tt|j tt|j d }nBt|ddr|j}ddgtt|jtt|jd}nt dtj|S)Nprivate_numbersRSAr=) rRkey_opsnedpqdpdqqir?)rRrcrdrezNot a public or private key)getattrrar r public_numbersrdrerfrgrhdmp1dmq1iqmprrSrT)r@rWnumbersr4r4r5rAs*        zRSAAlgorithm.to_jwkc sytj|Wntk r*tdYnXjddkrBtddkoXdkoXdkrfdkrltd d d d d dg}fdd|D}t|}|rt| rtdttdtd}|rt tdtd td td td td|d}nHtd}t |j ||j \}}t |||t ||t||t|||d}|jtSdkrdkrttdtd}|jtStddS)NzKey is not valid JSONrRrbzNot an RSA keyrfrerdZothz5Unsupported RSA private key: > 2 primes not supportedrgrhrirjrkcsg|] }|kqSr4r4)rMZprop)rWr4r5rN sz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides d)rfrgrhrnrorprmzNot a public or private key)rSrUr_rrVrOallrr rrrdrerrrZ private_keyrZ public_key) rBZ other_propsZ props_foundZany_props_foundrmrqrfrgrhr4)rWr5rCsT          zRSAAlgorithm.from_jwkcCs|j|tj|jS)N)r=rPKCS1v15rK)r9r<r:r4r4r5r=8szRSAAlgorithm.signc Cs6y|j||tj|jdStk r0dSXdS)NTF)r?rrsrKr)r9r<r:r>r4r4r5r?;s zRSAAlgorithm.verifyN)rDrErFrGrr,r-r.rLr;rHrArCr=r?r4r4r4r5r1s $ ?r1c@sBeZdZdZejZejZejZddZddZ ddZ dd Z d S) r2zr Performs signing and verification operations using ECDSA and the specified hash function cCs ||_dS)N)rK)r9rKr4r4r5rLKszECAlgorithm.__init__c Cst|tst|tr|St|tr~t|}y,|jdrFt|td}nt|td}Wqt k rzt |dtd}YqXnt d|S)Ns ecdsa-sha2-)r[)r\r[zExpecting a PEM-formatted key.) r]rrrr r^rrrr_rr`)r9r:r4r4r5r;Ns    zECAlgorithm.prepare_keycCs"|j|tj|j}t||jS)N)r=rECDSArKrcurve)r9r<r:der_sigr4r4r5r=fszECAlgorithm.signcCs\yt||j}Wntk r$dSXy|j||tj|jdStk rVdSXdS)NFT)r rur_r?rrtrKr)r9r<r:r>rvr4r4r5r?kszECAlgorithm.verifyN) rDrErFrGrr,r-r.rLr;r=r?r4r4r4r5r2Bsr2c@s eZdZdZddZddZdS)r3zA Performs a signature using RSASSA-PSS with MGF1 cCs*|j|tjtj|j|jjd|jS)N)mgf salt_length)r=rPSSMGF1rK digest_size)r9r<r:r4r4r5r=|s   zRSAPSSAlgorithm.signc CsJy0|j||tjtj|j|jjd|jdStk rDdSXdS)N)rwrxTF)r?rryrzrKr{r)r9r<r:r>r4r4r5r?s   zRSAPSSAlgorithm.verifyN)rDrErFrGr=r?r4r4r4r5r3ws r3)6rZrXrScompatrr exceptionsrZutilsrrrr r r r r Zcryptography.hazmat.primitivesrZ,cryptography.hazmat.primitives.serializationrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrrrrrrZ,cryptography.hazmat.primitives.asymmetric.ecrrZ)cryptography.hazmat.primitives.asymmetricrrZcryptography.hazmat.backendsrZcryptography.exceptionsrr/ ImportErrorsetZrequires_cryptographyr6objectr7r*r+r1r2r3r4r4r4r5s6 ( (    (45