bghtddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZmZej d krdd l m!Z!ndd l"m!Z! dd l#m$Z$dd l%m&Z&dd l'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7m8Z8ddl9m:Z:m;Z;ddlZ>m?Z?m@Z@mAZAmBZBmCZCmDZDddlEmFZFmGZGmHZHmIZImJZJmKZKmLZLdZMn #eN$rdZMYnwxYwe r3e=e?zZOe2e4zZPe:e;ze7ze8zZQeOePzeQzZRe=e2ze:ze7zZSe?e4ze;ze8zZThdZUd(dZVGddeZWGddeWZXGddeWZYeMr:Gd d!eWZZGd"d#eWZ[Gd$d%eZZ\Gd&d'eWZ]dSdS))) annotationsN)ABCabstractmethod) TYPE_CHECKINGAnyClassVarNoReturnUnioncastoverloadInvalidKeyError) HashlibHashJWKDict) base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uint is_pem_format is_ssh_keyraw_to_der_signatureto_base64url_uint))Literal)InvalidSignature)default_backend)hashes)padding) ECDSA SECP256K1 SECP256R1 SECP384R1 SECP521R1 EllipticCurveEllipticCurvePrivateKeyEllipticCurvePrivateNumbersEllipticCurvePublicKeyEllipticCurvePublicNumbers)Ed448PrivateKeyEd448PublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_keyTF> ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kreturndict[str, Algorithm]ctttjttjttjd}t r+|ttjttjttjttjttjttjttjttjttjttjttjtd |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rGrHrIr?rJr@rBrArDrErFrC) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm OKPAlgorithm)default_algorithmss E/opt/cloudlinux/venv/lib64/python3.11/site-packages/jwt/algorithms.pyget_default_algorithmsr_ps }344}344}344  !!%l&9::%l&9::%l&9::$[%788%k&899$[%788$[%788$&))?@@()?@@()?@@%     & c&eZdZdZddZeddZedd Zedd Ze e ed dZ e e ed!d"dZ e ed!d#dZ e ed$dZ dS)% AlgorithmzH The interface for an algorithm used to sign and verify tokens. bytestrbytesrKct|dd}|ttrt|trzt |t jr`t j|t}| |t| St|| S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrW isinstancetype issubclassr HashAlgorithmHashrrXrdfinalizedigest)selfrcrfrps r^compute_hash_digestzAlgorithm.compute_hash_digests4T22  % %  58T** 58V%9:: 5 [_5F5FGGGF MM' " " "**++ +'**113344 4r`keyrcdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nrqrss r^ prepare_keyzAlgorithm.prepare_keyr`msgcdS)zn Returns a digital signature for the specified message using the specified key value. Nrurqryrss r^signzAlgorithm.signrxr`sigboolcdS)zz Verifies that the specified digital signature is valid for the specified message and key values. Nrurqryrsr}s r^verifyzAlgorithm.verifyrxr`as_dict Literal[True]rcdSNrukey_objrs r^to_jwkzAlgorithm.to_jwk  r`FLiteral[False]strcdSrrurs r^rzAlgorithm.to_jwkrr`Union[JWKDict, str]cdS)z3 Serializes a given key into a JWK Nrurs r^rzAlgorithm.to_jwkrxr`jwk str | JWKDictcdS)zJ Deserializes a given key from JWK back into a key object Nrurs r^from_jwkzAlgorithm.from_jwkrxr`N)rcrdrKrd)rsrrKr)ryrdrsrrKrd)ryrdrsrr}rdrKr~)rrrKrF)rrrKr)rr~rKr)rrrKr) __name__ __module__ __qualname____doc__rrrrwr|rr staticmethodrrrur`r^rbrbsX5555,   ^    ^    ^    ^\X     ^\X     ^\    ^\   r`rbc\eZdZdZddZdd Zdd ZedddZeddZ dS)rRzZ Placeholder for use when no signing or verification operations are required. rs str | NonerKNonec8|dkrd}|td|S)Nz*When alg = "none", key value must be None.rrvs r^rwzNoneAlgorithm.prepare_keys) "99C ?!"NOO O r`ryrdcdS)Nr`rur{s r^r|zNoneAlgorithm.signssr`r}r~cdS)NFrurs r^rzNoneAlgorithm.verifysur`Frrrr ctrrirs r^rzNoneAlgorithm.to_jwk!###r`rrctrrrs r^rzNoneAlgorithm.from_jwkrr`N)rsrrKr)ryrdrsrrKrd)ryrdrsrr}rdrKr~r)rrrr~rKr )rrrKr ) rrrrrwr|rrrrrur`r^rRrRs $$$$\$$$$\$$$r`rRceZdZUdZejZded<ejZ ded<ej Z ded<d#d Z d$dZ eed%dZeed&d'dZed&d(dZed)dZd*dZd+d!Zd"S),rSzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rTrUrVrfrrKrc||_dSrrfrqrfs r^__init__zHMACAlgorithm.__init__s   r`rs str | bytesrdc~t|}t|st|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrrrqrs key_bytess r^rwzHMACAlgorithm.prepare_keysM$$  # # z)'<'< !9  r`rrrrcdSrrurs r^rzHMACAlgorithm.to_jwk  r`FrrcdSrrurs r^rzHMACAlgorithm.to_jwkrr`r~rctt|dd}|r|Stj|S)Noct)kkty)rrdecodejsondumps)rrrs r^rzHMACAlgorithm.to_jwksO"+g"6"677>>@@    #J:c?? "r`rrcL t|trtj|}nt|tr|}nt n#t $rt dwxYw|ddkrt dt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rjrrloadsdict ValueErrorrgetr)robjs r^rzHMACAlgorithm.from_jwk)s ;#s## !#z#C&& !   ; ; ;!"9:: : ; 775>>U " "!"344 4C))) A A A&ryc\tj|||jSr)hmacnewrfrpr{s r^r|zHMACAlgorithm.sign:s$xS$-0077999r`r}cTtj||||Sr)rcompare_digestr|rs r^rzHMACAlgorithm.verify=s#"3 #s(;(;<<r<rr=rs r^rwzRSAAlgorithm.prepare_keyPs# |<==  cE3<00 B @AAA#C((I J'' 33 .A).L.LMMM%';IPT'U'U'U J J JL*=i*H*HIIIII Js6B5#B55,C$#C$rrrrcdSrrurs r^rzRSAAlgorithm.to_jwkc  Cr`FrrcdSrrurs r^rzRSAAlgorithm.to_jwkhrr`r~rc d}t|drM|}ddgt|jjt|jjt|jt|jt|j t|j t|j t|j d }nt|dre|}ddgt|jt|jd}ntd|r|Stj|S)Nprivate_numbersRSAr|) rkey_opsnedpqdpdqqir)rrrrNot a public or private key)hasattrrrpublic_numbersrrrrrrdmp1dmq1iqmprrr)rrrnumberss r^rzRSAAlgorithm.to_jwkms*.Cw 122 E!1133! &x*7+A+CDDKKMM*7+A+CDDKKMM*7955<<>>*7955<<>>*7955<<>>+GL99@@BB+GL99@@BB+GL99@@BB  (++ E!0022! (z*7955<<>>*7955<<>> &&CDDD ' z#&r`rrc 8 t|trtj| nt|tr| nt n#t $rt dwxYw ddkrt dd vrd vrd vrd vrt d gd } fd |D}t|}|rt|st d tt dt d}|rtt dt d t dt dt dt d|}nst d}t|j||j\}}t|||t!||t#||t%|||}|Sd vrLd vrHtt dt dSt d)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcg|]}|vSruru).0proprs r^ z)RSAAlgorithm.from_jwk..sCCCtts{CCCr`z@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rjrrrrrrranyallr3rr1r7rrr4r5r6 private_key public_key) r other_props props_foundany_props_foundrrrrrrs @r^rzRSAAlgorithm.from_jwks ?c3''%*S//CCT**%CC$$ ? ? ?%&=>>> ?wwu~~&&%&6777czzcSjjSCZZC<<)O;:: CCCC{CCC "%k"2"2"3{+;+;)Z"2'C11'C11"" #/-c#h77-c#h77-c#h770T;;0T;;0T;;'5GG,CH55A4&(!^-=DAq0)!Q//)!Q//)!Q//'5G**,,,s ''C11'C11*,, &&CDDDs A A A'ryrdr0cv||tj|Sr)r|r!PKCS1v15rfr{s r^r|zRSAAlgorithm.signs)88C!1!3!3T]]__EE Er`r2r}c |||tj|dS#t$rYdSwxYw)NTF)rr!rrfrrs r^rzRSAAlgorithm.verifysW  3W%5%7%7IIIt#   uu s;? A  A NrfrrKr)rsrrKr)rrrrrKrr)rrrrrKr)rrrr~rKr)rrrKrryrdrsr0rKrdryrdrsr2r}rdrKr~)rrrrr rTrrUrVrrwr rrrr|rrur`r^rYrYCs^  8>}DDDD7=}DDDD7=}DDDD % % % % J J J J&                  5:& '& '& '& ' & 'P E EE EE E E EN F F F F      r`rYceZdZUdZejZded<ejZded<ejZded<d&d Z d'dZ d(dZ d)dZ e ed*dZe ed+d,dZe d+d-d!Zed.d$Zd%S)/rZzr Performs signing and verification operations using ECDSA and the specified hash function rrTrUrVrfrrKrc||_dSrrrs r^rzECAlgorithm.__init__rr`rsAllowedECKeys | str | bytes AllowedECKeysct|ttfr|St|ttfst dt |} |drt|}nt|}n!#t$rt|d}YnwxYwt|ttfstd|S)Nrs ecdsa-sha2-rzcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms) rjr(r*rdrrrrr>r=rr<r)rqrsr crypto_keys r^rwzECAlgorithm.prepare_keys# 79OPQQ  cE3<00 B @AAA#C((I  L''77@!4Y!?!?JJ!4Y!?!?J L L L1)dKKK  L46LM &y s4BB-,B-ryrdr(c||t|}t||jSr)r|r"rfrcurve)rqryrsder_sigs r^r|zECAlgorithm.signs7hhsE$--//$:$:;;G';; ;r`'AllowedECKeys'r}r~c< t||j}n#t$rYdSwxYw t|tr|n|}|||t|dS#t$rYdSwxYw)NFT) rrrrjr(rrr"rfr)rqryrsr}rrs r^rzECAlgorithm.verifys .sCI>>   uu  "#'>??CNN$$$ !!'3dmmoo0F0FGGGt#   uu s &&A!B BBrrrrcdSrrurs r^rzECAlgorithm.to_jwk)rr`FrrcdSrrurs r^rzECAlgorithm.to_jwk.rr`rcpt|tr'|}n9t|tr|}nt dt|jtrd}nnt|jtrd}nQt|jtrd}n4t|jtrd}nt d|jd|t|j  t|j d}t|tr;t|j |d <|r|St#j|S) NrP-256P-384P-521 secp256k1Invalid curve: EC)rcrvxyr)rjr(rrr*rrr$r%r&r#rrrrr private_valuerr)rrrrrs r^rzECAlgorithm.to_jwk3s'#:;; E!(!3!3!5!5!D!D!F!FG%;<< E!(!7!7!9!9%&CDDD'-33 IGM955 IGM955 IGM955 I!%&G &G&GHHH&~'788??AA&~'788??AA ##C'#:;; ,++--;&((C ' z#&r`rrc t|trtj|}nt|tr|}nt n#t $rt dwxYw|ddkrt dd|vsd|vrt dt|d}t|d}|d}|dkrIt|t|cxkrd krnnt}n t d |d krHt|t|cxkrd krnnt}nt d |dkrHt|t|cxkrdkrnnt}not d|dkrHt|t|cxkrd krnnt}n!t dt d|tt|dt|d|}d|vr|St|d}t|t|krt dt||t%t|d|S)NrrrzNot an Elliptic curve keyrrrr z)Coords should be 32 bytes for curve P-256r0z)Coords should be 48 bytes for curve P-384rBz)Coords should be 66 bytes for curve P-521rz-Coords should be 32 bytes for curve secp256k1rbig) byteorder)rrrrz!D should be {} bytes for curve {})rjrrrrrrrrlenr$r%r&r#r+int from_bytesrr)r)rrrrr curve_objrrs r^rzECAlgorithm.from_jwkZs; ?c3''%*S//CCT**%CC$$ ? ? ?%&=>>> ?wwu~~%%%&ABBB#~~C%&ABBB ..A ..AGGENNEq66SVV))))r))))) ) II)*UVVV'!!q66SVV))))r))))) ) II)*UVVV'!!q66SVV))))r))))) ) II)*UVVV+%%q66SVV))))r))))) ) II)G&&?&?&?@@@7..e.44..e.44N #~~%00222 ..A1vvQ%7Q/qE22Nkmm rNr)rsrrKr)ryrdrsr(rKrd)ryrdrsr r}rdrKr~)rrrrrKrr)rrrrrKr)rrrr~rKr)rrrKr)rrrrr rTrrUrVrrwr|rr rrrrur`r^rZrZsS  8>}DDDD7=}DDDD7=}DDDD % % % %    < < < < <     "                  49$ '$ '$ '$ ' $ 'L A A A  A A A r`rZc"eZdZdZd dZdd Zd S)r[zA Performs a signature using RSASSA-PSS with MGF1 ryrdrsr0rKc ||tjtj||j|S)Nmgf salt_length)r|r!PSSMGF1rf digest_sizer{s r^r|zRSAPSSAlgorithm.signs_88  T]]__55 $  ;   r`r2r}r~c  |||tjtj||j|dS#t $rYdSwxYw)Nr$TF)rr!r'r(rfr)rrs r^rzRSAPSSAlgorithm.verifys  K#L99$(MMOO$?MMOOt#   uu sA9A== B  B Nrr)rrrrr|rrur`r^r[r[sF            r`r[ceZdZdZd!dZd"d Zd#dZd$dZee d%dZ ee d&d'dZ e d&d(dZ e d)dZ d S)*r\z Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrKrc dSrru)rqr,s r^rzOKPAlgorithm.__init__s Dr`rsAllowedOKPKeys | str | bytesAllowedOKPKeysct|ttfrt|tr|dn|}t|tr|dn|}d|vrt |}n3d|vrt |d}n|dddkrt|}t|ttttfstd|S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms) rjrdrrencoder=r<r>r.r/r,r-r)rqrskey_strrs r^rwzOKPAlgorithm.prepare_keys#s|,, 91;C1G1GP#**W---S3=c33G3GPCJJw///S &'11-i88CC)W44.y4HHHCCQqS\V++-i88C"$4o~V &yJr`ryr#Ed25519PrivateKey | Ed448PrivateKeyrdct|tr|dn|}||S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes r1)rjrr3r|)rqryrs msg_bytess r^r|zOKPAlgorithm.signs;0:#s/C/CL 7+++I88I&& &r`r}r~cj t|tr|dn|}t|tr|dn|}t|ttfr|n|}|||dS#t$rYdSwxYw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. r1TF)rjrr3r.r,rrr)rqryrsr}r7 sig_bytesrs r^rzOKPAlgorithm.verifys 3=c33G3GPCJJw///S 3=c33G3GPCJJw///S "#(9?'KLLCNN$$$ !!)Y777t#   uu sB B$$ B21B2rrrcdSrrursrs r^rzOKPAlgorithm.to_jwkrr`FrrcdSrrur;s r^rzOKPAlgorithm.to_jwk rr`rct|ttfr|tjt j}t|trdnd}tt| d|d}|r|Stj |St|ttfr|tjtjt!}|tjt j}t|trdnd}tt| tt| d|d}|r|Stj |St%d) N)encodingformatEd25519Ed448OKP)rrr)r>r?encryption_algorithm)rrrrr)rjr/r- public_bytesr8Rawr;rrrrrr.r, private_bytesr:r9rr)rsrrrrrs r^rzOKPAlgorithm.to_jwks# 0.ABB +$$%\'+%$.c3C#D#DQii'*+a..99@@BB  +J:c??*# 1?CDD +%%%\(,)5& NN$$11%\'+2 $.c3D#E#ERii7)+a..99@@BB)+a..99@@BB  +J:c??*!"?@@ @r`rrc< t|trtj|}nt|tr|}nt n#t $rt dwxYw|ddkrt d|d}|dkr|dkrt d|d |vrt d t|d } d |vr.|dkrtj |Stj |St|d }|dkrtj |Stj |S#t $r}t d |d}~wwxYw) NrrrBzNot an Octet Key Pairrr@rArrzOKP should have "x" parameterrzInvalid key parameter)rjrrrrrrrrr/from_public_bytesr-r.from_private_bytesr,)rrrrrerrs r^rzOKPAlgorithm.from_jwk=s ?c3''%*S//CCT**%CC$$ ? ? ?%&=>>> ?wwu~~&&%&=>>>GGENNE !!ew&6&6%&?&?&?@@@#~~%&EFFF ..A Hc>> ))/A!DDD);A>>>$SWWS\\22I%%,?BBB&9!<<< H H H%&=>>CG Hs6A A A&:E<E<,;E<(E<< FFFN)r,rrKr)rsr.rKr/)ryrrsr5rKrd)ryrrsr/r}rrKr~)rsr/rrrKrr)rsr/rrrKr)rsr/rr~rKr)rrrKr/) rrrrrrwr|rr rrrrur`r^r\r\s          . ' ' ' '    4                  , A, A, A, A , A\  H H H  H H Hr`r\)rKrL)^ __future__rrrrsysabcrrtypingrrrr r r r exceptionsrtypesrrutilsrrrrrrrrr version_infortyping_extensionscryptography.exceptionsrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr!,cryptography.hazmat.primitives.asymmetric.ecr"r#r$r%r&r'r(r)r*r+/cryptography.hazmat.primitives.asymmetric.ed448r,r-1cryptography.hazmat.primitives.asymmetric.ed25519r.r/-cryptography.hazmat.primitives.asymmetric.rsar0r1r2r3r4r5r6r7,cryptography.hazmat.primitives.serializationr8r9r:r;r<r=r>rWModuleNotFoundErrorrrr/ AllowedKeysAllowedPrivateKeysAllowedPublicKeysrequires_cryptographyr_rbrRrSrYrZr[r\rur`r^rbs~"""""" ########PPPPPPPPPPPPPPPPPP''''''''''''''                      v))))))/888888<<<<<<555555AAAAAA                                            JJJJJ "\1N+.DDM,,>O!=0>AK//2CCoU --0@@>Q    DH H H H H H H H V$$$$$I$$$