a !fZe@s"ddlZddlZddlZddlmZddlmZmZddlmZmZddl m Z ddl m Z ddl mZmZddlmZddlm Zd d d d d dddZdZGdddeZGdddeZGdddeZGdddeZGdddeZeGdddeZGdddeZGd d!d!ZdS)"N) deprecated) JWException JWKeyNotFound) json_decode json_encode)JWE)default_allowed_algs)JWKJWKSet)JWSZIssuerSubjectZAudiencezExpiration Timez Not Beforez Issued AtzJWT ID)isssubaudexpnbfiatjtiTcs"eZdZdZdfdd ZZS) JWTExpiredznJSON Web Token is expired. This exception is raised when a token is expired according to its claims. Ncs>d}|rt|}nd}|r*|dt|7}tt||dS)Nz Token expired {%s})strsuperr__init__selfmessage exceptionmsg __class__M/var/www/html/python-backend/venv/lib/python3.9/site-packages/jwcrypto/jwt.pyr.s zJWTExpired.__init__)NN__name__ __module__ __qualname____doc__r __classcell__r r rr!r(srcs"eZdZdZdfdd ZZS)JWTNotYetValidz~JSON Web Token is not yet valid. This exception is raised when a token is not valid yet according to its claims. Ncs>d}|rt|}nd}|r*|dt|7}tt||dS)NzToken not yet validr)rrr(rrrr r!r@s zJWTNotYetValid.__init__)NNr"r r rr!r(9sr(cs"eZdZdZdfdd ZZS)JWTMissingClaimsJSON Web Token claim is invalid. This exception is raised when a claim does not match the expected value. Ncs>d}|rt|}nd}|r*|dt|7}tt||dSNzInvalid Claim Valuer)rrr)rrrr r!rQs zJWTMissingClaim.__init__)NNr"r r rr!r)Ksr)cs"eZdZdZdfdd ZZS)JWTInvalidClaimValuer*Ncs>d}|rt|}nd}|r*|dt|7}tt||dSr+)rrr,rrrr r!rbs zJWTInvalidClaimValue.__init__)NNr"r r rr!r,\sr,cs"eZdZdZdfdd ZZS)JWTInvalidClaimFormatzqJSON Web Token claim format is invalid. This exception is raised when a claim is not in a valid format. Ncs>d}|rt|}nd}|r*|dt|7}tt||dS)NzInvalid Claim Formatr)rrr-rrrr r!rss zJWTInvalidClaimFormat.__init__)NNr"r r rr!r-msr-cs"eZdZdZdfdd ZZS)JWTMissingKeyIDzJSON Web Token is missing key id. This exception is raised when trying to decode a JWT with a key set that does not have a kid value in its header. Ncs>d}|rt|}nd}|r*|dt|7}tt||dS)NzMissing Key IDr)rrr.rrrr r!rs zJWTMissingKeyID.__init__)NNr"r r rr!r.~sr.cs"eZdZdZdfdd ZZS) JWTMissingKeyzJSON Web Token is using a key not in the key set. This exception is raised if the key that was used is not available in the passed key set. Ncs>d}|rt|}nd}|r*|dt|7}tt||dS)Nz Missing Keyr)rrr/rrrr r!rs zJWTMissingKey.__init__)NNr"r r rr!r/sr/c@sxeZdZdZdFddZeddZejddZedd Zejd d Zed d Z e jd d Z eddZ e jddZ eddZ e jddZ dGddZ eddZ e jddZ ddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8ZdHd9d:ZdIdd?Z!d@dAZ"dBdCZ#dDdEZ$dS)JJWTzFJSON Web token object This object represent a generic token. Nc Csd|_d|_d|_||_d|_d|_d|_d|_d|_||_ |rF||_ |durT||_|durt|durn| |||_|dur||_ |dur| ||dS)aCreates a JWT object. :param header: A dict or a JSON string with the JWT Header data. :param claims: A dict or a string with the JWT Claims data. :param jwt: a 'raw' JWT token :param key: A (:class:`jwcrypto.jwk.JWK`) key to deserialize the token. A (:class:`jwcrypto.jwk.JWKSet`) can also be used. :param algs: An optional list of allowed algorithms :param default_claims: An optional dict with default values for registered claims. A None value for NumericDate type claims will cause generation according to system time. Only the values from RFC 7519 - 4.1 are evaluated. :param check_claims: An optional dict of claims that must be present in the token, if the value is not None the claim must match exactly. :param expected_type: An optional string that defines what kind of token to expect when validating a deserialized token. Supported values: "JWS" or "JWE" If left to None the code will try to detect what the expected type is based on other parameters like 'algs' and will default to JWS if no hints are found. It has no effect on token creation. Note: either the header,claims or jwt,key parameters should be provided as a deserialization operation (which occurs if the jwt is provided) will wipe any header or claim provided by setting those obtained from the deserialization of the jwt token. Note: if check_claims is not provided the 'exp' and 'nbf' claims are checked if they are set on the token but not enforced if not set. Any other RFC 7519 registered claims are checked only for format conformance. N<iXF)_header_claims_token_algs _reg_claims _check_claims_leeway _validitydeserializelog_expected_typeheader_check_check_claimsclaims deserialize) rr<r>jwtkeyZalgsZdefault_claims check_claims expected_typer r r!rs,$ z JWT.__init__cCs|jdurtd|jS)Nz'header' not set)r2KeyErrorrr r r!r<s z JWT.headercCs@t|trt|}n |}t|}|ddur6td||_dS)NZb64Fz8b64 header is invalid.JWTs cannot use unencoded payloads) isinstancedictrrget ValueErrorr2)rhehr r r!r<s  cCs|jdurtd|jS)Nz'claims' not set)r3rDrEr r r!r>s z JWT.claimscCsFt|ts$|js||_dSt|}n t|}||t||_dSN) rFrGr6r3rcopydeepcopy_add_default_claimsr)rdatar r r!r>s    cCs|jSrL)r4rEr r r!tokensz JWT.tokencCs2t|tst|tst|tr&||_ntddS)Nz.Invalid token type, must be one of JWS,JWE,JWT)rFr rr0r4 TypeError)rtr r r!rQscCs|jSrL)r8rEr r r!leewaysz JWT.leewaycCst||_dSrL)intr8)rZlwyr r r!rT!scCs|jSrL)r9rEr r r!validity%sz JWT.validitycCst||_dSrL)rUr9rvr r r!rV)scCs|jdurD|jrDt|jtdgr.d|_nt|jtrDd|_|jdurh|jrhdt|jvrhd|_|jdur|durt|t r| d}|dkrd|_n|dkrd|_ndt|t rd}|D],}| d}|dur|}q||krd}qq|dkrd|_n|dkrd|_|jdurn|durnt|t r| d}|rnt|t sZ|g}t|dd grvd|_nt|d d grnd|_nt|t rnd}d}|D]}| d}|rNt|t s|g}|dur2t|dd grtdd g}d}n0t|d d gr&td d g}d}n d}qbnt||s^d}qbn|rd}qbq|rn||_|jdurd|_|jS) NZRSA1_5rr encusesigZkey_opssignverifyZencryptdecrypt) r;r5setissubsetjwe_algsjws_algsr2rrFr rHr list)rrArZZall_usekopsZall_opsttyper r r!_expected_type_heuristics-s                 zJWT._expected_type_heuristicscCs|jdur|jS|SrL)r;rgrEr r r!rCus zJWT.expected_typecCs|dvr||_ntddS)N)r rz%Invalid value, must be 'JWS' or 'JWE')r;rIrWr r r!rCscCs.||vr dS|j|d}|dur*|||<dSrL)r6rH)rnamer>valr r r!_add_optional_claims zJWT._add_optional_claimcCs@||vr dS||jvr<|j|dur.|||<n|j|||<dSrL)r6)rrhr>Zdefvalr r r!_add_time_claims   zJWT._add_time_claimcCs*d|vsd|jvrdStt|d<dS)Nr)r6ruuiduuid4rr>r r r!_add_jti_claimszJWT._add_jti_claimcCs||jdurdStt}|d||d||d||d|||j|d|||d||||dS)Nr rrrrr)r6rUtimerjrkrVro)rr>nowr r r!rOs     zJWT._add_default_claimscCs8||vs||durdSt||ts4td|fdS)N"Claim %s is not a StringOrURI type)rFrr-rrhr>r r r!_check_string_claims zJWT._check_string_claimcCsh||vs||durdSt||trHtdd|Drdtd|fnt||tsdtd|fdS)Ncss|]}t|t VqdSrL)rFr).0claimr r r! z3JWT._check_array_or_string_claim..z'Claim %s contains non StringOrURI typesrr)rFrcanyr-rrsr r r!_check_array_or_string_claimsz JWT._check_array_or_string_claimc Csb||vs||durdSzt||Wn4ty\}ztd|f|WYd}~n d}~00dS)NzClaim %s is not an integer)rUrIr-)rrhr>er r r!_check_integer_claimszJWT._check_integer_claimcCs"|||krtd|||fdS)Nz#Expired at %d, time: %d(leeway: %d))rrrvlimitrTr r r! _check_exps zJWT._check_expcCs"|||krtd|||fdS)Nz#Valid from %d, time: %d(leeway: %d))r(r}r r r! _check_nbfs zJWT._check_nbfcCs|d||d||d||d||d||d||d||d||jdurd|vr||dt|jd|vr||dt|jdS Nr rrrrrrtyp)rtrzr|r7rrpr8rrnr r r!_check_default_claimss         zJWT._check_default_claimscCsd|d||d||d||d||d||d||d||d|dSr)rtrzr|)rrBr r r!r=s       zJWT._check_check_claimsc Csj|jdurdSzt|j}t|ts*tWn:tyf}z"|jdurPtd|WYd}~dSd}~00|||jdurdS|jD]\}}||vrt d|f|dvr|dur|||krt d||||fq|dkrp|durdt||t r ||}n ||g}t|t r(|}n|g}d}|D]}||vr6d}qRq6|sdt d ||||q|d kr|dur| |||d n| ||t|jq|d kr|dur||||d n|||t|jq|d kr:|durd|||||krdt d ||||fq|dur|||krt d||||fqdS)NFz4Claims check requested but claims is not a json dictzClaim %s is missing)r rrz*Invalid '%s' value. Expected '%s' got '%s'rTz)Invalid '{}' value. Expected '{}' in '{}'rrrrz3Invalid '%s' value. '%s' does not normalize to '%s')r7rr>rFrGrIr-ritemsr)r,rcformatrrpr8rnorm_typ) rr>r{rhvalueZtclaimsZcclaimsfoundrXr r r!_check_provided_claimss                       zJWT._check_provided_claimscCs |}d|vr|Sd|SdS)N/z application/)lower)rrilcr r r!r6sz JWT.norm_typcCs8t|j}|jr|j|_|j||jd||_d|_dS)aSigns the payload. Creates a JWS token with the header as the JWS protected header and the claims as the payload. See (:class:`jwcrypto.jws.JWS`) for details on the exceptions that may be raised. :param key: A (:class:`jwcrypto.jwk.JWK`) key. )Z protectedr N)r r>r5 allowed_algsZ add_signaturer<rQr;rrArSr r r!make_signed_token=s zJWT.make_signed_tokencCs6t|j|j}|jr|j|_||||_d|_dS)a"Encrypts the payload. Creates a JWE token with the header as the JWE protected header and the claims as the plaintext. See (:class:`jwcrypto.jwe.JWE`) for details on the exceptions that may be raised. :param key: A (:class:`jwcrypto.jwk.JWK`) key. rN)rr>r<r5rZ add_recipientrQr;rr r r!make_encrypted_tokenNs  zJWT.make_encrypted_tokenc Csbg|_|jdurtd||}d}t|jtrV|dkrLtrLtd||jj }n8t|jt r|dkr|tr|td||jj }ntdz|||j dWnt y&}zft|jtr|jj|_nt|jt r|jj|_|j d t|t|trt|WYd}~n d}~00|jj|_|jj}t|trP|d }||_|dS) aValidate a JWT token that was deserialized w/o providing a key :param key: A (:class:`jwcrypto.jwk.JWK`) verification or decryption key, or a (:class:`jwcrypto.jwk.JWKSet`) that contains a key indexed by the 'kid' header. Nz Token emptyr zExpected {}, got JWSrzExpected {}, got JWEToken format unrecognizedZSuccesszValidation failed: [{}]zutf-8)r:rQrIrgrFr JWT_expect_typerRrr]rr^append ExceptionZ verifylogZ decryptlogreprrr/Z jose_headerr<payloadbytesdecoder>r)rrAetZ validate_fnr{rr r r!validate_sD                 z JWT.validatecCsl|d}|dkrt|_n|dkr.t|_ntd|jrF|j|j_d|_|j|d|rh| |dS)aaDeserialize a JWT token. NOTE: Destroys any current status and tries to import the raw token provided. :param jwt: a 'raw' JWT token. :param key: A (:class:`jwcrypto.jwk.JWK`) verification or decryption key, or a (:class:`jwcrypto.jwk.JWKSet`) that contains a key indexed by the 'kid' header. .rN) countr rQrrIr5rr:r?r)rr@rArPr r r!r?s    zJWT.deserializeTcCs|s td|j|S)aSerializes the object into a JWS token. :param compact(boolean): must be True. Note: the compact parameter is provided for general compatibility with the serialize() functions of :class:`jwcrypto.jws.JWS` and :class:`jwcrypto.jwe.JWE` so that these objects can all be used interchangeably. However the only valid JWT representation is the compact representation. :return: A json formatted string or a compact representation string :rtype: `str` z)Only the compact serialization is allowed)rIrQ serialize)rcompactr r r!rsz JWT.serializecCs|}|||S)a3Creates a JWT object from a serialized JWT token. :param token: A string with the json or compat representation of the token. :raises InvalidJWEData or InvalidJWSObject: if the raw object is an invalid JWT token. :return: A JWT token :rtype: JWT )r?)clsrQobjr r r!from_jose_tokens zJWT.from_jose_tokencCs2t|tsdS|j|jko0|j|jko0|j|jkS)NF)rFr0r3r2rQ)rotherr r r!__eq__s    z JWT.__eq__cCs*z |WSty$|YS0dSrL)rr__repr__rEr r r!__str__s  z JWT.__str__cCs\t|j}d|jdd|jdd|dd|jdd|jdd|jdS) Nz JWT(header=z, zclaims=zjwt=zkey=None, algs=zdefault_claims=z check_claims=))rrQr2r3r5r6r7)rr@r r r!rs       z JWT.__repr__)NNNNNNNN)N)N)T)%r#r$r%r&rpropertyr<setterr>rQrTrVrgrCrjrkrorOrtrzr|rrrr=rrrrrr?r classmethodrrrrr r r r!r0sj @           H       N.   r0)rMrprlrZjwcrypto.commonrrrrZ jwcrypto.jwerrraZ jwcrypto.jwkr r Z jwcrypto.jwsr rbZJWTClaimsRegistryrrr(r)r,r-r.r/r0r r r r!s8