uZhddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z m Z ddlmZmZde j"fdZdd Zd Zd Zd Zdd ZdZdZdZdZdZddZy)N)IterableMapping)jwk)Key) ALGORITHMS)JWSErrorJWSSignatureError)base64url_decodebase64url_encodec|tjvrtd|zt||}t |}t ||||}|S)awSigns a claims set and returns a JWS string. Args: payload (str or dict): A string to sign key (str or dict): The key to use for signing the claim set. Can be individual JWK or JWK set. headers (dict, optional): A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers. algorithm (str, optional): The algorithm to use for signing the the claims. Defaults to HS256. Returns: str: The string representation of the header, claims, and signature. Raises: JWSError: If there is an error signing the token. Examples: >>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256') 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' zAlgorithm %s not supported.)additional_headers)r SUPPORTEDr_encode_header_encode_payload_sign_header_and_claims)payloadkeyheaders algorithmencoded_headerencoded_payload signed_outputs d/var/www/html/wine-match-dev/backend/winematch-backend/venv/lib/python3.12/site-packages/jose/jws.pysignr sP4 ,,,4y@AA#I'JN%g.O+NOYX[\M cHt|\}}}}|rt||||||S)aVerifies a JWS string's signature. Args: token (str): A signed JWS to be verified. key (str or dict): A key to attempt to verify the payload with. Can be individual JWK or JWK set. algorithms (str or list): Valid algorithms that should be used to verify the JWS. Returns: str: The str representation of the payload, assuming the signature is valid. Raises: JWSError: If there is an exception verifying a token. Examples: >>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8' >>> jws.verify(token, 'secret', algorithms='HS256') )_load_verify_signature)tokenr algorithmsverifyheaderr signing_input signatures rr!r!0s.,16e -FG]I -CL Nrc&t|\}}}}|S)a!Returns the decoded headers without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. rrr"claimsr#r$s rget_unverified_headerr)N05U|,FFM9 Mrct|S)a{Returns the decoded headers without verification of any kind. This is simply a wrapper of get_unverified_header() for backwards compatibility. Args: token (str): A signed JWS to decode the headers from. Returns: dict: The dict representation of the token headers. Raises: JWSError: If there is an exception decoding the token. )r))rs rget_unverified_headersr,^s ! ''rc&t|\}}}}|S)aReturns the decoded claims without verification of any kind. Args: token (str): A signed JWS to decode the headers from. Returns: str: The str representation of the token claims. Raises: JWSError: If there is an exception decoding the token. r&r's rget_unverified_claimsr.pr*rcd|d}|r|j|tj|ddjd}t |S)NJWT)typalg,:T) separators sort_keysutf-8)updatejsondumpsencoder )rr r" json_headers rrrsN9 -F ()** fWo  K ((rct|tr2 tj|dj d}t |St |S#t $r Yt |SwxYw)Nr3)r6r8) isinstancerr:r;r< ValueErrorr )rs rrrsj'7# jj%fWo  G $$ G $$   G $$ s&A A$#A$c0dj||g} t|tstj||}|j |}t|}dj|||g}|jdS#t $r}t|d}~wwxYw)N.r8) joinr?rr constructr Exceptionrr decode) rencoded_claimsrrr#r$eencoded_signatureencoded_strings rrrsII~~>?M#s#--Y/CHH]+ )3YY@QRSN   )) qks7A<< B BBct|tr|jd} |jdd\}}|j dd\}}t |} tj|jd}t|ts td t |} t |} |||| fS#t $r tdttjf$r tdwxYw#t $r}td|zd}~wwxYw#ttjf$r tdwxYw#ttjf$r td wxYw) Nr8rBzNot enough segmentszInvalid header paddingzInvalid header string: %sz,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r?strr<rsplitsplitr r@r TypeErrorbinasciiErrorr:loadsrFr) jwtr#crypto_segmentheader_segmentclaims_segment header_datar"rHrr$s rrrs`#sjj!1(+ 4(;% ~)6)<)21$^4  G]I 66/ .,-- x~~ &1/001 82Q6778 x~~ &20112 x~~ &1/001s;5B6$C1 D% D868C.1 D :DD %D58%Ec|D]=}t|tstj||} |j ||ry?y#t $rYLwxYw)NTF)r?rrrDr!rE)keysr#r$r2rs r_sig_matches_keysr[s_#s#--S)C zz-34     sA AAc`t|tr|fS tj|tt}t|t r'd|vr|dSd|vr|fS|j}|r|S|fSt|tr"t|tst|ts|S|fS#t $rYwwxYw)N) parse_int parse_floatrZkty) r?rr:rSrMrErvaluesrbytes)rr`s r _get_keysrbs#sv  jj=#w S=v;  c\6MZZ\F 6M C "JsC,@JsTYDZ v /    s B!! B-,B-c|jd}|s td|||vr tdt|} t||||s t y#t$r tdt$rtd|zwxYw)Nr2z-No algorithm was specified in the JWS header.z&The specified alg value is not allowedzSignature verification failed.z$Invalid or unsupported algorithm: %s)getrrbr[r )r#r"r$rr r2rZs rrrs **U C FGG#Z"7?@@ S>DE }iE#% %F 9788 E=CDDEs A+B)T)N)N)rQr:collections.abcrrjoserjose.backends.baserjose.constantsrjose.exceptionsrr jose.utilsr r HS256rr!r)r,r.rrrrr[rbrrrrnsj -"%79 $z/?/?!H<  ($  ) % * 7B BEr