U ˹h@sddlZddlZzddlmZmZWn$ek rHddlmZmZYnXddlmZddl m Z ddl m Z ddl mZmZddlmZmZde jfd d Zd#d d ZddZddZddZd$ddZddZddZddZddZddZd%d!d"ZdS)&N)IterableMapping)rr)jwk)Key) ALGORITHMS)JWSErrorJWSSignatureError)base64url_decodebase64url_encodecCs<|tjkrtd|t||d}t|}t||||}|S)awSigns a claims set and returns a JWS string. Args: payload (str or dict): A string to sign key (str or dict): The key to use for signing the claim set. Can be individual JWK or JWK set. headers (dict, optional): A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers. algorithm (str, optional): The algorithm to use for signing the the claims. Defaults to HS256. Returns: str: The string representation of the header, claims, and signature. Raises: JWSError: If there is an error signing the token. Examples: >>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256') 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' zAlgorithm %s not supported.)additional_headers)rZ SUPPORTEDr_encode_header_encode_payload_sign_header_and_claims)payloadkeyheaders algorithmencoded_headerZencoded_payloadZ signed_outputrL/var/www/html/timesheet/backend/venv/lib/python3.8/site-packages/jose/jws.pysigns    rTcCs(t|\}}}}|r$t||||||S)aVerifies a JWS string's signature. Args: token (str): A signed JWS to be verified. key (str or dict): A key to attempt to verify the payload with. Can be individual JWK or JWK set. algorithms (str or list): Valid algorithms that should be used to verify the JWS. Returns: str: The str representation of the payload, assuming the signature is valid. Raises: JWSError: If there is an exception verifying a token. Examples: >>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' >>> jws.verify(token, 'secret', algorithms='HS256') )_load_verify_signature)tokenr algorithmsverifyheaderr signing_input signaturerrrr4srcCst|\}}}}|S)a!Returns the decoded headers without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. rrrclaimsrrrrrget_unverified_headerRs r"cCst|S)a{Returns the decoded headers without verification of any kind. This is simply a wrapper of get_unverified_header() for backwards compatibility. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. )r")rrrrget_unverified_headersbsr#cCst|\}}}}|S)aReturns the decoded claims without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: str: The str representation of the token claims. Raises: JWSError: If there is an exception decoding the token. rr rrrget_unverified_claimsts r$cCs6d|d}|r||tj|dddd}t|S)NZJWT)typalg,:T) separators sort_keysutf-8)updatejsondumpsencoder )rr rZ json_headerrrrr s  r cCs@t|tr8ztj|ddd}Wntk r6YnXt|S)Nr')r*r,) isinstancerr.r/r0 ValueErrorr )rrrrr s r c Csd||g}z$t|ts&t||}||}Wn*tk r\}z t|W5d}~XYnXt|}d|||g}| dS)N.r,) joinr1rr constructr Exceptionrr decode) rZencoded_claimsrrrreZencoded_signatureencoded_stringrrrrs  rc CsDt|tr|d}z,|dd\}}|dd\}}t|}Wn<tk r\tdYn"tt j fk r|tdYnXzt | d}Wn.tk r}ztd|W5d}~XYnXt|tstdz t|}Wn$tt j fk rtdYnXz t|} Wn$tt j fk r6td YnX|||| fS) Nr,r3zNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r1strr0rsplitsplitr r2r TypeErrorbinasciiErrorr.loadsr7r) jwtrZcrypto_segmentZheader_segmentZclaims_segmentZ header_datarr8rrrrrrs2       rc CsR|D]H}t|tst||}z|||r4WdSWqtk rJYqXqdS)NTF)r1rrr5rr6)keysrrr&rrrr_sig_matches_keyss    rDcCst|tr|fSztj|ttd}Wntk r8YnXt|trzd|krT|dSd|krb|fS|}|rr|S|fSn(t|trt|tst|t s|S|fSdS)N) parse_int parse_floatrCZkty) r1rr.rAr;r6rvaluesrbytes)rrGrrr _get_keyss$  rIcCs|d}|std|dk r.||kr.tdt|}zt||||sLtWn:tk rjtdYn tk rtd|YnXdS)Nr&z-No algorithm was specified in the JWS header.z&The specified alg value is not allowedzSignature verification failed.z$Invalid or unsupported algorithm: %s)getrrIrDr)rrrrrr&rCrrrrs   r)T)N)rJN) r?r.collections.abcrr ImportError collectionsjoserZjose.backends.baserZjose.constantsrZjose.exceptionsrrZ jose.utilsr r HS256rrr"r#r$r r rrrDrIrrrrrs,   $   !