a |fM@sddlZddlmZmZddlmZddlmZddlm Z ddl m Z ddl m Z mZddlmZdd lmZdd lmZdd lmZdd lmZmZdd lmZmZGdddZgZzddlmZmZedWneyeZeZYn0zddl m!Z!m"Z"edWney.eZ!eZ"Yn0z8ddl#m$Z$m%Z%e&e%ddZ'e'dur\eedWneyeZ$eZ%Yn0zddl(m)Z)m*Z*edWneyeZ)eZ*Yn0eddZ+eddZ,eddZ-eddZ.e+eee,e!e"e-e$e%e.e)e*dZ/dddddZ0Gd d!d!eZ1ed"d#Z2e2d$d%d%e1j3e2d&d%d%e1j4e2d'd%d%e1j4e2d(d)d)e1j4d*e2d+d%d%e1j4e2d,d%d%e1j5e2d-d)d)e1j5e2d.d)d)e1j5e2d/d)d)e1j5e2d0d)d)e1j5e2d1d)d)e1j5e2d2d)d)e1j5e2d3d)d)e1j6d4 d5e2d6d)d%e1j4ie2d$d%d%e1j3e2d7d%d%e1j4e2d8d)d)e1j4d9dZ7e2d:d%dde2d;d%dde2dd%dde2d?d%dde2d@d%dde2dAd%dde2dBd%dddC Z8dDdEdFdGdHdIdJdKdLdMdNdO Z9dPdQdRZ:dSdTdUdVdWdXdYdZd[Z;d\d]d^d_d`dadbdcZe ?e @e Ae Be Ce Dddde EdedfZFGdgdhdheZGGdidjdjeZHGdkdldleZIGdmdndneZJGdodpdpeKZLGdqdrdreMZNGdsdtdteKZOdS)uN)hexlify unhexlify) namedtuple)Enum)x509)default_backend)hashes serialization)ec)rsa) deprecated) JWException)base64url_decodebase64url_encode) json_decode json_encodec@s0eZdZeddZeddZeddZdS)UnimplementedOKPCurveKeycCstdSNNotImplementedError)clsrFD:\Projects\storyit_web\backend\venv\Lib\site-packages\jwcrypto/jwk.pygeneratesz!UnimplementedOKPCurveKey.generatecGstdSrrrargsrrrfrom_public_bytessz*UnimplementedOKPCurveKey.from_public_bytescGstdSrrrrrrfrom_private_bytessz+UnimplementedOKPCurveKey.from_private_bytesN)__name__ __module__ __qualname__ classmethodrrrrrrrrs   r)Ed25519PublicKeyEd25519PrivateKeyEd25519)Ed448PublicKeyEd448PrivateKeyEd448)X25519PublicKeyX25519PrivateKeyrX25519) X448PublicKeyX448PrivateKeyX448zpubkey privkey)r$r'r*r-zElliptic CurveRSAzOctet sequencezOctet Key Pair)ECr.octOKPc@seZdZdZdZdZdZdS)ParmTypezA string with a namezBase64url EncodedzBase64urlUint EncodedzUnsupported ParameterN)rrr nameb64b64u unsupportedrrrrr2dsr2 Parameterz description public required typeZCurveTz X Coordinatez Y CoordinatezECC Private KeyF)crvxydZModulusExponentzPrivate ExponentzFirst Prime FactorzSecond Prime FactorzFirst Factor CRT ExponentzSecond Factor CRT ExponentzFirst CRT CoefficientzOther Primes Info) ner;pqdpdqqiZothkz Key Valuez Public Keyz Private Key)r8r9r;zKey TypezPublic Key UsezKey OperationsZ AlgorithmzKey IDz X.509 URLzX.509 Certificate Chainz"X.509 Certificate SHA-1 Thumbprintz$X.509 Certificate SHA-256 Thumbprint) ktyusekey_opsalgkidZx5uZx5cZx5tzx5t#S256z P-256 curvez P-384 curvez P-521 curvezSECG secp256k1 curvez%Ed25519 signature algorithm key pairsz#Ed448 signature algorithm key pairszX25519 function key pairszX448 function key pairsz\BrainpoolP256R1 curve (unregistered, custom-defined in breach of IETF rules by gematik GmbH)z\BrainpoolP384R1 curve (unregistered, custom-defined in breach of IETF rules by gematik GmbH)z\BrainpoolP512R1 curve (unregistered, custom-defined in breach of IETF rules by gematik GmbH)) P-256P-384P-521 secp256k1r$r'r*r-BP-256BP-384BP-512zDigital Signature or MACZ Encryption)sigencz Compute digital Signature or MACzVerify digital signature or MACzEncrypt contentz6Decrypt content and validate decryption, if applicablez Encrypt keyz2Decrypt key and validate decryption, if applicablez Derive keyz#Derive bits not to be used as a key)signverifyencryptdecryptwrapKey unwrapKey deriveKey deriveBitsrJrKrLrMrNrOrP)Z secp256r1Z secp384r1Z secp521r1rMZbrainpoolP256r1ZbrainpoolP384r1ZbrainpoolP512r1 @)sha-256z sha-256-128z sha-256-120z sha-256-96z sha-256-64z sha-256-32zsha-384zsha-512zsha3-224zsha3-256zsha3-384zsha3-512z blake2s-256z blake2b-256z blake2b-512cs*eZdZdZdfdd ZddZZS)InvalidJWKTypezfInvalid JWK Type Exception. This exception is raised when an invalid parameter type is used. Ncstt|||_dSr)superr^__init__value)selfra __class__rrr`szInvalidJWKType.__init__cCsd|jttfS)Nz&Unknown type "%s", valid types are: %s)ralistJWKTypesRegistrykeysrbrrr__str__szInvalidJWKType.__str__)Nrrr __doc__r`ri __classcell__rrrcrr^sr^cs(eZdZdZfddZddZZS)InvalidJWKUsagezInvalid JWK usage Exception. This exception is raised when an invalid key usage is requested, based on the key type and declared usage constraints. cstt|||_||_dSr)r_rmr`rarF)rbrFrarcrrr`szInvalidJWKUsage.__init__cCs\|jttvrt|j}n d|j}|jttvrFt|j}n d|j}d||fS)N Unknown(%s)z.Invalid usage requested: "%s". Valid for: "%s")rFreJWKUseRegistryrgra)rbusagevalidrrrris    zInvalidJWKUsage.__str__rjrrrcrrms rmcs(eZdZdZfddZddZZS)InvalidJWKOperationzInvalid JWK Operation Exception. This exception is raised when an invalid key operation is requested, based on the key type and declared usage constraints. cstt|||_||_dSr)r_rrr`opvalues)rb operationrtrcrrr`szInvalidJWKOperation.__init__cCsr|jttvrt|j}n d|j}g}|jD]2}|ttvrV|t|q2|d|q2d||fS)Nrnz2Invalid operation requested: "%s". Valid for: "%s")rsreJWKOperationsRegistryrgrtappend)rbrsrqvrrrris   zInvalidJWKOperation.__str__rjrrrcrrrs rrc@seZdZdZdS)InvalidJWKValuezInvalid JWK Value Exception. This exception is raised when an invalid/unknown value is used in the context of an operation that requires specific values to be used based on the key type or other constraints. N)rrr rkrrrrry"srycseZdZdZfddZeddZddZdd d Zd d Z dd dZ ddZ ddZ ddZ dddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zed'd(Zdd+d,Zdd-d.Zd/d0Zdd1d2Zdd3d4Zdd5d6Zd7d8Zed9d:Z ed;d<Z!ed=d>Z"ee#d?d@Z$ee#dAdBZ%ee#dCdDZ&e#dEdFZ'dGdHZ(dIdJZ)dKdLZ*dMdNZ+dOdPZ,dQdRZ-dSdTZ.dUdVZ/dWdXZ0dYdZZ1d[d\Z2d]d^Z3dd_d`Z4ddadbZ5ddcddZ6dedfZ7ddgdhZ8ddidjZ9edkdlZ:eddmdnZ;e<=fdodpZ>ddrdsZ?fdtduZ@dvdwZAddxdyZBfdzd{ZCd|d}ZDd~dZEddZFfddZGeddZHddZIZJS)JWKzJSON Web Key object This object represents a Key. It must be instantiated by using the standard defined key/value pairs as arguments of the initialization function. c sLtt|d|_d|_d|vr4|jfi|n|rH|jfi|dS)aCreates a new JWK object. The function arguments must be valid parameters as defined in the 'IANA JSON Web Key Set Parameters registry' and specified in the :data:`JWKParamsRegistry` variable. The 'kty' parameter must always be provided and its value must be a valid one as defined by the 'IANA JSON Web Key Types registry' and specified in the :data:`JWKTypesRegistry` variable. The valid key parameters per key type are defined in the :data:`JWKValuesRegistry` variable. To generate a new random key call the class method generate() with the appropriate 'kty' parameter, and other parameters as needed (key size, public exponents, curve types, etc..) Valid options per type, when generating new keys: * oct: size(int) * RSA: public_exponent(int), size(int) * EC: crv(str) (one of P-256, P-384, P-521, secp256k1) * OKP: crv(str) (one of Ed25519, Ed448, X25519, X448) Deprecated: Alternatively if the 'generate' parameter is provided with a valid key type as value then a new key will be generated according to the defaults or provided key strength options (type specific). :param \**kwargs: parameters (optional). :raises InvalidJWKType: if the key type is invalid :raises InvalidJWKValue: if incorrect or inconsistent parameters are provided. Nr)r_rzr` _cache_pub_k _cache_pri_k generate_key import_key)rbkwargsrcrrr`3s z JWK.__init__c Ksd|}d}z|d}t|d|}Wn2ttfyV}zt||WYd}~n d}~00|||S)NrE _generate_%s)getattrKeyErrorAttributeErrorr^)rrobjrEgenr>rrrr\s z JWK.generatec Ks`d}z|d}t|d|}Wn2ttfyR}zt||WYd}~n d}~00||dS)Nrr)poprrrr^)rbparamsrErr>rrrr}hs  zJWK.generate_keyNc Csx|}d|vr|d}n\d|vrtzddlm}||d}Wn.tyl}ztd|WYd}~n d}~00|j}|S)NsizerHr)JWAzInvalid 'alg' parameter)rZ jwcrypto.jwarZinstantiate_algr ValueErrorZ input_keysize)rbrZ default_sizerrrHr>rrr _get_gen_sizers   zJWK._get_gen_sizecCsB||d}t|d}d|d<t||d<|jfi|dS)Nr0rErD)rosurandomrr~)rbrrkeyrrr _generate_octs   zJWK._generate_octcCsfd}|dur|ddd}t|dd}t|}||krJ||8}n|d}tt|d|S)NrrL0x0)hexrstriplstriplenrr)rbiZbit_sizeextendZhexiZhexlrrr _encode_ints zJWK._encode_intcCsHd}||d}d|vr"|d}t||t}|j|fi|dS)NiiZpublic_exponent)rrr generate_private_keyr_import_pyca_pri_rsa)rbrZpubexprrrrr _generate_RSAs   zJWK._generate_RSAc Ks||}|jd||jj||jj||j||j||j||j ||j ||j d |j fi|dS)Nr.) rEr=r>r;r?r@rArBrC) private_numbersupdaterpublic_numbersr=r>r;r?r@Zdmp1Zdmq1Ziqmpr~rbrrpnrrrrs         zJWK._import_pyca_pri_rsacKs<|}|jd||j||jd|jfi|dS)Nr.)rEr=r>)rrrr=r>r~rrrr_import_pyca_pub_rsas  zJWK._import_pyca_pub_rsacCs|d}|dur|}n|dkr&d}n|}|rV|}|dkr>d}||krVtd||f|d}|dur|dur||krtd||f|dkrtS|dkrtS|d krtS|dkrtS|d krtS|d krt S|d krt S|t vr t |Std |dS)Nr8zP-256KrMz.Curve requested is "%s", but key curve is "%s"rEz>Curve Requested is of type "%s", but key curve is of type "%s"rJrKrLrNrOrPzUnknown Curve Name [%s]) getryr^r Z SECP256R1Z SECP384R1Z SECP521R1Z SECP256K1ZBrainpoolP256R1ZBrainpoolP384R1ZBrainpoolP512R1_OKP_CURVES_TABLE)rbr3ctyper8cnameZccrvrErrr_get_curve_by_namesH    zJWK._get_curve_by_namecCsXd}d|vr|d}d|vr(|d}||d}t|t}|j|fi|dS)NrJcurver8r/)rrr rr_import_pyca_pri_ec)rbrrcurve_fnrrrr _generate_ECs   zJWK._generate_ECc Ksd|}|jjj}|jdt|jj||jj|||jj |||j |d|j fi|dS)Nr/)rEr8r9r:r;) rrrkey_sizerJWKpycaCurveMapr3rr9r:Z private_valuer~rbrrrrrrrrs   zJWK._import_pyca_pri_eccKsR|}|jj}|jdt|jj||j|||j|d|j fi|dS)Nr/)rEr8r9r:) rrrrrr3rr9r:r~rrrr_import_pyca_pub_ecs   zJWK._import_pyca_pub_eccCs@d|vrtd||dd}|j}|j|fi|dS)Nr8z)Must specify "crv" for OKP key generationr1)ryrprivkeyr_import_pyca_pri_okp)rbrrrrrr _generate_OKPs  zJWK._generate_OKPcCs<tD]"\}}t||j|jfr|Sqtd|dS)NzInvalid OKP Key object %r)ritems isinstancepubkeyrry)rbrr3valrrr_okp_curve_from_pyca_key s zJWK._okp_curve_from_pyca_keyc Ks^|jd||t|tjjtjjtt| tjjtj jd|j fi|dS)Nr1)rEr8r;r9) rrr private_bytesr EncodingRaw PrivateFormat NoEncryption public_key public_bytes PublicFormatr~rbrrrrrrs  zJWK._import_pyca_pri_okpcKs>|jd||t|tjjtjjd|jfi|dS)Nr1)rEr8r9) rrrrr rrrr~rrrr_import_pyca_pub_okpszJWK._import_pyca_pub_okpc Ksi}d}d|_d|_t|}ttD],}||vr,||||<||vr,||qDq,|d}|tvrtt|tt |D]4}||vr||||<|d7}||vr||qqt | D]\}}|j r||vrt d||j tjkr||vrt d||j tjkrl||vrlzt||Wn4tyj}zt d||WYd}~n d}~00|j tjkr||vrz|||Wqty}zt d||WYd}~qd}~00q|D]}||||<q|dkrt dd |vrF|d D]>} d} |d D]} | | kr| d7} q| dkrt d qd |vrd |vrd d g} gd} |d dkr| D]}||d vr|t dq|n0|d dkr| D]}||d vrt dq||d|d||dS)NrrEzMissing required value %szUnsupported parameter %s"%s" is not base64url encoded!"%s" is not Base64urlUInt encodedzNo Key Values foundrGzDuplicate values in "key_ops"rFrSrT)rUrVrWrXrYrZrQzBIncompatible "use" and "key_ops" values specified at the same timerR)r{r|rergJWKParamsRegistryremoverrfr^JWKValuesRegistryrrequiredrytyper2r6r4r Exceptionr5 _decode_intclear __setitem__r)rbrZnewkeyZkey_valsnamesr3rErr>koZcntZckoZsiglZenclrsrrrr~(s               zJWK.import_keyc CsR|}z t|}Wn*ty<}zt|WYd}~n d}~00|jfi||S)zCreates a RFC 7517 JWK from the standard JSON format. :param key: The RFC 7517 representation of a JWK. :return: A JWK object that holds the json key. :rtype: JWK N)rrryr~)rrrZjkeyr>rrr from_jsons  z JWK.from_jsonTFcCs|dur||S||S)aExports the key in the standard JSON format. Exports the key regardless of type, if private_key is False and the key is_symmetric an exception is raised. :param private_key(bool): Whether to export the private key. Defaults to True. :return: A portable representation of the key. If as_dict is True then a dictionary is returned. By default a json string :rtype: `str` or `dict` T) _export_all export_public)rb private_keyas_dictrrrexports  z JWK.exportcCs|}|dur|St|S)aExports the public key in the standard JSON format. It fails if one is not available like when this function is called on a symmetric key. :param as_dict(bool): If set to True export as python dict not JSON :return: A portable representation of the public key only. If as_dict is True then a dictionary is returned. By default a json string :rtype: `str` or `dict` T)_public_paramsr)rbrpubrrrrs zJWK.export_publiccCsx|jstdi}t}|D](}||jr||vr||||<qt|d}|D]}||jrV||||<qV|S)NNo public key availablerE) has_publicr^rpublicrgrr)rbrregr3rrrrs   zJWK._public_paramscCs"i}|||dur|St|S)NT)rr)rbrr;rrrrs  zJWK._export_allcCs|jr||StddS)aExport the private key in the standard JSON format. It fails for a JWK that has only a public key or is symmetric. :param as_dict(bool): If set to True export as python dict not JSON :return: A portable representation of a private key. If as_dict is True then a dictionary is returned. By default a json string :rtype: `str` or `dict` No private key availableN) has_privaterr^rbrrrrexport_privates  zJWK.export_privatecCs|jr||StddS)NzNot a symmetric key) is_symmetricrr^rrrrexport_symmetrics zJWK.export_symmetriccCs|}tfi|Sr)rrz)rbrrrrrsz JWK.publiccCsB|jr dSt|d}|D] }||jr||vrdSqdS)z4Whether this JWK has an asymmetric Public key value.FrETrrrrrgrbrr3rrrrszJWK.has_publiccCsB|jr dSt|d}|D] }||js||vrdSqdS)z5Whether this JWK has an asymmetric Private key value.FrETrrrrrrszJWK.has_privatecCs|ddkS)z$Whether this JWK is a symmetric key.rEr0rrhrrrrszJWK.is_symmetriccCs |dS)z The Key typerErrhrrrkey_typesz JWK.key_typecCs |dS)z^The Key ID. Provided by the kid parameter if present, otherwise returns None. rIrrhrrrkey_idsz JWK.key_idcCs |ddvrtd|dS)zThe Curve Name.rE)r/r1zNot an EC or OKP keyr8)rr^rhrrr key_curve sz JWK.key_curvecCs ||S)a0Gets the Elliptic Curve associated with the key. :param arg: an optional curve name :raises InvalidJWKType: the key is not an EC or OKP key. :raises InvalidJWKValue: if the curve name is invalid. :return: An EllipticCurve object :rtype: `EllipticCurve` )r)rbargrrr get_curves z JWK.get_curvecCsT|d}|r ||kr t|||d}|rPt|ts>|g}||vrPt||dS)NrFrG)rrmrrerr)rbrprurFopsrrr_check_constraints"s     zJWK._check_constraintscCsttt|dS)N)intrr)rbr=rrrr.szJWK._decode_intcCs,||d}||d}t||S)Nr>r=)rrr ZRSAPublicNumbers)rbr>r=rrr _rsa_pub_n1szJWK._rsa_pub_nc Csz||d}||d}||d}||d}||d}||d}t|||||||S)Nr?r@r;rArBrC)rrr ZRSAPrivateNumbersr)rbr?r@r;rArBrCrrr _rsa_pri_n6szJWK._rsa_pri_ncCs(|j}|dur$|t}||_|Sr)r{rrrrbrDrrr_rsa_pub?s z JWK._rsa_pubcCs(|j}|dur$|t}||_|Sr)r|rrrrrrr_rsa_priFs z JWK._rsa_pricCs<||d}||d}|j|dd}t|||S)Nr9r:r/)r)rrrr ZEllipticCurvePublicNumbers)rbrr9r:rrrr _ec_pub_nMsz JWK._ec_pub_ncCs"||d}t|||S)Nr;)rrr ZEllipticCurvePrivateNumbersr)rbrr;rrr _ec_pri_nSsz JWK._ec_pri_ncCs*|j}|dur&||t}||_|Sr)r{rrrrbrrDrrr_ec_pubWs z JWK._ec_pubcCs*|j}|dur&||t}||_|Sr)r|rrrrrrr_ec_pri^s z JWK._ec_pric Cs||j}|durx|d}zt|j}Wn2tyX}ztd||WYd}~n d}~00t|d}||}||_|S)Nr8Unknown curve "%s"r9)r{rrrrryrr)rbrDr8rr>r9rrr_okp_pubes $ z JWK._okp_pubc Cs||j}|durx|d}zt|j}Wn2tyX}ztd||WYd}~n d}~00t|d}||}||_|S)Nr8rr;)r|rrrrryrr)rbrDr8rr>r;rrr_okp_priss $ z JWK._okp_pricCsV|d}|dkr|dS|dkr,|S|dkr>||S|dkrN|StdSNrEr0rDr.r/r1)rrrrrrbrZktyperrr_get_public_keys   zJWK._get_public_keycCsV|d}|dkr|dS|dkr,|S|dkr>||S|dkrN|StdSr)rrrrrrrrr_get_private_keys   zJWK._get_private_keycCs|dtt}|tur"|g}|durN|ddkrB|dSt||n|dkrl|d|||S|dkr|d|||S|d ks|d kr|d |||S|d ks|d kr|d |||StdS)aGet the key object associated to the requested operation. For example the public RSA key for the 'verify' operation or the private EC key for the 'decrypt' operation. :param operation: The requested operation. The valid set of operations is available in the :data:`JWKOperationsRegistry` registry. :param arg: An optional, context specific, argument. For example a curve name. :raises InvalidJWKOperation: if the operation is unknown or not permitted with this key. :raises InvalidJWKUsage: if the use constraints do not permit the operation. :return: A Python Cryptography key object for asymmetric keys or a baseurl64_encoded octet string for symmetric keys rGNrEr0rDrSrQrTrUrWrRrVrX) rrervrgrrrrrr)rbrurZvalidopsrrr get_op_keys,           zJWK.get_op_keycCst|tjr||nt|tjr0||ntt|tjrH||n\t|tj r`| |nDt|t t t fr|||n(t|tttfr||n td|dS)NzUnknown key object %r)rr Z RSAPrivateKeyrZ RSAPublicKeyrr ZEllipticCurvePrivateKeyrZEllipticCurvePublicKeyrr#r&r)rr"r%r(rryrbrrrrimport_from_pycas&          zJWK.import_from_pycacCsztj||td}Wnty}zt|dur2|ztj|td}WnFtyztj|td}|}Wnty|Yn0Yn0WYd}~n d}~00|||dur| }| d|dS)atImports a key from data loaded from a PEM file. The key may be encrypted with a password. Private keys (PKCS#8 format), public keys, and X509 certificate's public keys can be imported with this interface. :param data(bytes): The data contained in a PEM file. :param password(bytes): An optional password to unwrap the key. )passwordbackendNrrI) r Zload_pem_private_keyrrZload_pem_public_keyrZload_pem_x509_certificaterr thumbprintr)rbdatarrIrr>certrrrimport_from_pems.      & zJWK.import_from_pemcCstjj}|rx|jstdtjj}|dur4t}n0t|t rJt |}n|dur\t dnt d| j|||dS|jstdtjj}|j||dSdS) aqExports keys to a data buffer suitable to be stored as a PEM file. Either the public or the private key can be exported to a PEM file. For private keys the PKCS#8 format is used. If a password is provided the best encryption method available as determined by the cryptography module is used to wrap the key. :param private_key: Whether the private key should be exported. Defaults to `False` which means the public key is exported by default. :param password(bytes): A password for wrapping the private key. Defaults to False which will cause the operation to fail. To avoid encryption the user must explicitly pass None, otherwise the user needs to provide a password in a bytes buffer. :return: A serialized bytes buffer containing a PEM formatted key. :rtype: `bytes` rNFz+The password must be None or a bytes stringz!The password string must be bytes)encodingformatZencryption_algorithmr)r r)r rZPEMrr^rZPKCS8rrbytesZBestAvailableEncryptionr TypeErrorrrrrZSubjectPublicKeyInforr)rbrrrRfZenc_algrrr export_to_pems&    zJWK.export_to_pemcCs|}|||Sr)r)rrrrrr from_pyca s z JWK.from_pycacCs|}||||S)a?Creates a key from PKCS#8 formatted data loaded from a PEM file. See the function `import_from_pem` for details. :param data(bytes): The data contained in a PEM file. :param password(bytes): An optional password to unwrap the key. :return: A JWK object. :rtype: JWK )r )rr rrrrrfrom_pem&s  z JWK.from_pemcCspd|di}t|dD]\}}|jr||||<qtj|td}|tt | dt | S)zReturns the key thumbprint as specified by RFC 7638. :param hashalg: A hash function (defaults to SHA256) :return: A base64url encoded digest of the key :rtype: `str` rErutf8) rrrrrZHashrrrrencoderfinalize)rbZhashalgtr3rdigestrrrr 5s zJWK.thumbprintr]c Csnz t|}Wn4ty@}ztd||WYd}~n d}~00|durXtd|||}d||S)adReturns the key thumbprint URI as specified by RFC 9278. :param hname: A hash function name as specified in IANA's Named Information registry: https://www.iana.org/assignments/named-information/ Values from `IANANamedInformationHashAlgorithmRegistry` :return: A JWK Thumbprint URI :rtype: `str` zUnknown hash "{}"NzUnsupported hash "{}"z*urn:ietf:params:oauth:jwk-thumbprint:{}:{}))IANANamedInformationHashAlgorithmRegistryrryrr )rbhnamehr>rrrrthumbprint_uriFs  & zJWK.thumbprint_uric s|d}|dkrP|dur@|tvr*t|tt|||dS||krPtd|tt| vrTd|_ d|_ t||j t jkrz(t|}|dkr|dkr|dkrtWn2ty}ztd||WYd}~n d}~00nZt||j t jkr>z||Wn4ty<}ztd||WYd}~n d}~00tt|||dS|tt vr|tt|||dStt D]:}||krq|tt| vrtd||qtt|||dS) NrEzCannot change key typer0rDrrz Cannot set '{}' on '{}' key type)rrfr^r_rzrrrerrgr{r|rr2r4rrryr5rrrr)rbitemrarErxr>r3rcrrr]sZ   zJWK.__setitem__cOs,t|i|D]\}}|||qdSzV :param \*args: arguments :param \**kwargs: keyword arguments NdictrrrbrrrDrxrrrrsz JWK.updatecCs"||vr|||||Srrgrrrbrdefaultrrr setdefaults  zJWK.setdefaultcs||}|durt||dkrNtt|D]}||dur2tdq2|d}|dur|tt|vrd|_d|_tt| |dS)NrEz#Cannot remove 'kty', values present) rrrerrgr{r|r_rz __delitem__)rbrparamr3rErcrrr(s   zJWK.__delitem__cCs2t|tstS||ko0|d|dkSNrI)rrzNotImplementedr r)rbotherrrr__eq__s  z JWK.__eq__cCst||dfSr*)hashr rrhrrr__hash__sz JWK.__hash__cCszj|tvr&||vr&||WS|d}|durd|tt|vrd||vrd||WStWntyt|dYn0dS)NrE)rrgrrerrr)rbrrErrr __getattr__s       zJWK.__getattr__csz`|tvr|||ttD]$}|tt|vr&|||q&tt|||Wnt y|t |dYn0dSr) rrgrrerfrr_rz __setattr__rr)rbrrar3rcrrr1s   zJWK.__setattr__c Csd|}ddi}zt|d|d<Wn*tyN}zt|WYd}~n d}~00|jfi||S)zCreates a symmetric JWK key from a user password. :param password: A password in utf8 format. :return: a JWK object :rtype: JWK rEr0rrDN)rrrryr~)rrrrr>rrr from_passwords zJWK.from_passwordcCs(i}|dd|d<||d<t|S)NrIzMissing Key IDr )rr r)rb repr_dictrrr__repr__s z JWK.__repr__)N)N)N)TF)F)F)F)F)N)N)NN)NN)FF)N)r])N)Krrr rkr`r!rr}rrrrrrrrrrrrrrr~rrrrrrrrpropertyrrrr rrrrrrrrrrrrrrrrrrrrr rrrrSHA256r rrrr'r(r-r/r0r1r2r4rlrrrcrrz+s )    .    W                * ! &    9    rzc@seZdZddZdS)_JWKkeyscCs"t|tstdt||dS)zAdds a JWK object to the set :param elem: the JWK object to add. :raises TypeError: if the object is not a JWK. z#Only JWK objects are valid elementsN)rrzrsetaddrbelemrrrr9s z _JWKkeys.addN)rrr r9rrrrr7sr7cseZdZdZfddZddZddZfdd Zd d Zdd dZ ddZ d ddZ ddZ e ddZddZddZddZZS)!JWKSetzA set of JWK objects. Inherits from the standard 'dict' builtin type. Creates a special key 'keys' that is of a type derived from 'set' The 'keys' attribute accepts only :class:`jwcrypto.jwk.JWK` elements. cs6tt|tt|dt|j|i|dSNrg)r_r<r`rr7r)rbrrrcrrr`szJWKSet.__init__cCs |dSr=)__iter__rhrrrr> szJWKSet.__iter__cCs|d|Sr=) __contains__rrrrr?szJWKSet.__contains__cs8|dkr"t|ts"|d|ntt|||dSr=)rr7r9r_r<r)rbrrrcrrrszJWKSet.__setitem__cOs,t|i|D]\}}|||qdSr r!r#rrrrsz JWKSet.updateNcCs"||vr|||||Srr$r%rrrr'!s  zJWKSet.setdefaultcCs|d|dSr=)r9r:rrrr9&sz JWKSet.addTFcCs`i}|D]>\}}|dkrBg}|D]}||j|ddq$|}|||<q |durX|St|S)aExports a RFC 7517 key set. Exports as json by default, or as dict if requested. :param private_key(bool): Whether to export private keys. Defaults to True. :param as_dict(bool): Whether to return a dict instead of a JSON object :return: A portable representation of the key set. If as_dict is True then a dictionary is returned. By default a json string :rtype: `str` or `dict` rgT)r)rrwrr)rbZ private_keysrZexp_dictrDrxrgjwkrrrr)s z JWKSet.exportc Csz t|}Wn*ty6}zt|WYd}~n d}~00d|vrDt|D]<\}}|dkr|D]}|dtfi|q`qL|||<qLdS)zImports a RFC 7517 key set using the standard JSON format. :param keyset: The RFC 7517 representation of a JOSE key set. Nrg)rrryrr9rz)rbkeysetZjwksetr>rDrxr@rrr import_keysetCs zJWKSet.import_keysetcCs|}|||S)zCreates a RFC 7517 key set from the standard JSON format. :param keyset: The RFC 7517 representation of a JOSE key set. :return: A JWKSet object. :rtype: JWKSet )rB)rrArrrrrWs  zJWKSet.from_jsoncCsF||}t|dkrtdzt|dWSty@YdS0dS)zGets a key from the set. :param kid: the 'kid' key identifier. :return: A JWK from the set :rtype: JWK rz3Duplicate keys found with requested kid: 1 expectedrN)get_keysrrytuple IndexError)rbrIrgrrrget_keyds   zJWKSet.get_keycsfdd|dDS)zGets keys from the set with matching kid. :param kid: the 'kid' key identifier. :return: a List of keys :rtype: `list` csh|]}|dkr|qSrIr).0rrGrr {rz"JWKSet.get_keys..rgr)rbrIrrGrrCtszJWKSet.get_keyscCsNi}|D]8\}}|dkrr?rrr'r9rrBr!rrFrCr4rlrrrcrr<s      r<)Prbinasciirr collectionsrenumrZ cryptographyrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrr Z)cryptography.hazmat.primitives.asymmetricr r r Zjwcrypto.commonr rrrrrZImplementedOkpCurvesZ1cryptography.hazmat.primitives.asymmetric.ed25519r"r#rw ImportErrorZ/cryptography.hazmat.primitives.asymmetric.ed448r%r&Z0cryptography.hazmat.primitives.asymmetric.x25519r(r)rZ priv_bytesZ.cryptography.hazmat.primitives.asymmetric.x448r+r,Z_Ed25519_CURVEZ _Ed448_CURVEZ _X25519_CURVEZ _X448_CURVErrfr2Z JWKParameterr3r4r5r6rrZJWKEllipticCurveRegistryrorvrr6SHA384SHA512ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512ZBLAKE2sZBLAKE2brr^rmrrryr"rzr8r7r<rrrrsF                      "          N