B tJ`S @sddlZddlZddlZddlmZddlmZmZmZm Z m Z m Z m Z yddl Zddl mZddlmZddlmZmZddlmZmZdd lmZmZdd lmZmZmZmZm Z m!Z!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+d Z,Wne-k rd Z,YnXddddddddddddh Z.ddZ/GdddZ0Gddde0Z1Gd d!d!e0Z2e,rGd"d#d#e0Z3Gd$d%d%e0Z4Gd&d'd'e3Z5Gd(d)d)e0Z6dS)*N)InvalidKeyError)base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uintraw_to_der_signatureto_base64url_uint)InvalidSignature)hashes)ecpadding)EllipticCurvePrivateKeyEllipticCurvePublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_keyTFRS256RS384RS512ES256ES256KES384ES521ES512PS256PS384PS512EdDSAcCstttjttjttjd}tr|ttjttjttjttjttjttjttjttjt t jt t jt t jt d |S)zE Returns the algorithms that are implemented by the library. )ZnoneZHS256ZHS384ZHS512) r"r#r$r%r&r'r(r)r*r+r,r-) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithmEd25519Algorithm)Zdefault_algorithmsr9?/opt/alt/python37/lib/python3.7/site-packages/jwt/algorithms.pyget_default_algorithmsEs( r;c@s@eZdZdZddZddZddZedd Zed d Z d S) AlgorithmzH The interface for an algorithm used to sign and verify tokens. cCstdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). N)NotImplementedError)selfkeyr9r9r: prepare_keylszAlgorithm.prepare_keycCstdS)zn Returns a digital signature for the specified message using the specified key value. N)r=)r>msgr?r9r9r:signsszAlgorithm.signcCstdS)zz Verifies that the specified digital signature is valid for the specified message and key values. N)r=)r>rAr?sigr9r9r:verifyzszAlgorithm.verifycCstdS)z7 Serializes a given RSA key into a JWK N)r=)key_objr9r9r:to_jwkszAlgorithm.to_jwkcCstdS)zb Deserializes a given RSA key from JWK back into a PublicKey or PrivateKey object N)r=)jwkr9r9r:from_jwkszAlgorithm.from_jwkN) __name__ __module__ __qualname____doc__r@rBrD staticmethodrFrHr9r9r9r:r<gs  r<c@s(eZdZdZddZddZddZdS) r.zZ Placeholder for use when no signing or verification operations are required. cCs |dkr d}|dk rtd|S)Nz*When alg = "none", key value must be None.)r)r>r?r9r9r:r@s zNoneAlgorithm.prepare_keycCsdS)Nr9)r>rAr?r9r9r:rBszNoneAlgorithm.signcCsdS)NFr9)r>rAr?rCr9r9r:rDszNoneAlgorithm.verifyN)rIrJrKrLr@rBrDr9r9r9r:r.s r.c@sZeZdZdZejZejZej Z ddZ ddZ e ddZe dd Zd d Zd d ZdS)r/zf Performs signing and verification operations using HMAC and the specified hash function. cCs ||_dS)N)hash_alg)r>rPr9r9r:__init__szHMACAlgorithm.__init__cs6tddddg}tfdd|Dr2tdS)Ns-----BEGIN PUBLIC KEY-----s-----BEGIN CERTIFICATE-----s-----BEGIN RSA PUBLIC KEY-----sssh-rsac3s|]}|kVqdS)Nr9).0Z string_value)r?r9r: sz,HMACAlgorithm.prepare_key..zdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)ranyr)r>r?Zinvalid_stringsr9)r?r:r@szHMACAlgorithm.prepare_keycCsttt|ddS)Noct)kkty)jsondumpsrrdecode)rEr9r9r:rFszHMACAlgorithm.to_jwkcCsny.t|trt|}nt|tr(|}ntWntk rJtdYnX|ddkrbtdt|dS)NzKey is not valid JSONrWrUzNot an HMAC keyrV) isinstancestrrXloadsdict ValueErrorrgetr)rGobjr9r9r:rHs   zHMACAlgorithm.from_jwkcCst|||jS)N)hmacnewrPZdigest)r>rAr?r9r9r:rBszHMACAlgorithm.signcCst||||S)N)rbZcompare_digestrB)r>rAr?rCr9r9r:rDszHMACAlgorithm.verifyN)rIrJrKrLhashlibZsha256r0Zsha384r1Zsha512r2rQr@rMrFrHrBrDr9r9r9r:r/s r/c@sZeZdZdZejZejZejZddZddZ e ddZ e dd Z d d Z d d ZdS)r5z~ Performs signing and verification operations using RSASSA-PKCS-v1_5 and the specified hash function. cCs ||_dS)N)rP)r>rPr9r9r:rQszRSAAlgorithm.__init__cCs~t|tst|tr|St|ttfrrt|}y$|drDt|}n t|dd}Wqzt k rnt |}YqzXnt d|S)Nsssh-rsa)passwordzExpecting a PEM-formatted key.) r[rrbytesr\r startswithr!rr_r TypeError)r>r?r9r9r:r@s  zRSAAlgorithm.prepare_keyc Csd}t|ddr|}ddgt|jjt|jjt|jt|jt|j t|j t|j t|j d }nBt|ddr|}ddgt|jt|jd}nt dt|S)Nprivate_numbersRSArB) rWkey_opsnedpqdpdqqirD)rWrkrlrmzNot a public or private key)getattrrir public_numbersrlrZrmrnrorpdmp1dmq1iqmprrXrY)rEranumbersr9r9r:rFs*        zRSAAlgorithm.to_jwkc sy.t|trt|nt|tr(|ntWntk rJtdYnXddkrbtddkrdkrdkrdkrtd d d d d dg}fdd|D}t|}|rt |stdt t dt d}|r4t t dt d t d t d t d t d|d}nHt d}t |j||j\}}t |||t||t||t|||d}|Sdkrdkrt t dt d}|StddS)NzKey is not valid JSONrWrjzNot an RSA keyrnrmrlZothz5Unsupported RSA private key: > 2 primes not supportedrorprqrrrscsg|] }|kqSr9r9)rRZprop)rar9r: Csz)RSAAlgorithm.from_jwk..z@RSA key must include all parameters if any are present besides d)rnrorprvrwrxruzNot a public or private key)r[r\rXr]r^r_rr`rTallrrrrrlrmrrr private_key public_key) rGZ other_propsZ props_foundZany_props_foundruryrnrorpr9)rar:rH,sd              zRSAAlgorithm.from_jwkcCs||t|S)N)rBrPKCS1v15rP)r>rAr?r9r9r:rBvszRSAAlgorithm.signcCs6y|||t|dStk r0dSXdS)NTF)rDrr~rPr )r>rAr?rCr9r9r:rDys zRSAAlgorithm.verifyN)rIrJrKrLr r0r1r2rQr@rMrFrHrBrDr9r9r9r:r5s $ Jr5c@sNeZdZdZejZejZejZddZddZ ddZ dd Z e d d Z d S) r6zr Performs signing and verification operations using ECDSA and the specified hash function cCs ||_dS)N)rP)r>rPr9r9r:rQszECAlgorithm.__init__cCs~t|tst|tr|St|ttfrrt|}y |drDt|}nt|}Wqzt k rnt |dd}YqzXnt d|S)Ns ecdsa-sha2-)rezExpecting a PEM-formatted key.) r[rrrfr\rrgr!r r_rrh)r>r?r9r9r:r@s    zECAlgorithm.prepare_keycCs"||t|}t||jS)N)rBr ECDSArPrcurve)r>rAr?der_sigr9r9r:rBszECAlgorithm.signcCsnyt||j}Wntk r$dSXy.t|tr:|}|||t| dSt k rhdSXdS)NFT) r rr_r[rr}rDr rrPr )r>rAr?rCrr9r9r:rDs zECAlgorithm.verifycCs0y.t|trt|}nt|tr(|}ntWntk rJtdYnX|ddkrbtdd|ksrd|krztdt|d}t|d}|d}|dkrt |t |krd krnn t }ntd n|d krt |t |krd krnn t }ntd n|dkr`t |t |krHdkrVnn t }ntdnP|dkrt |t |krd krnn t }ntdntd|t jtj|ddtj|dd|d}d|kr|St|d}t |t |krtdt ||t tj|dd|S)NzKey is not valid JSONrWZECzNot an Elliptic curve keyxycrvzP-256 z)Coords should be 32 bytes for curve P-256zP-3840z)Coords should be 48 bytes for curve P-384zP-521Bz)Coords should be 66 bytes for curve P-521Z secp256k1z-Coords should be 32 bytes for curve secp256k1zInvalid curve: Zbig) byteorder)rrrrnz!D should be {} bytes for curve {})r[r\rXr]r^r_rr`rlenr Z SECP256R1Z SECP384R1Z SECP521R1Z SECP256K1ZEllipticCurvePublicNumbersint from_bytesr}ZEllipticCurvePrivateNumbersr|)rGrarrrZ curve_objrurnr9r9r:rHsZ        $   $   $    zECAlgorithm.from_jwkN)rIrJrKrLr r0r1r2rQr@rBrDrMrHr9r9r9r:r6sr6c@s eZdZdZddZddZdS)r7zA Performs a signature using RSASSA-PSS with MGF1 cCs*||tjt||jjd|S)N)mgf salt_length)rBrPSSMGF1rP digest_size)r>rAr?r9r9r:rBs   zRSAPSSAlgorithm.signc CsJy0|||tjt||jjd|dStk rDdSXdS)N)rrTF)rDrrrrPrr )r>rAr?rCr9r9r:rD s   zRSAPSSAlgorithm.verifyN)rIrJrKrLrBrDr9r9r9r:r7s r7c@sHeZdZdZddZddZddZdd Zed d Z ed d Z dS)r8z Performs signing and verification operations using Ed25519 This class requires ``cryptography>=2.6`` to be installed. cKsdS)Nr9)r>kwargsr9r9r:rQ szEd25519Algorithm.__init__cCst|ttfr|St|ttfrzt|tr4|d}|d}d|krNt|Sd|krbt|ddS|dddkrzt |St ddS) Nzutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATE)rerzssh-z)Expecting a PEM-formatted or OpenSSH key.) r[rrrfr\encoderZr rr!rh)r>r?Zstr_keyr9r9r:r@#s    zEd25519Algorithm.prepare_keycCs$t|tk rt|dn|}||S)a Sign a message ``msg`` using the Ed25519 private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey key: A :class:`.Ed25519PrivateKey` instance :return bytes signature: The signature, as bytes zutf-8)typerfrB)r>rAr?r9r9r:rB6szEd25519Algorithm.signcCstyVt|tk rt|dn|}t|tk r2t|dn|}t|trH|}|||dStjjk rndSXdS)a Verify a given ``msg`` against a signature ``sig`` using the Ed25519 key ``key`` :param str|bytes sig: Ed25519 signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey key: A private or public Ed25519 key instance :return bool verified: True if signature is valid, False if not. zutf-8TFN) rrfr[rr}rD cryptography exceptionsr )r>rAr?rCr9r9r:rD@s   zEd25519Algorithm.verifycCst|tr:|jtjtjd}ttt | dddSt|t r|j tjt jtd}|jtjtjd}ttt | tt | dddStddS)N)encodingformatOKPEd25519)rrWr)rrZencryption_algorithm)rrnrWrzNot a public or private key)r[rZ public_bytesrZRawrrXrYrrrZrZ private_bytesrrr}r)r?rrnr9r9r:rFTs,       zEd25519Algorithm.to_jwkc Csy.t|trt|}nt|tr(|}ntWntk rJtdYnX|ddkrbtd|d}|dkrtd|d|krtd t|d}y*d |krt |St|d }t |Stk r}ztd |Wdd}~XYnXdS) NzKey is not valid JSONrWrzNot an Octet Key PairrrzInvalid curve: rzOKP should have "x" parameterrnzInvalid key parameter) r[r\rXr]r^r_rr`rrZfrom_public_bytesrZfrom_private_bytes)rGrarrrnerrr9r9r:rH{s.      zEd25519Algorithm.from_jwkN) rIrJrKrLrQr@rBrDrMrFrHr9r9r9r:r8s  'r8)7rdrbrXrrZutilsrrrrrr r Zcryptography.exceptionsrr Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rZ,cryptography.hazmat.primitives.asymmetric.ecrrZ1cryptography.hazmat.primitives.asymmetric.ed25519rrZ-cryptography.hazmat.primitives.asymmetric.rsarrrrrrrrZ,cryptography.hazmat.primitives.serializationrrrrrr r!r3ModuleNotFoundErrorZrequires_cryptographyr;r<r.r/r5r6r7r8r9r9r9r:sL $   ( $  ")@{