AahvddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z m Z m Z mZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZmZ dd lm Z m!Z!dd l"m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4m5Z5ddl6m7Z7m8Z8ddl9m:Z:m;Z;mZ>m?Z?m@Z@mAZAddlBmCZCmDZDmEZEmFZFmGZGmHZHmIZIdZJn #eK$rdZJYnwxYwe r3e:e ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kreturndict[str, Algorithm]ctttjttjttjd}t r+|ttjttjttjttjttjttjttjttjttjttjttjtd |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rErFrGr=rHr>r@r?rBrCrDrA) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmRSAPSSAlgorithm OKPAlgorithm)default_algorithmss @/var/www/lms/venv/lib/python3.11/site-packages/jwt/algorithms.pyget_default_algorithmsr]is }344}344}344  !!%l&9::%l&9::%l&9::$[%788%k&899$[%788$[%788$&))?@@()?@@()?@@%     & c&eZdZdZddZeddZedd Zedd Ze e ed dZ e e ed!d"dZ e ed!d#dZ e ed$dZ dS)% AlgorithmzH The interface for an algorithm used to sign and verify tokens. bytestrbytesrIct|dd}|ttrt|trzt |t jr`t j|t}| |t| St|| S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrU isinstancetype issubclassr HashAlgorithmHashrrVrbfinalizedigest)selfrardrns r\compute_hash_digestzAlgorithm.compute_hash_digests4T22  % %  58T** 58V%9:: 5 [_5F5FGGGF MM' " " "**++ +'**113344 4r^keyrcdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nrorqs r\ prepare_keyzAlgorithm.prepare_keyr^msgcdS)zn Returns a digital signature for the specified message using the specified key value. Nrsrorwrqs r\signzAlgorithm.signrvr^sigboolcdS)zz Verifies that the specified digital signature is valid for the specified message and key values. Nrsrorwrqr{s r\verifyzAlgorithm.verifyrvr^as_dict Literal[True]rcdSNrskey_objrs r\to_jwkzAlgorithm.to_jwks =@Cr^FLiteral[False]strcdSrrsrs r\rzAlgorithm.to_jwks BEr^ JWKDict | strcdS)z3 Serializes a given key into a JWK Nrsrs r\rzAlgorithm.to_jwkrvr^jwk str | JWKDictcdS)zJ Deserializes a given key from JWK back into a key object Nrsrs r\from_jwkzAlgorithm.from_jwkrvr^N)rarbrIrb)rqrrIr)rwrbrqrrIrb)rwrbrqrr{rbrIr|)rrrIrF)rrrIr)rr|rIr)rrrIr) __name__ __module__ __qualname____doc__rprrurzrr staticmethodrrrsr^r\r`r`sH5555,   ^    ^    ^ ???^\X@ DDDD^\XE    ^\    ^\   r^r`c\eZdZdZddZdd Zdd ZedddZeddZ dS)rPzZ Placeholder for use when no signing or verification operations are required. rq str | NonerINonec8|dkrd}|td|S)Nz*When alg = "none", key value must be None.rrts r\ruzNoneAlgorithm.prepare_keys) "99C ?!"NOO O r^rwrbcdS)Nr^rsrys r\rzzNoneAlgorithm.signssr^r{r|cdS)NFrsr~s r\rzNoneAlgorithm.verifysur^Frrrr ctrrgrs r\rzNoneAlgorithm.to_jwk!###r^rrctrrrs r\rzNoneAlgorithm.from_jwkrr^N)rqrrIr)rwrbrqrrIrb)rwrbrqrr{rbrIr|r)rrrr|rIr )rrrIr ) rrrrrurzrrrrrsr^r\rPrPs $$$$\$$$$\$$$r^rPceZdZUdZejZded<ejZ ded<ej Z ded<d#d Z d$dZ eed%dZee d&d'dZed&d(dZed)dZd*dZd+d!Zd"S),rQzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rRrSrTrdrrIrc||_dSrrdrords r\__init__zHMACAlgorithm.__init__s   r^rq str | bytesrbc~t|}t|st|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrrrorq key_bytess r\ruzHMACAlgorithm.prepare_keysM$$  # # z)'<'< !9  r^rrrrcdSrrsrs r\rzHMACAlgorithm.to_jwk  #r^FrrcdSrrsrs r\rzHMACAlgorithm.to_jwks cr^r|rctt|dd}|r|Stj|S)Noct)kkty)rrdecodejsondumps)rrrs r\rzHMACAlgorithm.to_jwksO"+g"6"677>>@@    #J:c?? "r^rrcN t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt dt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rhrrloadsdict ValueErrorrgetr)robjs r\rzHMACAlgorithm.from_jwk"s E#s## !#z#C&& !   E E E!"9:: D E 775>>U " "!"344 4C))) A A A'rwc\tj|||jSr)hmacnewrdrnrys r\rzzHMACAlgorithm.sign3s$xS$-0077999r^r{cTtj||||Sr)rcompare_digestrzr~s r\rzHMACAlgorithm.verify6s#"3 #s(;(;<<>*7955<<>>*7955<<>>+GL99@@BB+GL99@@BB+GL99@@BB  (++ E!0022! (z*7955<<>>*7955<<>> &&CDDD ' z#&r^rrc > t|trtj| nt|tr| nt n#t $rt ddwxYw ddkrt ddd vrd vrd vrd vrt d gd } fd |D}t|}|rt|st d dtt dt d}|rtt dt d t dt dt dt d|}nst d}t|j||j\}}t|||t!||t#||t%|||}|Sd vrLd vrHtt dt dSt d)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcg|]}|vSrsrs).0proprs r\ z)RSAAlgorithm.from_jwk..sCCCtts{CCCr^z@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rhrrrrrrranyallr1rr/r5rrr2r3r4 private_key public_key) r other_props props_foundany_props_foundrrrrrrs @r\rzRSAAlgorithm.from_jwks Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~&&%&677TAczzcSjjSCZZC<<)O;:: CCCC{CCC "%k"2"2" 3{+;+; )Z "2'C11'C11"" #/-c#h77-c#h77-c#h770T;;0T;;0T;;'5GG,CH55A4&(!^-=DAq0)!Q//)!Q//)!Q//'5G**,,,s ''C11'C11*,, &&CDDDs A A A(rwrbr.cv||tj|Sr)rzrPKCS1v15rdrys r\rzzRSAAlgorithm.signs)88C!1!3!3T]]__EE Er^r0r{c |||tj|dS#t$rYdSwxYw)NTF)rrrrdrr~s r\rzRSAAlgorithm.verifysW  3W%5%7%7IIIt#   uu s;? A  A NrdrrIr)rqrrIr)rrrrrIrr)rrrrrIr)rrrr|rIr)rrrIrrwrbrqr.rIrbrwrbrqr0r{rbrIr|)rrrrrrRrrSrTrrur rrrrzrrsr^r\rWrW<sZ  8>}DDDD7=}DDDD7=}DDDD % % % %    0          ?D        $ '$ '$ '$ ' $ 'L E EE EE E E EN F F F F      r^rWceZdZUdZejZded<ejZded<ejZded<d%d Z d&dZ d'dZ d(dZ e ed)dZe e d*d+dZed*d,d Zed-d#Zd$S).rXzr Performs signing and verification operations using ECDSA and the specified hash function rrRrSrTrdrrIrc||_dSrrrs r\rzECAlgorithm.__init__rr^rqAllowedECKeys | str | bytes AllowedECKeysct|ttfr|St|ttfst dt |} |drt|}nt|}n!#t$rt|d}YnwxYwt|ttfstdd|S)Nrs ecdsa-sha2-rzcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms) rhr&r(rbrrrrr<r;rr:r)rorqr crypto_keys r\ruzECAlgorithm.prepare_keys# 79OPQQ  cE3<00 B @AAA#C((I  L''77@!4Y!?!?JJ!4Y!?!?J L L L1)dKKK  L46LM &y s4BB-,B-rwrbr&c||t|}t||jSr)rzr rdrcurve)rorwrqder_sigs r\rzzECAlgorithm.signs7hhsE$--//$:$:;;G';; ;r^r{r|c< t||j}n#t$rYdSwxYw t|tr|n|}|||t|dS#t$rYdSwxYw)NFT) rrrrhr&rrr rdr)rorwrqr{rrs r\rzECAlgorithm.verifys .sCI>>   uu  "#'>??CNN$$$ !!'3dmmoo0F0FGGGt#   uu s &&A!B BBrrrrcdSrrsrs r\rzECAlgorithm.to_jwk'rr^FrrcdSrrsrs r\rzECAlgorithm.to_jwk-rr^rct|tr'|}n9t|tr|}nt dt|jtrd}nnt|jtrd}nQt|jtrd}n4t|jtrd}nt d|jd|t|j |jj t|j|jj d }t|trGt|j|jj |d <|r|St%j|S) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rhr&rrr(rrr"r#r$r!rrkey_sizerrr private_valuerr)rrrrrs r\rzECAlgorithm.to_jwk3s'#:;; E!(!3!3!5!5!D!D!F!FG%;<< E!(!7!7!9!9%&CDDD'-33 IGM955 IGM955 IGM955 I!%&G &G&GHHH&"$&}5&((&"$&}5&(( # #C'#:;; ,++--;&}5&((C  ' z#&r^rrc t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt ddd|vsd|vrt ddt|d}t|d}|d}|dkrJt|t|cxkrd krnnt}nt d d|d krIt|t|cxkrd krnnt}nt d d|dkrIt|t|cxkrdkrnnt}npt dd|dkrHt|t|cxkrd krnnt}n!t dt d|tt|dt|d|}d|vr|St|d}t|t|krt dt||t%t|d|S)NrrrzNot an Elliptic curve keyrrrr  z)Coords should be 32 bytes for curve P-256r 0z)Coords should be 48 bytes for curve P-384r Bz)Coords should be 66 bytes for curve P-521r z-Coords should be 32 bytes for curve secp256k1rbig) byteorder)rrrrz!D should be {} bytes for curve {})rhrrrrrrrrlenr"r#r$r!r)int from_bytesrr'r)rrrrr curve_objrrs r\rzECAlgorithm.from_jwk_sg Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~%%%&ABBL#~~C%&ABBL ..A ..AGGENNEq66SVV))))r))))) ) II)C '!!q66SVV))))r))))) ) II)C '!!q66SVV))))r))))) ) II)C +%%q66SVV))))r))))) ) II)G&&?&?&?@@@7..e.44..e.44N #~~%00222 ..A1vvQ%7Q/qE22Nkmm rNr)rqrrIr)rwrbrqr&rIrb)rwrbrqrr{rbrIr|)rrrrrIrr)rrrrrIr)rrrr|rIr)rrrIr)rrrrrrRrrSrTrrurzrr rrrrsr^r\rXrXsS  8>}DDDD7=}DDDD7=}DDDD % % % %    < < < < <     "          >C        ) ') ') ') ' ) 'V G G G  G G G r^rXc"eZdZdZd dZdd Zd S)rYzA Performs a signature using RSASSA-PSS with MGF1 rwrbrqr.rIc ||tjtj||j|S)Nmgf salt_length)rzrPSSMGF1rd digest_sizerys r\rzzRSAPSSAlgorithm.signs_88  T]]__55 $  ;   r^r0r{r|c  |||tjtj||j|dS#t $rYdSwxYw)Nr"TF)rrr%r&rdr'rr~s r\rzRSAPSSAlgorithm.verifys  K#L99$(MMOO$?MMOOt#   uu sA9A== B  B Nrr)rrrrrzrrsr^r\rYrYsF            r^rYceZdZdZd!dZd"d Zd#dZd$dZee d%dZ ee d&d'dZ e d&d(dZ e d)dZ d S)*rZz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrIrc dSrrs)ror*s r\rzOKPAlgorithm.__init__s Dr^rqAllowedOKPKeys | str | bytesAllowedOKPKeysct|ttfrt|tr|dn|}t|tr|dn|}d|vrt |}n3d|vrt |d}n|dddkrt|}t|ttttfstd|S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms) rhrbrrencoder;r:r<r,r-r*r+r)rorqkey_strrs r\ruzOKPAlgorithm.prepare_keys#s|,, 91;C1G1GP#**W---S3=c33G3GPCJJw///S &'11-i88CC)W44.y4HHHCCQqS\V++-i88C"$4o~V &yJr^rwr#Ed25519PrivateKey | Ed448PrivateKeyrbct|tr|dn|}||S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes r/)rhrr1rz)rorwrq msg_bytess r\rzzOKPAlgorithm.signs;0:#s/C/CL 7+++I88I&& &r^r{r|cj t|tr|dn|}t|tr|dn|}t|ttfr|n|}|||dS#t$rYdSwxYw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. r/TF)rhrr1r,r*rrr)rorwrqr{r5 sig_bytesrs r\rzOKPAlgorithm.verifys 3=c33G3GPCJJw///S 3=c33G3GPCJJw///S "#(9?'KLLCNN$$$ !!)Y777t#   uu sB B$$ B21B2rrrcdSrrsrqrs r\rzOKPAlgorithm.to_jwkrr^FrrcdSrrsr9s r\rzOKPAlgorithm.to_jwkrr^rct|ttfr|tjt j}t|trdnd}tt| d|d}|r|Stj |St|ttfr|tjtjt!}|tjt j}t|trdnd}tt| tt| d|d}|r|Stj |St%d) N)encodingformatEd25519Ed448OKP)rrr)r<r=encryption_algorithm)rrrrr)rhr-r+ public_bytesr6Rawr9rrrrrr,r* private_bytesr8r7rr)rqrrrrrs r\rzOKPAlgorithm.to_jwks# 0.ABB +$$%\'+%$.c3C#D#DQii'*+a..99@@BB  +J:c??*# 1?CDD +%%%\(,)5& NN$$11%\'+2 $.c3D#E#ERii7)+a..99@@BB)+a..99@@BB  +J:c??*!"?@@ @r^rrc> t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt d|d}|dkr|dkrt d|d |vrt d t|d } d |vr.|dkrtj |Stj |St|d }|dkrtj |Stj |S#t $r}t d |d}~wwxYw) Nrrr@zNot an Octet Key Pairrr>r?rrzOKP should have "x" parameterrzInvalid key parameter)rhrrrrrrrrr-from_public_bytesr+r,from_private_bytesr*)rrrrrerrs r\rzOKPAlgorithm.from_jwkJs Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~&&%&=>>>GGENNE !!ew&6&6%&?&?&?@@@#~~%&EFFF ..A Hc>> ))/A!DDD);A>>>$SWWS\\22I%%,?BBB&9!<<< H H H%&=>>CG Hs6A A A';E=E=-;E=)E== FFFN)r*rrIr)rqr,rIr-)rwrrqr3rIrb)rwrrqr-r{rrIr|)rqr-rrrIrr)rqr-rrrIr)rqr-rr|rIr)rrrIr-) rrrrrrurzrr rrrrsr^r\rZrZs          . ' ' ' '    4          ;@        , A, A, A, A , A\  H H H  H H Hr^rZ)rIrJ)[ __future__rrrrabcrrtypingrrrr r r r exceptionsrtypesrrutilsrrrrrrrrrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricr,cryptography.hazmat.primitives.asymmetric.ecr r!r"r#r$r%r&r'r(r)/cryptography.hazmat.primitives.asymmetric.ed448r*r+1cryptography.hazmat.primitives.asymmetric.ed25519r,r--cryptography.hazmat.primitives.asymmetric.rsar.r/r0r1r2r3r4r5,cryptography.hazmat.primitives.serializationr6r7r8r9r:r;r<rUModuleNotFoundErrorrrr- AllowedKeysAllowedPrivateKeysAllowedPublicKeysrequires_cryptographyr]r`rPrQrWrXrYrZrsr^r\r]sD"""""" ########RRRRRRRRRRRRRRRRRR''''''''''''''                      /NNNNNNNN<<<<<<555555AAAAAA                                            JJJJJ "\1N+.DDM,,>O!=0>AK//2CCoU --0@@>Q    DF F F F F F F F R$$$$$I$$$