o 6d@sddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z m Z ddlmZmZde jfdd Zd"d d Zd dZddZddZd#ddZddZddZddZddZddZd$d d!ZdS)%N)IterableMapping)jwk)Key) ALGORITHMS)JWSErrorJWSSignatureError)base64url_decodebase64url_encodecCs<|tjvr td|t||d}t|}t||||}|S)awSigns a claims set and returns a JWS string. Args: payload (str or dict): A string to sign key (str or dict): The key to use for signing the claim set. Can be individual JWK or JWK set. headers (dict, optional): A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers. algorithm (str, optional): The algorithm to use for signing the the claims. Defaults to HS256. Returns: str: The string representation of the header, claims, and signature. Raises: JWSError: If there is an error signing the token. Examples: >>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256') 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' zAlgorithm %s not supported.)additional_headers)rZ SUPPORTEDr_encode_header_encode_payload_sign_header_and_claims)payloadkeyheaders algorithmencoded_headerZencoded_payloadZ signed_outputr_C:\Users\jesus\OneDrive\Desktop\erpjis_fastapi\backend\jisbackend\Lib\site-packages\jose/jws.pysign s   rTcCs(t|\}}}}|rt||||||S)aVerifies a JWS string's signature. Args: token (str): A signed JWS to be verified. key (str or dict): A key to attempt to verify the payload with. Can be individual JWK or JWK set. algorithms (str or list): Valid algorithms that should be used to verify the JWS. Returns: str: The str representation of the payload, assuming the signature is valid. Raises: JWSError: If there is an exception verifying a token. Examples: >>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' >>> jws.verify(token, 'secret', algorithms='HS256') )_load_verify_signature)tokenr algorithmsverifyheaderr signing_input signaturerrrr0srcCst|\}}}}|S)a!Returns the decoded headers without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. rrrZclaimsrrrrrget_unverified_headerN r!cCst|S)a{Returns the decoded headers without verification of any kind. This is simply a wrapper of get_unverified_header() for backwards compatibility. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. )r!)rrrrget_unverified_headers^sr#cCst|\}}}}|S)aReturns the decoded claims without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: str: The str representation of the token claims. Raises: JWSError: If there is an exception decoding the token. rr rrrget_unverified_claimspr"r$cCs6d|d}|r ||tj|dddd}t|S)NZJWT)typalg,:T) separators sort_keysutf-8)updatejsondumpsencoder )rr rZ json_headerrrrr s  r cCsJt|tr!ztj|ddd}Wt|Sty Yt|Swt|S)Nr')r*r,) isinstancerr.r/r0 ValueErrorr )rrrrr s  r c Csvd||g}zt|tst||}||}Wnty)}zt|d}~wwt|}d|||g}| dS)N.r,) joinr1rr constructr Exceptionrr decode) rZencoded_claimsrrrreZencoded_signatureencoded_stringrrrrs   rc Cst|tr |d}z|dd\}}|dd\}}t|}Wnty+tdtt j fy8tdwz t | d}WntyU}ztd|d}~wwt|ts_tdzt|}Wntt j fystdwzt|} Wntt j fytd w|||| fS) Nr,r3zNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r1strr0rsplitsplitr r2r TypeErrorbinasciiErrorr.loadsr7r) ZjwtrZcrypto_segmentZheader_segmentZclaims_segmentZ header_datarr8rrrrrrs<         rc CsN|D]"}t|tst||}z |||rWdSWqty$YqwdS)NTF)r1rrr5rr6)keysrrr&rrrr_sig_matches_keyss    rCcCst|tr|fSz tj|ttd}Wn tyYnwt|tr;d|vr)|dSd|vr0|fS|}|r8|S|fSt|trLt|tsLt|t sL|S|fS)N) parse_int parse_floatrBZkty) r1rr.rAr;r6rvaluesrbytes)rrFrrr _get_keyss&   rHcCs|d}|s td|dur||vrtdt|}z t||||s&tWdSty3tdty?td|w)Nr&z-No algorithm was specified in the JWS header.z&The specified alg value is not allowedzSignature verification failed.z$Invalid or unsupported algorithm: %s)getrrHrCr)rrrrrr&rBrrrrs    r)T)N)rIN)r?r.collections.abcrrZjoserZjose.backends.baserZjose.constantsrZjose.exceptionsrrZ jose.utilsr r ZHS256rrr!r#r$r r rrrCrHrrrrrs(    $  ! !