Back Back Up Normal Editor
B tJ�`�S� @s�ddlZddlZddlZddlmZddlmZmZmZm Z m Z m Z m Z y�ddl Zddl mZddlmZddlmZmZddlmZmZdd lmZmZdd lmZmZmZmZm Z m!Z!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+d Z,Wne-k �rd Z,YnXddddddddddddh Z.dd�Z/Gdd�d�Z0Gdd�de0�Z1Gd d!�d!e0�Z2e,�r�Gd"d#�d#e0�Z3Gd$d%�d%e0�Z4Gd&d'�d'e3�Z5Gd(d)�d)e0�Z6dS)*�N�)�InvalidKeyError)�base64url_decode�base64url_encode�der_to_raw_signature� force_bytes�from_base64url_uint�raw_to_der_signature�to_base64url_uint)�InvalidSignature)�hashes)�ec�padding)�EllipticCurvePrivateKey�EllipticCurvePublicKey)�Ed25519PrivateKey�Ed25519PublicKey)� RSAPrivateKey�RSAPrivateNumbers� RSAPublicKey�RSAPublicNumbers� rsa_crt_dmp1� rsa_crt_dmq1� rsa_crt_iqmp�rsa_recover_prime_factors)�Encoding� NoEncryption� PrivateFormat� PublicFormat�load_pem_private_key�load_pem_public_key�load_ssh_public_keyTF�RS256�RS384�RS512�ES256�ES256K�ES384�ES521�ES512�PS256�PS384�PS512�EdDSAcCs�t�ttj�ttj�ttj�d�}tr�|�ttj�ttj�ttj�ttj�ttj�ttj�ttj�ttj�t t j�t t j�t t j�t �d� �|S)zE Returns the algorithms that are implemented by the library. )ZnoneZHS256ZHS384ZHS512) r"r#r$r%r&r'r(r)r*r+r,r-) � NoneAlgorithm� HMACAlgorithm�SHA256�SHA384�SHA512� has_crypto�update� RSAAlgorithm� ECAlgorithm�RSAPSSAlgorithm�Ed25519Algorithm)Zdefault_algorithms�r9�?/opt/alt/python37/lib/python3.7/site-packages/jwt/algorithms.py�get_default_algorithmsEs( r;c@s@eZdZdZdd�Zdd�Zdd�Zedd ��Zed d ��Z d S) � AlgorithmzH The interface for an algorithm used to sign and verify tokens. cCst�dS)z� Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). N)�NotImplementedError)�self�keyr9r9r:� prepare_keylszAlgorithm.prepare_keycCst�dS)zn Returns a digital signature for the specified message using the specified key value. N)r=)r>�msgr?r9r9r:�signsszAlgorithm.signcCst�dS)zz Verifies that the specified digital signature is valid for the specified message and key values. N)r=)r>rAr?�sigr9r9r:�verifyzszAlgorithm.verifycCst�dS)z7 Serializes a given RSA key into a JWK N)r=)�key_objr9r9r:�to_jwk�szAlgorithm.to_jwkcCst�dS)zb Deserializes a given RSA key from JWK back into a PublicKey or PrivateKey object N)r=)�jwkr9r9r:�from_jwk�szAlgorithm.from_jwkN) �__name__� __module__� __qualname__�__doc__r@rBrD� staticmethodrFrHr9r9r9r:r<gs  r<c@s(eZdZdZdd�Zdd�Zdd�ZdS) r.zZ Placeholder for use when no signing or verification operations are required. cCs |dkr d}|dk rtd��|S)N�z*When alg = "none", key value must be None.)r)r>r?r9r9r:r@�s zNoneAlgorithm.prepare_keycCsdS)N�r9)r>rAr?r9r9r:rB�szNoneAlgorithm.signcCsdS)NFr9)r>rAr?rCr9r9r:rD�szNoneAlgorithm.verifyN)rIrJrKrLr@rBrDr9r9r9r:r.�s r.c@sZeZdZdZejZejZej Z dd�Z dd�Z e dd��Ze dd ��Zd d �Zd d �ZdS)r/zf Performs signing and verification operations using HMAC and the specified hash function. cCs ||_dS)N)�hash_alg)r>rPr9r9r:�__init__�szHMACAlgorithm.__init__cs6t���ddddg}t�fdd�|D��r2td���S)Ns-----BEGIN PUBLIC KEY-----s-----BEGIN CERTIFICATE-----s-----BEGIN RSA PUBLIC KEY-----sssh-rsac3s|]}|�kVqdS)Nr9)�.0Z string_value)r?r9r:� <genexpr>�sz,HMACAlgorithm.prepare_key.<locals>.<genexpr>zdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)r�anyr)r>r?Zinvalid_stringsr9)r?r:r@�szHMACAlgorithm.prepare_keycCst�tt|����dd��S)N�oct)�k�kty)�json�dumpsrr�decode)rEr9r9r:rF�szHMACAlgorithm.to_jwkcCsny.t|t�rt�|�}nt|t�r(|}nt�Wntk rJtd��YnX|�d�dkrbtd��t|d�S)NzKey is not valid JSONrWrUzNot an HMAC keyrV) � isinstance�strrX�loads�dict� ValueErrorr�getr)rG�objr9r9r:rH�s   zHMACAlgorithm.from_jwkcCst�|||j���S)N)�hmac�newrP�digest)r>rAr?r9r9r:rB�szHMACAlgorithm.signcCst�||�||��S)N)rbZcompare_digestrB)r>rAr?rCr9r9r:rD�szHMACAlgorithm.verifyN)rIrJrKrL�hashlib�sha256r0�sha384r1�sha512r2rQr@rMrFrHrBrDr9r9r9r:r/�s r/c@sZeZdZdZejZejZejZdd�Zdd�Z e dd��Z e dd ��Z d d �Z d d �ZdS)r5z~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. cCs ||_dS)N)rP)r>rPr9r9r:rQ�szRSAAlgorithm.__init__cCs~t|t�st|t�r|St|ttf�rrt|�}y$|�d�rDt|�}n t|dd�}Wqzt k rnt |�}YqzXnt d��|S)Nsssh-rsa)�passwordzExpecting a PEM-formatted key.) r[rr�bytesr\r� startswithr!rr_r � TypeError)r>r?r9r9r:r@�s  zRSAAlgorithm.prepare_keyc Cs�d}t|dd�r�|��}ddgt|jj���t|jj���t|j���t|j���t|j ���t|j ���t|j ���t|j ���d� }nBt|dd�r�|��}ddgt|j���t|j���d�}nt d��t�|�S)N�private_numbers�RSArB) rW�key_ops�n�e�d�p�q�dp�dq�qirD)rWrorprqzNot a public or private key)�getattrrmr �public_numbersrprZrqrrrsrt�dmp1�dmq1�iqmprrXrY)rEra�numbersr9r9r:rFs*        zRSAAlgorithm.to_jwkc s�y.t|t�rt�|��nt|t�r(|�nt�Wntk rJtd��YnX��d�dkrbtd��d�k�r�d�k�r�d�k�r�d�kr�td ��d d d d dg}�fdd�|D�}t|�}|r�t |�s�td��t t �d�t �d��}|�r4t t �d�t �d �t �d �t �d �t �d �t �d�|d�}nHt �d�}t |j||j�\}}t |||t||�t||�t||�|d�}|��Sd�k�r�d�k�r�t t �d�t �d��}|��Std��dS)NzKey is not valid JSONrWrnzNot an RSA keyrrrqrpZothz5Unsupported RSA private key: > 2 primes not supportedrsrtrurvrwcsg|] }|�k�qSr9r9)rRZprop)rar9r:� <listcomp>Csz)RSAAlgorithm.from_jwk.<locals>.<listcomp>z@RSA key must include all parameters if any are present besides d)rrrsrtrzr{r|ryzNot a public or private key)r[r\rXr]r^r_rr`rT�allrrrrrprqrrr� private_key� public_key) rGZ other_propsZ props_foundZany_props_foundryr}rrrsrtr9)rar:rH,sd              zRSAAlgorithm.from_jwkcCs|�|t��|���S)N)rBr�PKCS1v15rP)r>rAr?r9r9r:rBvszRSAAlgorithm.signcCs6y|�||t��|���dStk r0dSXdS)NTF)rDrr�rPr )r>rAr?rCr9r9r:rDys zRSAAlgorithm.verifyN)rIrJrKrLr r0r1r2rQr@rMrFrHrBrDr9r9r9r:r5�s $ Jr5c@sNeZdZdZejZejZejZdd�Zdd�Z dd�Z dd �Z e d d ��Z d S) r6zr Performs signing and verification operations using ECDSA and the specified hash function cCs ||_dS)N)rP)r>rPr9r9r:rQ�szECAlgorithm.__init__cCs~t|t�st|t�r|St|ttf�rrt|�}y |�d�rDt|�}nt|�}Wqzt k rnt |dd�}YqzXnt d��|S)Ns ecdsa-sha2-)rizExpecting a PEM-formatted key.) r[rrrjr\rrkr!r r_rrl)r>r?r9r9r:r@�s    zECAlgorithm.prepare_keycCs"|�|t�|����}t||j�S)N)rBr �ECDSArPr�curve)r>rAr?�der_sigr9r9r:rB�szECAlgorithm.signcCsnyt||j�}Wntk r$dSXy.t|t�r:|��}|�||t�|� ���dSt k rhdSXdS)NFT) r r�r_r[rr�rDr r�rPr )r>rAr?rCr�r9r9r:rD�s zECAlgorithm.verifycCs0y.t|t�rt�|�}nt|t�r(|}nt�Wntk rJtd��YnX|�d�dkrbtd��d|ksrd|krztd��t|�d��}t|�d��}|�d�}|dkr�t |�t |�kr�d kr�nn t � �}ntd ��n�|d k�rt |�t |�k�rd k�rnn t � �}ntd ��n�|dk�r`t |�t |�k�rHdk�rVnn t � �}ntd��nP|dk�r�t |�t |�k�r�d k�r�nn t ��}ntd��ntd|����t jtj|dd�tj|dd�|d�}d|k�r�|��St|�d��}t |�t |�k�rtdt |�|��t �tj|dd�|���S)NzKey is not valid JSONrWZECzNot an Elliptic curve key�x�y�crvzP-256� z)Coords should be 32 bytes for curve P-256zP-384�0z)Coords should be 48 bytes for curve P-384zP-521�Bz)Coords should be 66 bytes for curve P-521Z secp256k1z-Coords should be 32 bytes for curve secp256k1zInvalid curve: �big)� byteorder)r�r�r�rrz!D should be {} bytes for curve {})r[r\rXr]r^r_rr`r�lenr Z SECP256R1Z SECP384R1Z SECP521R1Z SECP256K1ZEllipticCurvePublicNumbers�int� from_bytesr�ZEllipticCurvePrivateNumbersr�)rGrar�r�r�Z curve_objryrrr9r9r:rH�sZ        $   $   $    zECAlgorithm.from_jwkN)rIrJrKrLr r0r1r2rQr@rBrDrMrHr9r9r9r:r6�sr6c@s eZdZdZdd�Zdd�ZdS)r7zA Performs a signature using RSASSA-PSS with MGF1 cCs*|�|tjt�|���|jjd�|���S)N)�mgf� salt_length)rBr�PSS�MGF1rP� digest_size)r>rAr?r9r9r:rBs   zRSAPSSAlgorithm.signc CsJy0|�||tjt�|���|jjd�|���dStk rDdSXdS)N)r�r�TF)rDrr�r�rPr�r )r>rAr?rCr9r9r:rD s   zRSAPSSAlgorithm.verifyN)rIrJrKrLrBrDr9r9r9r:r7�s r7c@sHeZdZdZdd�Zdd�Zdd�Zdd �Zed d ��Z ed d ��Z dS)r8z� Performs signing and verification operations using Ed25519 This class requires ``cryptography>=2.6`` to be installed. cKsdS)Nr9)r>�kwargsr9r9r:rQ szEd25519Algorithm.__init__cCs�t|ttf�r|St|ttf�rzt|t�r4|�d�}|�d�}d|krNt|�Sd|krbt|dd�S|dd�dkrzt |�St d��dS) Nzutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATE)rir�zssh-z)Expecting a PEM-formatted or OpenSSH key.) r[rrrjr\�encoderZr rr!rl)r>r?Zstr_keyr9r9r:r@#s    zEd25519Algorithm.prepare_keycCs$t|�tk rt|d�n|}|�|�S)a Sign a message ``msg`` using the Ed25519 private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey key: A :class:`.Ed25519PrivateKey` instance :return bytes signature: The signature, as bytes zutf-8)�typerjrB)r>rAr?r9r9r:rB6szEd25519Algorithm.signcCstyVt|�tk rt|d�n|}t|�tk r2t|d�n|}t|t�rH|��}|�||�dStjjk rndSXdS)a� Verify a given ``msg`` against a signature ``sig`` using the Ed25519 key ``key`` :param str|bytes sig: Ed25519 signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey key: A private or public Ed25519 key instance :return bool verified: True if signature is valid, False if not. zutf-8TFN) r�rjr[rr�rD� cryptography� exceptionsr )r>rAr?rCr9r9r:rD@s   zEd25519Algorithm.verifycCs�t|t�r:|jtjtjd�}t�tt |��� �ddd��St|t �r�|j tjt jt�d�}|��jtjtjd�}t�tt |��� �tt |��� �ddd��Std��dS)N)�encoding�format�OKP�Ed25519)r�rWr�)r�r�Zencryption_algorithm)r�rrrWr�zNot a public or private key)r[rZ public_bytesrZRawrrXrYrrrZrZ private_bytesrrr�r)r?r�rrr9r9r:rFTs,       zEd25519Algorithm.to_jwkc Cs�y.t|t�rt�|�}nt|t�r(|}nt�Wntk rJtd��YnX|�d�dkrbtd��|�d�}|dkr�td|����d|kr�td ��t|�d��}y*d |kr�t � |�St|�d ��}t � |�Stk r�}ztd �|�Wdd}~XYnXdS) NzKey is not valid JSONrWr�zNot an Octet Key Pairr�r�zInvalid curve: r�zOKP should have "x" parameterrrzInvalid key parameter) r[r\rXr]r^r_rr`rrZfrom_public_bytesrZfrom_private_bytes)rGrar�r�rr�errr9r9r:rH{s.      zEd25519Algorithm.from_jwkN) rIrJrKrLrQr@rBrDrMrFrHr9r9r9r:r8s  'r8)7rerbrXr�r�utilsrrrrrr r Zcryptography.exceptionsr�r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rZ,cryptography.hazmat.primitives.asymmetric.ecrrZ1cryptography.hazmat.primitives.asymmetric.ed25519rrZ-cryptography.hazmat.primitives.asymmetric.rsarrrrrrrrZ,cryptography.hazmat.primitives.serializationrrrrrr r!r3�ModuleNotFoundErrorZrequires_cryptographyr;r<r.r/r5r6r7r8r9r9r9r:�<module>sL $   ( $  ")@{