o Tiht@sddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZmZej d kr`dd l m!Z!ndd l"m!Z!zjdd l#m$Z$dd l%m&Z&dd l'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7m8Z8ddl9m:Z:m;Z;ddlZ>m?Z?m@Z@mAZAmBZBmCZCmDZDddlEmFZFmGZGmHZHmIZImJZJmKZKmLZLdZMWn eNydZMYnwe re=e?BZOe2e4BZPe:e;Be7Be8BZQeOePBeQBZRe=e2Be:Be7BZSe?e4Be;Be8BZThdZUd)ddZVGdddeZWGdddeWZXGdd d eWZYeMrKGd!d"d"eWZZGd#d$d$eWZ[Gd%d&d&eZZ\Gd'd(d(eWZ]dSdS)*) annotationsN)ABCabstractmethod) TYPE_CHECKINGAnyClassVarNoReturnUnioncastoverloadInvalidKeyError) HashlibHashJWKDict) base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uint is_pem_format is_ssh_keyraw_to_der_signatureto_base64url_uint))Literal)InvalidSignature)default_backend)hashes)padding) ECDSA SECP256K1 SECP256R1 SECP384R1 SECP521R1 EllipticCurveEllipticCurvePrivateKeyEllipticCurvePrivateNumbersEllipticCurvePublicKeyEllipticCurvePublicNumbers)Ed448PrivateKeyEd448PublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_keyTF> EdDSAPS256RS512RS256RS384PS384PS512ES256ES512ES384ES256KES521returndict[str, Algorithm]cCstttjttjttjd}trG|ttjttjttjttjttjttjttjttjt t jt t jt t jt d |S)zE Returns the algorithms that are implemented by the library. )noneZHS256ZHS384ZHS512) rArBr@rErHrGrIrFr?rCrDr>) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm OKPAlgorithm)Zdefault_algorithmsrXN/var/www/html/evchargy.com/venv/lib/python3.10/site-packages/jwt/algorithms.pyget_default_algorithmsps0rZc@seZdZdZd"ddZed#d d Zed$d d Zed%ddZe e ed&ddZ e e ed'd(ddZ e ed'd)ddZ e ed*dd Z d!S)+ AlgorithmzH The interface for an algorithm used to sign and verify tokens. bytestrbytesrJcCsjt|dd}|dur ttr-t|tr-t|tjr-tj|t d}| |t | St || S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrR isinstancetype issubclassrZ HashAlgorithmZHashrrSr]finalizedigest)selfr\r^rfrXrXrYcompute_hash_digests    zAlgorithm.compute_hash_digestkeyrcCdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). NrXrgrirXrXrY prepare_keyzAlgorithm.prepare_keymsgcCrj)zn Returns a digital signature for the specified message using the specified key value. NrXrgrnrirXrXrYsignrmzAlgorithm.signsigboolcCrj)zz Verifies that the specified digital signature is valid for the specified message and key values. NrXrgrnrirqrXrXrYverifyrmzAlgorithm.verifyas_dict Literal[True]rcCdSNrXkey_objrurXrXrYto_jwkzAlgorithm.to_jwkFLiteral[False]strcCrwrxrXryrXrXrYr{r|Union[JWKDict, str]cCrj)z3 Serializes a given key into a JWK NrXryrXrXrYr{rmjwk str | JWKDictcCrj)zJ Deserializes a given key from JWK back into a key object NrXrrXrXrYfrom_jwkrmzAlgorithm.from_jwkN)r\r]rJr])rirrJr)rnr]rirrJr])rnr]rirrqr]rJrr)rurvrJrF)rur}rJr~)rurrrJr)rrrJr) __name__ __module__ __qualname____doc__rhrrlrprtr staticmethodr{rrXrXrXrYr[s.    r[c@sLeZdZdZdddZdd d ZdddZedd ddZed!ddZ dS)"rMzZ Placeholder for use when no signing or verification operations are required. ri str | NonerJNonecCs |dkrd}|durtd|S)Nz*When alg = "none", key value must be None.r rkrXrXrYrls zNoneAlgorithm.prepare_keyrnr]cCrj)NrXrorXrXrYrpzNoneAlgorithm.signrqrrcCrj)NFrXrsrXrXrYrtrzNoneAlgorithm.verifyFrzrrurcCtrxraryrXrXrYr{zNoneAlgorithm.to_jwkrrcCrrxrrrXrXrYrrzNoneAlgorithm.from_jwkN)rirrJr)rnr]rirrJr])rnr]rirrqr]rJrrr)rzrrurrrJr)rrrJr) rrrrrlrprtrr{rrXrXrXrYrMs  rMc@seZdZUdZejZded<ejZ ded<ej Z ded<d)d d Z d*ddZ eed+ddZeed,d-ddZed,d.ddZed/d d!Zd0d#d$Zd1d&d'Zd(S)2rNzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rOrPrQr^rrJrcC ||_dSrxr^rgr^rXrXrY__init__ zHMACAlgorithm.__init__ri str | bytesr]cCs$t|}t|s t|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrrrgri key_bytesrXrXrYrls zHMACAlgorithm.prepare_keyrzrurvrcCrwrxrXryrXrXrYr{zHMACAlgorithm.to_jwkFr}r~cCrwrxrXryrXrXrYr{rrrrcCs(tt|dd}|r|St|S)Noct)kkty)rrdecodejsondumps)rzrurrXrXrYr{s  rrcCshzt|tr t|}n t|tr|}ntWn ty"tdw|ddkr.tdt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rbr~rloadsdict ValueErrorrgetr)robjrXrXrYr)s     zHMACAlgorithm.from_jwkrncCst|||jSrx)hmacnewr^rfrorXrXrYrp:zHMACAlgorithm.signrqcCst||||Srx)rcompare_digestrprsrXrXrYrt=rzHMACAlgorithm.verifyN)r^rrJr)rirrJr])rzrrurvrJrr)rzrrur}rJr~)rzrrurrrJr)rrrJr])rnr]rir]rJr])rnr]rir]rqr]rJrr)rrrrhashlibsha256rO__annotations__sha384rPsha512rQrrlr rr{rrprtrXrXrXrYrNs&      rNc@seZdZUdZejZded<ejZded<ejZded<d,d d Z d-ddZ e e d.ddZ e e d/d0ddZ e d/d1ddZ e d2d d!Zd3d%d&Zd4d)d*Zd+S)5rTz~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. $ClassVar[type[hashes.HashAlgorithm]]rOrPrQr^type[hashes.HashAlgorithm]rJrcCrrxrrrXrXrYrMrzRSAAlgorithm.__init__riAllowedRSAKeys | str | bytesAllowedRSAKeyscCst|ttfr |St|ttfstdt|}z|dr&ttt |WSttt |ddWSt y?ttt |YSw)NExpecting a PEM-formatted key.sssh-rsapassword) rbr/r1r]r~ TypeErrorr startswithr r=r;rr<rrXrXrYrlPs   zRSAAlgorithm.prepare_keyrzrurvrcCrwrxrXryrXrXrYr{crzRSAAlgorithm.to_jwkFr}r~cCrwrxrXryrXrXrYr{hrrrrc Csd}t|drD|}ddgt|jjt|jjt|jt|jt|j t|j t|j t|j d }n t|dr`|}ddgt|jt|jd}nt d|rh|St|S)Nprivate_numbersRSArp) rkey_opsnedpqdpdqqirt)rrrrNot a public or private key)hasattrrrpublic_numbersrrrrrrdmp1dmq1iqmprrr)rzrurnumbersrXrXrYr{ms2           rrc szt|tr t|n t|tr|ntWn ty"tdwddkr.tddvrdvrdvrdvrBtd gd }fd d |D}t|}|r]t |s]td t t dt d}|rt t dt dt dt dt dt d|d}|St d}t |j||j\}}t |||t||t||t|||d}|Sdvrdvrt t dt dStd)NrrrzNot an RSA keyrrrZothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcsg|]}|vqSrXrX).0proprrXrY sz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rbr~rrrrrranyallr2rr0r6rrr3r4r5 private_key public_key) rZ other_propsZ props_foundZany_props_foundrrrrrrXrrYrsz                  zRSAAlgorithm.from_jwkrnr]r/cCs||t|Srx)rpr PKCS1v15r^rorXrXrYrpszRSAAlgorithm.signr1rqcCs4z|||t|WdStyYdSw)NTF)rtr rr^rrsrXrXrYrts  zRSAAlgorithm.verifyNr^rrJr)rirrJr)rzrrurvrJrr)rzrrur}rJr~)rzrrurrrJr)rrrJrrnr]rir/rJr]rnr]rir1rqr]rJrr)rrrrrrOrrPrQrrlr rr{rrprtrXrXrXrYrTCs(   (  GrTc@seZdZUdZejZded<ejZded<ejZded<d,d d Z d-ddZ d.ddZ d/ddZ e ed0dd Ze ed1d2d$d Ze !d1d3d&d Zed4d)d*Zd+S)5rUzr Performs signing and verification operations using ECDSA and the specified hash function rrOrPrQr^rrJrcCrrxrrrXrXrYrrzECAlgorithm.__init__riAllowedECKeys | str | bytes AllowedECKeyscCst|ttfr |St|ttfstdt|}z|dr#t|}nt |}Wnt y7t |dd}Ynwt|ttfsCt d|S)Nrs ecdsa-sha2-rzcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms) rbr'r)r]r~rrrr=r<rr;r)rgrirZ crypto_keyrXrXrYrls(   zECAlgorithm.prepare_keyrnr]r'cCs ||t|}t||jSrx)rpr!r^rcurve)rgrnrider_sigrXrXrYrps zECAlgorithm.sign'AllowedECKeys'rqrrcCsnzt||j}Wn tyYdSwzt|tr|n|}|||t|WdSt y6YdSw)NFT) rrrrbr'rrtr!r^r)rgrnrirqrrrXrXrYrts   zECAlgorithm.verifyrzrurvrcCrwrxrXryrXrXrYr{)rzECAlgorithm.to_jwkFr}r~cCrwrxrXryrXrXrYr{.rrcCst|tr |}nt|tr|}ntdt|jtr#d}n#t|jtr,d}nt|jt r5d}nt|jt r>d}ntd|jd|t |j  t |j d}t|trgt |j |d <|rk|St|S) NrP-256P-384P-521 secp256k1Invalid curve: EC)rcrvxyr)rbr'rrr)rrr#r$r%r"rrrrrZ private_valuerr)rzrurrrrXrXrYr{3s8           rrcCszt|tr t|}n t|tr|}ntWn ty"tdw|ddkr.tdd|vs6d|vr:tdt|d}t|d}|d}|dkrlt |t |kr_d krhntd t }nhtd |d krt |t |kr~d krntd t }nItd |dkrt |t |krdkrntdt }n*td|dkrt |t |krd krntdt }n tdtd|ttj|ddtj|dd|d}d|vr|St|d}t |t |krtdt ||ttj|dd|S)NrrrzNot an Elliptic curve keyrrrr z)Coords should be 32 bytes for curve P-256r0z)Coords should be 48 bytes for curve P-384rBz)Coords should be 66 bytes for curve P-521rz-Coords should be 32 bytes for curve secp256k1rbig) byteorder)rrrrz!D should be {} bytes for curve {})rbr~rrrrrrrlenr#r$r%r"r*int from_bytesrr(r)rrrrrZ curve_objrrrXrXrYrZsv        zECAlgorithm.from_jwkNr)rirrJr)rnr]rir'rJr])rnr]rirrqr]rJrr)rzrrurvrJrr)rzrrur}rJr~)rzrrurrrJr)rrrJr)rrrrrrOrrPrQrrlrprtr rr{rrXrXrXrYrUs(     &rUc@s$eZdZdZdddZdd d ZdS)rVzA Performs a signature using RSASSA-PSS with MGF1 rnr]rir/rJcCs,||tjt||jd|S)NZmgfZ salt_length)rpr PSSMGF1r^ digest_sizerorXrXrYrps zRSAPSSAlgorithm.signr1rqrrc CsJz|||tjt||jd|WdSty$YdSw)NrTF)rtr rrr^rrrsrXrXrYrts  zRSAPSSAlgorithm.verifyNrr)rrrrrprtrXrXrXrYrVs  rVc@s|eZdZdZd'ddZd(d d Zd)ddZd*ddZee d+ddZ ee d,d-ddZ e d,d.d!dZ e d/d$d%Z d&S)0rWz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrJrcKrwrxrX)rgrrXrXrYrrzOKPAlgorithm.__init__riAllowedOKPKeys | str | bytesAllowedOKPKeyscCst|ttfr?t|tr|dn|}t|tr|dn|}d|vr(t|}nd|vr3t|dd}n |dddkr?t|}t|tt t t fsLt d|S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms) rbr]r~rencoder<r;r=r-r.r+r,r)rgriZkey_strrrXrXrYrls"  zOKPAlgorithm.prepare_keyrnr#Ed25519PrivateKey | Ed448PrivateKeyr]cCs"t|tr |dn|}||S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes r)rbr~rrp)rgrnri msg_bytesrXrXrYrps zOKPAlgorithm.signrqrrcCsrz.t|tr |dn|}t|tr|dn|}t|ttfr$|n|}|||WdSty8YdSw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rTF)rbr~rr-r+rrtr)rgrnrirqrZ sig_bytesrrXrXrYrts     zOKPAlgorithm.verifyrurvrcCrwrxrXrirurXrXrYr{rzOKPAlgorithm.to_jwkFr}r~cCrwrxrXrrXrXrYr{ rrcCst|ttfr.|jtjtjd}t|trdnd}tt| d|d}|r)|St |St|t t frp|jtjtjtd}|jtjtjd}t|t rRdnd}tt| tt| d|d}|rk|St |Std) N)encodingformatEd25519Ed448OKP)rrr)rrZencryption_algorithm)rrrrr)rbr.r, public_bytesr7ZRawr:rrrrrr-r+Z private_bytesr9r8rr)rirurrrrrXrXrYr{sB  rrc Cszt|tr t|}n t|tr|}ntWn ty"tdw|ddkr.td|d}|dkrB|dkrBtd|d |vrJtd t|d }z+d |vrf|dkr`t |WSt |WSt|d }|dkrwt |WSt |WSty}ztd |d}~ww) NrrrzNot an Octet Key PairrrrrrzOKP should have "x" parameterrzInvalid key parameter)rbr~rrrrrrrr.Zfrom_public_bytesr,r-Zfrom_private_bytesr+)rrrrrerrrXrXrYr=s>          zOKPAlgorithm.from_jwkN)rrrJr)rirrJr)rnrrirrJr])rnrrirrqrrJrr)rirrurvrJrr)rirrur}rJr~)rirrurrrJr)rrrJr) rrrrrrlrprtr rr{rrXrXrXrYrWs     .rW)rJrK)^ __future__rrrrsysabcrrtypingrrrrr r r exceptionsrtypesrrutilsrrrrrrrrr version_inforZtyping_extensionsZcryptography.exceptionsrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricr Z,cryptography.hazmat.primitives.asymmetric.ecr!r"r#r$r%r&r'r(r)r*Z/cryptography.hazmat.primitives.asymmetric.ed448r+r,Z1cryptography.hazmat.primitives.asymmetric.ed25519r-r.Z-cryptography.hazmat.primitives.asymmetric.rsar/r0r1r2r3r4r5r6Z,cryptography.hazmat.primitives.serializationr7r8r9r:r;r<r=rRModuleNotFoundErrorrrrZ AllowedKeysZAllowedPrivateKeysZAllowedPublicKeysZrequires_cryptographyrZr[rMrNrTrUrVrWrXrXrXrYsh $ ,      0 ($    "KF&7