ffSddlZddlZddlZddlmZddlmZmZmZm Z m Z m Z m Z  ddl Zddl mZddlmZddlmZmZddlmZmZdd lmZmZdd lmZmZmZmZm Z m!Z!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+d Z,n #e-$rd Z,YnwxYwhdZ.dZ/GddZ0Gdde0Z1Gdde0Z2e,r:Gdde0Z3Gdde0Z4Gdde3Z5Gdde0Z6dSdS)NInvalidKeyError)base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uintraw_to_der_signatureto_base64url_uint)InvalidSignature)hashes)ecpadding)EllipticCurvePrivateKeyEllipticCurvePublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_keyTF> ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kctttjttjttjd}t r+|ttjttjttjttjttjttjttjttjttjttjttjtd |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) r,r-r.r$r/r%r'r&r)r*r+r() NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithmEd25519Algorithm)default_algorithmss n/builddir/build/BUILD/imunify360-venv-2.3.5/opt/imunify360/venv/lib/python3.11/site-packages/jwt/algorithms.pyget_default_algorithmsrBEs  }344}344}344  !!%l&9::%l&9::%l&9::$[%788%k&899$[%788$[%788$&))?@@()?@@()?@@)++     & cPeZdZdZdZdZdZedZedZ dS) AlgorithmzH The interface for an algorithm used to sign and verify tokens. ct)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). NotImplementedErrorselfkeys rA prepare_keyzAlgorithm.prepare_keyl "!rCct)zn Returns a digital signature for the specified message using the specified key value. rGrJmsgrKs rAsignzAlgorithm.signsrMrCct)zz Verifies that the specified digital signature is valid for the specified message and key values. rGrJrPrKsigs rAverifyzAlgorithm.verifyzrMrCct)z7 Serializes a given RSA key into a JWK rGkey_objs rAto_jwkzAlgorithm.to_jwkrMrCct)zb Deserializes a given RSA key from JWK back into a PublicKey or PrivateKey object rG)jwks rAfrom_jwkzAlgorithm.from_jwkrMrCN) __name__ __module__ __qualname____doc__rLrQrU staticmethodrYr\rCrArErEgs"""""""""""\" ""\"""rCrEc$eZdZdZdZdZdZdS)r5zZ Placeholder for use when no signing or verification operations are required. c8|dkrd}|td|S)Nz*When alg = "none", key value must be None.rrIs rArLzNoneAlgorithm.prepare_keys) "99C ?!"NOO O rCcdS)NrCrbrOs rArQzNoneAlgorithm.signssrCcdS)NFrbrSs rArUzNoneAlgorithm.verifysurCN)r]r^r_r`rLrQrUrbrCrAr5r5sK rCr5ceZdZdZejZejZej Z dZ dZ e dZe dZdZdZdS) r6zf Performs signing and verification operations using HMAC and the specified hash function. c||_dSNhash_algrJrls rA__init__zHMACAlgorithm.__init__s   rCctgd}tfd|DrtdS)N)s-----BEGIN PUBLIC KEY-----s-----BEGIN CERTIFICATE-----s-----BEGIN RSA PUBLIC KEY-----ssh-rsac3 K|]}|vV dSrjrb).0 string_valuerKs rA z,HMACAlgorithm.prepare_key..s(GG||s"GGGGGGrCzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)r anyr)rJrKinvalid_stringss ` rArLzHMACAlgorithm.prepare_keysf#    GGGGGGG G G !9   rCctjtt|ddS)Noct)kkty)jsondumpsrr decoderWs rArYzHMACAlgorithm.to_jwksBz%k'&:&:;;BBDD     rCcL t|trtj|}nt|tr|}nt n#t $rt dwxYw|ddkrt dt|dS)NKey is not valid JSONrzrxzNot an HMAC keyry) isinstancestrr{loadsdict ValueErrorrgetr)r[objs rAr\zHMACAlgorithm.from_jwks ;#s## !jooC&& !   ; ; ;!"9:: : ; 775>>U " "!"344 4C))) A A A&c\tj|||jSrj)hmacnewrldigestrOs rArQzHMACAlgorithm.signs$xS$-0077999rCcTtj||||Srj)rcompare_digestrQrSs rArUzHMACAlgorithm.verifys#"3 #s(;(;<<>*7955<<>>*7955<<>>+GL99@@BB+GL99@@BB+GL99@@BB  (D11 E!0022! (z*7955<<>>*7955<<>> &&CDDD:c?? "rCc < t|trtj| nt|tr| nt n#t $rt dwxYw ddkrt dd vrd vrd vrd vrt d gd } fd |D}t|}|rt|st d tt dt d}|rtt dt d t dt dt dt d|}nst d}t|j||j\}}t|||t!||t#||t%|||}|Sd vrNd vrJtt dt d}|St d)NrrzrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcg|]}|vSrbrb)rrproprs rA z)RSAAlgorithm.from_jwk..CsCCCtts{CCCrCz@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rrr{rrrrrruallrr rrrrrrr private_key public_key) r[ other_props props_foundany_props_foundrrrrrrs @rAr\zRSAAlgorithm.from_jwk,s ?c3''%*S//CCT**%CC$$ ? ? ?%&=>>> ?wwu~~&&%&6777czzcSjjSCZZC<<)O;:: CCCC{CCC "%k"2"2"3{+;+;)Z"2'C11'C11"" #/-c#h77-c#h77-c#h770T;;0T;;0T;;'5GG,CH55A4&(!^-=DAq0)!Q//)!Q//)!Q//'5G**,,,s *'C11'C11 ))+++%&CDDDs A A A'cv||tj|Srj)rQrPKCS1v15rlrOs rArQzRSAAlgorithm.signvs)88C!1!3!3T]]__EE ErCc |||tj|dS#t$rYdSwxYw)NTF)rUrrrlr rSs rArUzRSAAlgorithm.verifyysW  3W%5%7%7IIIt#   uu s;? A  A N)r]r^r_r`rr7r8r9rnrLrarYr\rQrUrbrCrAr<r<s   % % %   & ! #! # ! #F G EG E G ER F F F     rCr<cjeZdZdZejZejZejZdZdZ dZ dZ e dZ dS)r=zr Performs signing and verification operations using ECDSA and the specified hash function c||_dSrjrkrms rArnzECAlgorithm.__init__rrCct|tst|tr|St|ttfrft |} |drt|}nt|}n0#t$rt|d}YnwxYwtd|S)Ns ecdsa-sha2-rr) rrrrrr rr#r"rr!rrIs rArLzECAlgorithm.prepare_keys#677 :+<<  #s|,, B!#&& C~~n5571#661#66!CCC.sTBBBCCCC @AAAJs4BB,+B,c||tj|}t ||jSrj)rQrECDSArlrcurve)rJrPrKder_sigs rArQzECAlgorithm.signs9hhsBHT]]__$=$=>>G';; ;rCcB t||j}n#t$rYdSwxYw t|tr|}|||tj| dS#t$rYdSwxYw)NFT) r rrrrrrUrrrlr )rJrPrKrTrs rArUzECAlgorithm.verifys .sCI>>   uu  c#:;;+..**C 7C$--//)B)BCCCt#   uu s &&A$B BBc t|trtj|}nt|tr|}nt n#t $rt dwxYw|ddkrt dd|vsd|vrt dt|d}t|d}|d}|dkrNt|t|cxkrd krnntj }nt d |d krMt|t|cxkrd krnntj }nt d |dkrMt|t|cxkrdkrnntj }ntt d|dkrMt|t|cxkrd krnntj}n!t dt d|tjt |dt |d|}d|vr|St|d}t|t|krt dt||tjt |d|S)NrrzECzNot an Elliptic curve keyxycrvzP-256 z)Coords should be 32 bytes for curve P-256zP-3840z)Coords should be 48 bytes for curve P-384zP-521Bz)Coords should be 66 bytes for curve P-521 secp256k1z-Coords should be 32 bytes for curve secp256k1Invalid curve: big) byteorder)rrrrz!D should be {} bytes for curve {})rrr{rrrrrrlenr SECP256R1 SECP384R1 SECP521R1 SECP256K1EllipticCurvePublicNumbersint from_bytesrEllipticCurvePrivateNumbersr)r[rrrr curve_objrrs rAr\zECAlgorithm.from_jwksG ?c3''%*S//CCT**%CC$$ ? ? ?%&=>>> ?wwu~~%%%&ABBB#~~C%&ABBB ..A ..AGGENNEq66SVV))))r))))) " II)*UVVV'!!q66SVV))))r))))) " II)*UVVV'!!q66SVV))))r))))) " II)*UVVV+%%q66SVV))))r))))) " II)G&&?&?&?@@@:..e.44..e.44N #~~%00222 ..A1vvQ%7Q1qE22Nkmm rN)r]r^r_r`rr7r8r9rnrLrQrUrar\rbrCrAr=r=s   % % %   2 < < <    ? ?  ? ? ? rCr=ceZdZdZdZdZdS)r>zA Performs a signature using RSASSA-PSS with MGF1 c ||tjtj||jj|S)Nmgf salt_length)rQrPSSMGF1rl digest_sizerOs rArQzRSAPSSAlgorithm.signsY88  T]]__55 $ 9   rCc  |||tjtj||jj|dS#t $rYdSwxYw)NrTF)rUrrrrlrr rSs rArUzRSAPSSAlgorithm.verify s  K#L99$(M$=MMOOt#   uu sA,A00 A>=A>N)r]r^r_r`rQrUrbrCrAr>r>s<          rCr>cVeZdZdZdZdZdZdZedZ edZ dS) r?z Performs signing and verification operations using Ed25519 This class requires ``cryptography>=2.6`` to be installed. c dSrjrb)rJkwargss rArnzEd25519Algorithm.__init__ s DrCct|ttfr|St|ttfrt|tr|d}|d}d|vrt|Sd|vrt|dS|dddkrt|Std) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-z)Expecting a PEM-formatted or OpenSSH key.) rrrrrencoder}r"r!r#r)rJrKstr_keys rArLzEd25519Algorithm.prepare_key#s# 13CDEE  #s|,, 4c3''.**W--C**W--&'11.s333'722/dCCCC1Q3<6)).s333GHH HrCc|t|turt|dn|}||S)a Sign a message ``msg`` using the Ed25519 private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey key: A :class:`.Ed25519PrivateKey` instance :return bytes signature: The signature, as bytes r)typerrQrOs rArQzEd25519Algorithm.sign6s8*.c%)?)?%W%%%SC88C== rCc\ t|turt|dn|}t|turt|dn|}t|tr|}|||dS#t jj$rYdSwxYw)a Verify a given ``msg`` against a signature ``sig`` using the Ed25519 key ``key`` :param str|bytes sig: Ed25519 signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey key: A private or public Ed25519 key instance :return bool verified: True if signature is valid, False if not. rTF) rrrrrrU cryptography exceptionsr rSs rArUzEd25519Algorithm.verify@s -1#YYe-C-CeC)))-1#YYe-C-CeC)))c#455+..**C 3$$$t*;   uu sBBB+*B+ct|tro|tjt j}t jtt| dddSt|tr| tjtjt}|tjt j}t jtt| tt| dddSt!d)N)encodingformatOKPEd25519)rrzr)rrencryption_algorithm)rrrzrr)rr public_bytesrRawr r{r|rr r}r private_bytesrrrr)rKrrs rArYzEd25519Algorithm.to_jwkTs`#/00 $$%\'+% z-k!nn==DDFF$(#011 %%%\(,)5& NN$$11%\'+2 z-k!nn==DDFF-k!nn==DDFF$( ""?@@ @rCc t|trtj|}nt|tr|}nt n#t $rt dwxYw|ddkrt d|d}|dkrt d|d|vrt d t|d} d |vrtj |St|d }tj |S#t $r}t d |d}~wwxYw) NrrzrzNot an Octet Key PairrrrrzOKP should have "x" parameterrzInvalid key parameter) rrr{rrrrrrrfrom_public_bytesrfrom_private_bytes)r[rrrrerrs rAr\zEd25519Algorithm.from_jwk{st ?c3''%*S//CCT**%CC$$ ? ? ?%&=>>> ?wwu~~&&%&=>>>GGENNE !!%&?&?&?@@@#~~%&EFFF ..A Hc>>+=a@@@$SWWS\\22(;A>>> H H H%&=>>CG Hs*A A A&4E 5E E! EE!N) r]r^r_r`rnrLrQrUrarYr\rbrCrAr?r?s      I I I& ! ! !   ( $ A$ A $ AL  H H  H H HrCr?)7rrr{rrutilsrrrr r r r cryptography.exceptionsrr cryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricrr,cryptography.hazmat.primitives.asymmetric.ecrr1cryptography.hazmat.primitives.asymmetric.ed25519rr-cryptography.hazmat.primitives.asymmetric.rsarrrrrrrr,cryptography.hazmat.primitives.serializationrrrr r!r"r#r:ModuleNotFoundErrorrequires_cryptographyrBrEr5r6r<r=r>r?rbrCrArs ''''''#""""888888555555EEEEEEEE                    JJJJJ    D&"&"&"&"&"&"&"&"RI,==========I======@rHVVVVVyVVVpyyyyyiyyyv,<HHHHH9HHHHHg rHrHsAA77BB