o +if@s~ddlZddlZddlZddlZddlZeeZddZGddde Z Gddde Z Gdd d e Z e Z e Ze je_dS) NcCsz|jddWS|YS)Nzutf-8)encoding)encode)rawrQ/var/www/html/corbot_env/lib/python3.10/site-packages/msal/oauth2cli/assertion.py _str2bytes src@s&eZdZ  dddZ dddZdS) AssertionCreatorNXc Kstd)a+Create an assertion in bytes, based on the provided claims. All parameter names are defined in https://tools.ietf.org/html/rfc7521#section-5 except the expires_in is defined here as lifetime-in-seconds, which will be automatically translated into expires_at in UTC. z Will be implemented by sub-class)NotImplementedError) selfaudienceissuersubject expires_at expires_in issued_at assertion_idkwargsrrrcreate_normal_assertions z(AssertionCreator.create_normal_assertionc s*t|||||ffdd t|dddS)zCreate an assertion as a callable, which will then compute the assertion later when necessary. This is a useful optimization to reuse the client assertion. csj|||fd|i|S)Nr)r)aiserr rr'sz@AssertionCreator.create_regenerative_assertion..<r)r) AutoRefreshermax)r r r rrrrrrcreate_regenerative_assertions z.AssertionCreator.create_regenerative_assertion)Nr NN)Nr )__name__ __module__ __qualname__rrrrrrrs   rc@s"eZdZdZdddZddZdS) raCache the output of a factory, and auto-refresh it when necessary. Usage:: r = AutoRefresher(time.time, expires_in=5) for i in range(15): print(r()) # the timestamp change only after every 5 seconds time.sleep(1) cCs||_||_i|_dS)N)_factory _expires_in_buf)r factoryrrrr__init__4s zAutoRefresher.__init__cCs\d\}}t}|j|d|kr#td|||||ji|_ntd|j|S)N)rvaluerzRegenerating new assertionzReusing still valid assertion)timer%getloggerdebugr#r$)r EXPIRES_ATVALUEnowrrr__call__8s   zAutoRefresher.__call__N)r")rr r!__doc__r'r0rrrrr,s  rc@s&eZdZdddZ   dddZdS) JwtAssertionCreatorNcCs<||_||_|p i|_|rtt||jd<dSdS)aConstruct a Jwt assertion creator. Args: key (str): An unencrypted private key for signing, in a base64 encoded string. It can also be a cryptography ``PrivateKey`` object, which is how you can work with a previously-encrypted key. See also https://github.com/jpadilla/pyjwt/pull/525 algorithm (str): "RS256", etc.. See https://pyjwt.readthedocs.io/en/latest/algorithms.html RSA and ECDSA algorithms require "pip install cryptography". sha1_thumbprint (str): The x5t aka X.509 certificate SHA-1 thumbprint. headers (dict): Additional headers, e.g. "kid" or "x5c" etc. x5tN)key algorithmheadersbase64urlsafe_b64encodebinasciia2b_hexdecode)r r4r5sha1_thumbprintr6rrrr'Ds  zJwtAssertionCreator.__init__r c Ksddl} t} |||p ||p| ||p| |pttd} |r%|| d<| | p*iz| j| |j|j|j d}t |WS|j dsM|j drRt d) zCreate a JWT Assertion. Parameters are defined in https://tools.ietf.org/html/rfc7523#section-3 Key-value pairs in additional_claims will be added into payload as-is. rN)audisssubexpiatjtinbf)r5r6RSESzSome algorithms requires "pip install cryptography". See https://pyjwt.readthedocs.io/en/latest/installation.html#cryptographic-dependencies-optional)jwtr)struuiduuid4updaterr4r5r6r startswithr+ exception)r r r rrrrr not_beforeadditional_claimsrrFr/payload str_or_bytesrrrr[s.   z+JwtAssertionCreator.create_normal_assertion)NN)NNr NNNN)rr r!r'rrrrrr2Cs  r2)r)r9r7rHlogging getLoggerrr+robjectrrr2Signer JwtSignerrsign_assertionrrrrs ;