o ifht@sddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZmZej d kr`dd l m!Z!ndd l"m!Z!zjdd l#m$Z$dd l%m&Z&dd l'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7m8Z8ddl9m:Z:m;Z;ddlZ>m?Z?m@Z@mAZAmBZBmCZCmDZDddlEmFZFmGZGmHZHmIZImJZJmKZKmLZLdZMWn eNydZMYnwe re=e?BZOe2e4BZPe:e;Be7Be8BZQeOePBeQBZRe=e2Be:Be7BZSe?e4Be;Be8BZThdZUd)ddZVGdddeZWGdddeWZXGdd d eWZYeMrKGd!d"d"eWZZGd#d$d$eWZ[Gd%d&d&eZZ\Gd'd(d(eWZ]dSdS)*) annotationsN)ABCabstractmethod) TYPE_CHECKINGAnyClassVarNoReturnUnioncastoverloadInvalidKeyError) HashlibHashJWKDict) base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uint is_pem_format is_ssh_keyraw_to_der_signatureto_base64url_uint))Literal)InvalidSignature)default_backend)hashes)padding) ECDSA SECP256K1 SECP256R1 SECP384R1 SECP521R1 EllipticCurveEllipticCurvePrivateKeyEllipticCurvePrivateNumbersEllipticCurvePublicKeyEllipticCurvePublicNumbers)Ed448PrivateKeyEd448PublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_keyTF> ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kreturndict[str, Algorithm]cCstttjttjttjd}trG|ttjttjttjttjttjttjttjttjt t jt t jt t jt d |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rFrGrHr>rIr?rAr@rCrDrErB) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm OKPAlgorithm)default_algorithmsr\G/var/www/html/corbot_env/lib/python3.10/site-packages/jwt/algorithms.pyget_default_algorithmsps0r^c@seZdZdZd"ddZed#d d Zed$d d Zed%ddZe e ed&ddZ e e ed'd(ddZ e ed'd)ddZ e ed*dd Z d!S)+ AlgorithmzH The interface for an algorithm used to sign and verify tokens. bytestrbytesrJcCsjt|dd}|dur ttr-t|tr-t|tjr-tj|t d}| |t | St || S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrU isinstancetype issubclassr HashAlgorithmHashrrVrafinalizedigest)selfr`rbrlr\r\r]compute_hash_digests    zAlgorithm.compute_hash_digestkeyrcCdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nr\rmror\r\r] prepare_keyzAlgorithm.prepare_keymsgcCrp)zn Returns a digital signature for the specified message using the specified key value. Nr\rmrtror\r\r]signrszAlgorithm.signsigboolcCrp)zz Verifies that the specified digital signature is valid for the specified message and key values. Nr\rmrtrorwr\r\r]verifyrszAlgorithm.verifyas_dict Literal[True]rcCdSNr\key_objr{r\r\r]to_jwkzAlgorithm.to_jwkFLiteral[False]strcCr}r~r\rr\r\r]rrUnion[JWKDict, str]cCrp)z3 Serializes a given key into a JWK Nr\rr\r\r]rrsjwk str | JWKDictcCrp)zJ Deserializes a given key from JWK back into a key object Nr\rr\r\r]from_jwkrszAlgorithm.from_jwkN)r`rarJra)rorrJr)rtrarorrJra)rtrarorrwrarJrx)r{r|rJrF)r{rrJr)r{rxrJr)rrrJr) __name__ __module__ __qualname____doc__rnrrrrvrzr staticmethodrrr\r\r\r]r_s.    r_c@sLeZdZdZdddZdd d ZdddZedd ddZed!ddZ dS)"rPzZ Placeholder for use when no signing or verification operations are required. ro str | NonerJNonecCs |dkrd}|durtd|S)Nz*When alg = "none", key value must be None.r rqr\r\r]rrs zNoneAlgorithm.prepare_keyrtracCrp)Nr\rur\r\r]rvzNoneAlgorithm.signrwrxcCrp)NFr\ryr\r\r]rzrzNoneAlgorithm.verifyFrrr{rcCtr~rerr\r\r]rzNoneAlgorithm.to_jwkrrcCrr~rrr\r\r]rrzNoneAlgorithm.from_jwkN)rorrJr)rtrarorrJra)rtrarorrwrarJrxr)rrr{rxrJr)rrrJr) rrrrrrrvrzrrrr\r\r\r]rPs  rPc@seZdZUdZejZded<ejZ ded<ej Z ded<d)d d Z d*ddZ eed+ddZeed,d-ddZed,d.ddZed/d d!Zd0d#d$Zd1d&d'Zd(S)2rQzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rRrSrTrbrrJrcC ||_dSr~rbrmrbr\r\r]__init__ zHMACAlgorithm.__init__ro str | bytesracCs$t|}t|s t|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrrrmro key_bytesr\r\r]rrs zHMACAlgorithm.prepare_keyrr{r|rcCr}r~r\rr\r\r]rzHMACAlgorithm.to_jwkFrrcCr}r~r\rr\r\r]rrrxrcCs(tt|dd}|r|St|S)Noct)kkty)rrdecodejsondumps)rr{rr\r\r]rs  rrcCshzt|tr t|}n t|tr|}ntWn ty"tdw|ddkr.tdt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rfrrloadsdict ValueErrorrgetr)robjr\r\r]r)s     zHMACAlgorithm.from_jwkrtcCst|||jSr~)hmacnewrbrlrur\r\r]rv:zHMACAlgorithm.signrwcCst||||Sr~)rcompare_digestrvryr\r\r]rz=rzHMACAlgorithm.verifyN)rbrrJr)rorrJra)rrr{r|rJrr)rrr{rrJr)rrr{rxrJr)rrrJra)rtrarorarJra)rtrarorarwrarJrx)rrrrhashlibsha256rR__annotations__sha384rSsha512rTrrrr rrrrvrzr\r\r\r]rQs&      rQc@seZdZUdZejZded<ejZded<ejZded<d,d d Z d-ddZ e e d.ddZ e e d/d0ddZ e d/d1ddZ e d2d d!Zd3d%d&Zd4d)d*Zd+S)5rWz~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. $ClassVar[type[hashes.HashAlgorithm]]rRrSrTrbtype[hashes.HashAlgorithm]rJrcCrr~rrr\r\r]rMrzRSAAlgorithm.__init__roAllowedRSAKeys | str | bytesAllowedRSAKeyscCst|ttfr |St|ttfstdt|}z|dr&ttt |WSttt |ddWSt y?ttt |YSw)NExpecting a PEM-formatted key.sssh-rsapassword) rfr/r1rar TypeErrorr startswithr r=r;rr<rr\r\r]rrPs   zRSAAlgorithm.prepare_keyrr{r|rcCr}r~r\rr\r\r]rcrzRSAAlgorithm.to_jwkFrrcCr}r~r\rr\r\r]rhrrxrc Csd}t|drD|}ddgt|jjt|jjt|jt|jt|j t|j t|j t|j d }n t|dr`|}ddgt|jt|jd}nt d|rh|St|S)Nprivate_numbersRSArv) rkey_opsnedpqdpdqqirz)rrrrNot a public or private key)hasattrrrpublic_numbersrrrrrrdmp1dmq1iqmprrr)rr{rnumbersr\r\r]rms2           rrc szt|tr t|n t|tr|ntWn ty"tdwddkr.tddvrdvrdvrdvrBtd gd }fd d |D}t|}|r]t |s]td t t dt d}|rt t dt dt dt dt dt d|d}|St d}t |j||j\}}t |||t||t||t|||d}|Sdvrdvrt t dt dStd)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcsg|]}|vqSr\r\).0proprr\r] sz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rfrrrrrrranyallr2rr0r6rrr3r4r5 private_key public_key) r other_props props_foundany_props_foundrrrrrr\rr]rsz                  zRSAAlgorithm.from_jwkrtrar/cCs||t|Sr~)rvr PKCS1v15rbrur\r\r]rvszRSAAlgorithm.signr1rwcCs4z|||t|WdStyYdSw)NTF)rzr rrbrryr\r\r]rzs  zRSAAlgorithm.verifyNrbrrJr)rorrJr)rrr{r|rJrr)rrr{rrJr)rrr{rxrJr)rrrJrrtraror/rJrartraror1rwrarJrx)rrrrrrRrrSrTrrrr rrrrvrzr\r\r\r]rWCs(   (  GrWc@seZdZUdZejZded<ejZded<ejZded<d,d d Z d-ddZ d.ddZ d/ddZ e ed0dd Ze ed1d2d$d Ze !d1d3d&d Zed4d)d*Zd+S)5rXzr Performs signing and verification operations using ECDSA and the specified hash function rrRrSrTrbrrJrcCrr~rrr\r\r]rrzECAlgorithm.__init__roAllowedECKeys | str | bytes AllowedECKeyscCst|ttfr |St|ttfstdt|}z|dr#t|}nt |}Wnt y7t |dd}Ynwt|ttfsCt d|S)Nrs ecdsa-sha2-rzcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms) rfr'r)rarrrrr=r<rr;r)rmror crypto_keyr\r\r]rrs(   zECAlgorithm.prepare_keyrtrar'cCs ||t|}t||jSr~)rvr!rbrcurve)rmrtroder_sigr\r\r]rvs zECAlgorithm.sign'AllowedECKeys'rwrxcCsnzt||j}Wn tyYdSwzt|tr|n|}|||t|WdSt y6YdSw)NFT) rrrrfr'rrzr!rbr)rmrtrorwrrr\r\r]rzs   zECAlgorithm.verifyrr{r|rcCr}r~r\rr\r\r]r)rzECAlgorithm.to_jwkFrrcCr}r~r\rr\r\r]r.rrcCst|tr |}nt|tr|}ntdt|jtr#d}n#t|jtr,d}nt|jt r5d}nt|jt r>d}ntd|jd|t |j  t |j d}t|trgt |j |d <|rk|St|S) NrP-256P-384P-521 secp256k1Invalid curve: EC)rcrvxyr)rfr'rrr)rrr#r$r%r"rrrrr private_valuerr)rr{rrrr\r\r]r3s8           rrcCszt|tr t|}n t|tr|}ntWn ty"tdw|ddkr.tdd|vs6d|vr:tdt|d}t|d}|d}|dkrlt |t |kr_d krhntd t }nhtd |d krt |t |kr~d krntd t }nItd |dkrt |t |krdkrntdt }n*td|dkrt |t |krd krntdt }n tdtd|ttj|ddtj|dd|d}d|vr|St|d}t |t |krtdt ||ttj|dd|S)NrrrzNot an Elliptic curve keyrrrr z)Coords should be 32 bytes for curve P-256r0z)Coords should be 48 bytes for curve P-384rBz)Coords should be 66 bytes for curve P-521rz-Coords should be 32 bytes for curve secp256k1rbig) byteorder)rrrrz!D should be {} bytes for curve {})rfrrrrrrrrlenr#r$r%r"r*int from_bytesrr(r)rrrrr curve_objrrr\r\r]rZsv        zECAlgorithm.from_jwkNr)rorrJr)rtraror'rJra)rtrarorrwrarJrx)rrr{r|rJrr)rrr{rrJr)rrr{rxrJr)rrrJr)rrrrrrRrrSrTrrrrvrzr rrrr\r\r\r]rXs(     &rXc@s$eZdZdZdddZdd d ZdS)rYzA Performs a signature using RSASSA-PSS with MGF1 rtraror/rJcCs,||tjt||jd|S)Nmgf salt_length)rvr PSSMGF1rb digest_sizerur\r\r]rvs zRSAPSSAlgorithm.signr1rwrxc CsJz|||tjt||jd|WdSty$YdSw)NrTF)rzr rrrbrrryr\r\r]rzs  zRSAPSSAlgorithm.verifyNrr)rrrrrvrzr\r\r\r]rYs  rYc@s|eZdZdZd'ddZd(d d Zd)ddZd*ddZee d+ddZ ee d,d-ddZ e d,d.d!dZ e d/d$d%Z d&S)0rZz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrJrcKr}r~r\)rmrr\r\r]rrzOKPAlgorithm.__init__roAllowedOKPKeys | str | bytesAllowedOKPKeyscCst|ttfr?t|tr|dn|}t|tr|dn|}d|vr(t|}nd|vr3t|dd}n |dddkr?t|}t|tt t t fsLt d|S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms) rfrarrencoder<r;r=r-r.r+r,r)rmrokey_strrr\r\r]rrs"  zOKPAlgorithm.prepare_keyrtr#Ed25519PrivateKey | Ed448PrivateKeyracCs"t|tr |dn|}||S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes r)rfrrrv)rmrtro msg_bytesr\r\r]rvs zOKPAlgorithm.signrwrxcCsrz.t|tr |dn|}t|tr|dn|}t|ttfr$|n|}|||WdSty8YdSw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rTF)rfrrr-r+rrzr)rmrtrorwr sig_bytesrr\r\r]rzs     zOKPAlgorithm.verifyr{r|rcCr}r~r\ror{r\r\r]rrzOKPAlgorithm.to_jwkFrrcCr}r~r\r r\r\r]r rrcCst|ttfr.|jtjtjd}t|trdnd}tt| d|d}|r)|St |St|t t frp|jtjtjtd}|jtjtjd}t|t rRdnd}tt| tt| d|d}|rk|St |Std) N)encodingformatEd25519Ed448OKP)rrr)r r encryption_algorithm)rrrrr)rfr.r, public_bytesr7Rawr:rrrrrr-r+ private_bytesr9r8rr)ror{rrrrr\r\r]rsB  rrc Cszt|tr t|}n t|tr|}ntWn ty"tdw|ddkr.td|d}|dkrB|dkrBtd|d |vrJtd t|d }z+d |vrf|dkr`t |WSt |WSt|d }|dkrwt |WSt |WSty}ztd |d}~ww) NrrrzNot an Octet Key Pairrr rrrzOKP should have "x" parameterrzInvalid key parameter)rfrrrrrrrrr.from_public_bytesr,r-from_private_bytesr+)rrrrrerrr\r\r]r=s>          zOKPAlgorithm.from_jwkN)rrrJr)rorrJr)rtrrorrJra)rtrrorrwrrJrx)rorr{r|rJrr)rorr{rrJr)rorr{rxrJr)rrrJr) rrrrrrrrvrzr rrrr\r\r\r]rZs     .rZ)rJrK)^ __future__rrrrsysabcrrtypingrrrrr r r exceptionsrtypesrrutilsrrrrrrrrr version_infortyping_extensionscryptography.exceptionsrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricr ,cryptography.hazmat.primitives.asymmetric.ecr!r"r#r$r%r&r'r(r)r*/cryptography.hazmat.primitives.asymmetric.ed448r+r,1cryptography.hazmat.primitives.asymmetric.ed25519r-r.-cryptography.hazmat.primitives.asymmetric.rsar/r0r1r2r3r4r5r6,cryptography.hazmat.primitives.serializationr7r8r9r:r;r<r=rUModuleNotFoundErrorrrr AllowedKeysAllowedPrivateKeysAllowedPublicKeysrequires_cryptographyr^r_rPrQrWrXrYrZr\r\r\r]sh $ ,      0 ($    "KF&7