a Bg<@sdZddlZddlZddlZddlmZmZmZmZm Z m Z m Z m Z m Z ddlmZddlZddlmZmZmZmZddlmZddlmZGdd d ZGd d d ejZGd d d ejZGdddejZGdddZedkree dS)zJSON Web Signature.N) AnyDict FrozenSetListMappingOptionalTupleTypecast)crypto)b64errors json_utiljwa)jwk)utilc@s<eZdZdZdZeeedddZeeedddZdS) MediaTypez MediaType field encoder/decoder.z application/valuereturncCs(d|vr$d|vrtd|j|S|S)zDecoder./;zUnexpected semi-colon)r DeserializationErrorPREFIXclsrr./usr/lib/python3.9/site-packages/josepy/jws.pydecodes   zMediaType.decodecCs.d|vr*||jsJ|t|jdS|S)zEncoder.rN) startswithrlenrrrrencode)szMediaType.encodeN) __name__ __module__ __qualname____doc__r classmethodstrrr!rrrrrs  rc@seZdZUdZejdejjddZ e eje d<ejdddZ e e e d<ejdejjddZe eje d<ejdddZe ee d<ejd ddZe e e d <ejd dd d Zeejd fe d <ejdejddZe e e d<ejdejddZe e e d<ejdejejddZe ee d<ejdejejddZe ee d<ejddd d Z ee!d fe d<e"eej#fe d<e"eej#fdddZ$e!ddddZ%e&jdddZ'e j(e!e!ddd Z ej)d!d"Zej(d#d"Zd$S)%Headera6JOSE Header. .. warning:: This class supports **only** Registered Header Parameter Names (as defined in section 4.1 of the protocol). If you need Public Header Parameter Names (4.2) or Private Header Parameter Names (4.3), you must subclass and override :meth:`from_json` and :meth:`to_partial_json` appropriately. .. warning:: This class does not support any extensions through the "crit" (Critical) Header Parameter (4.1.11) and as a conforming implementation, :meth:`from_json` treats its occurrence as an error. Please subclass if you seek for a different behaviour. :ivar x5tS256: "x5t#S256" :ivar str typ: MIME Media Type, inc. :const:`MediaType.PREFIX`. :ivar str cty: Content-Type, inc. :const:`MediaType.PREFIX`. algT)decoder omitemptyjku)r+rkidx5ux5crr+default.x5tzx5t#S256x5tS256typ)encoderr*r+ctycrit_fieldsrcsfddjDS)z4Fields that would not be omitted in the JSON object.cs,i|]$\}}|t|s|t|qSr)Zomitgetattr).0namefieldselfrr bsz&Header.not_omitted..)r8itemsr>rr>r not_omitted`s zHeader.not_omitted)otherrcCsbt|t|s tdt||}|}t||rFtd||t|fi|S)NzHeader cannot be added to: {0}z+Addition of overlapping headers not defined) isinstancetype TypeErrorformatrBset intersectionupdate)r?rCZnot_omitted_selfZnot_omitted_otherrrr__add__hs zHeader.__add__cCs|jdurtd|jS)zFind key based on header. .. todo:: Supports only "jwk" header parameter lookup. :returns: (Public) key found in the header. :rtype: .JWK :raises josepy.errors.Error: if key could not be found Nz No key found)rr Errorr>rrrfind_keyus  zHeader.find_key) unused_valuercCstddS)Nz("crit" is not supported, please subclass)r r)rNrrrr7sz Header.critcCsdd|DS)NcSs"g|]}tttj|jqSr)base64 b64encoder Zdump_certificate FILETYPE_ASN1wrappedr;Zcertrrr szHeader.x5c..rrrrrr/sz Header.x5cc CsJztdd|DWStjyD}zt|WYd}~n d}~00dS)Nc ss(|] }tttjt|VqdSN)rComparableX509r Zload_certificaterQrO b64decoderSrrr szHeader.x5c..)tupler rLr r)rerrorrrrr/s  N)*r"r#r$r%rr=r JWASignature from_jsonr)r__annotations__r,bytesjwk_modJWKrr-r'r.r/rrrWdecode_b64joser2r3rr!rr4r6r7rrZFieldrBrKjosepyrMr*r5rrrrr(3s@   "     r(c speZdZUdZeZeed<dZej ddddZ e ed<ej ddeej d Z eed<ej d ejejd Zeed <e je e d d dZ e je e d ddZ eddfdd Zeeee efdddZee eedddZd%eeejedddZedefeejej ee!eddddZ"ee efdfd d! Z#ee$e efee efd"fd#d$ Z%Z&S)& SignatureaJWS Signature. :ivar combined: Combined Header (protected and unprotected, :class:`Header`). :ivar unicode protected: JWS protected header (Jose Base-64 decoded). :ivar header: JWS Unprotected Header (:class:`Header`). :ivar str signature: The signature. combined)re protectedTr0header)r+r1r* signature)r*r5rcCst|dSNutf-8)rencode_b64joser!rUrrrrfszSignature.protectedcCst|dSrj)rrbrrUrrrrfsN)kwargsrc s8d|vr||}tjfi||jjdus4JdS)Nre)_with_combinedsuper__init__rer))r?rm __class__rrrps zSignature.__init__cCsZd|vs J|d|jdj}|d|jdj}|rJ||j|}n|}||d<|S)Nrerhrf)getr8r1 header_cls json_loads)rrmrhrfrerrrrns zSignature._with_combined)rfpayloadrcCst|ddt|S)Nrk.)r rPr!)rrfrvrrr_msgszSignature._msg)rvkeyrcCsJ|dur|jn|}|jjs(td|jjj|j|j||j |dS)zvVerify. :param bytes payload: Payload to verify. :param JWK key: Key used for verification. Nz Not signature algorithm defined.)rysigmsg) rerMr)rcrLverifyryrirxrf)r?rvryZ actual_keyrrrr|s  zSignature.verify)rvryr) include_jwkprotectrmrc Kst||jsJ|}||d<|r,||d<t||jjsBJ||jjsTJi}|D]} | |vr\|| || <q\|r|jfi|} nd} |jfi|} | |j | | |} || | | dS)aDSign. :param bytes payload: Payload to sign. :param JWK key: Key for signature. :param JWASignature alg: Signature algorithm to use to sign. :param bool include_jwk: If True, insert the JWK inside the signature headers. :param FrozenSet protect: List of headers to protect. r)rrg)rfrhri) rDkty public_keyrHissubsetrtr8popZ json_dumpssignryrx) rrvryr)r}r~rmZ header_paramsZprotected_paramsrhrfrirrrrs" zSignature.signr9cs t}|ds|d=|S)Nrh)rofields_to_partial_jsonrB)r?fieldsrqrrrs  z Signature.fields_to_partial_jsonjobjrcs4t|}||}d|dvr0td|S)Nr)rezalg not present)rofields_from_jsonrnrBr r)rrrZfields_with_combinedrqrrrs    zSignature.fields_from_json)N)'r"r#r$r%r(rtr^ __slots__rr=rfr'r]rhrbrlrir_r5r*rrpr&rrnrxrrcraboolr| frozensetr\rrrrr __classcell__rrrqrrdsH     *rdc@seZdZUdZdZeed<eeed<eZ de e j e dddZeeedd d d Zeed d dZed ddZeeddddZde eeefdddZeeeefddddZdS)JWSzgJSON Web Signature. :ivar str payload: JWS Payload. :ivar str signature: JWS Signatures. rv signaturesrvrN)ryrcstfddjDS)Verify.c3s|]}|jVqdSrV)r|rvr;rzryr?rrrY.zJWS.verify..)allr)r?ryrrrr|,sz JWS.verify)rvrmrcKs |||jjfd|i|fdS)Sign.rvr) signature_clsr)rrvrmrrrr0szJWS.signr9cCst|jdksJ|jdS)zPGet a singleton signature. :rtype: :class:`JWS.signature_cls` r)r rr>rrrri5sz JWS.signaturecCs\t|jdksJd|jjvs&Jt|jjddt|j dt|jjS)z7Compact serialization. :rtype: bytes rr)rkrw) r rrirhrBr rPrfr!rvr>rrr to_compact?s  zJWS.to_compact)compactrcCsfz|d\}}}Wnty0tdYn0|jt|dt|d}|t||fdS)zACompact deserialization. :param bytes compact: rwzOCompact JWS serialization should comprise of exactly 3 dot-separated componentsrk)rfrir)split ValueErrorr rrr rXr)rrrfrvrirzrrr from_compactRs  zJWS.from_compactT)flatrcCsR|js Jt|j}|rBt|jdkrB|jd}||d<|S||jdSdS)Nrrrvr)rrrlrvr to_partial_json)r?rrvretrrrres  zJWS.to_partial_jsonrcsd|vrd|vrtdnfd|vrVdd|D}t|dj|fdSt|dtfdd |dDdSdS) NrirzFlat mixed with non-flatcSsi|]\}}|dkr||qS)rvr)r;ryrrrrr@xrz!JWS.from_json..rvrc3s|]}j|VqdSrV)rr]rrrrrYrz JWS.from_json..)r rrArrbrr]rZ)rrZfilteredrrrr]ss    z JWS.from_json)N)T)r"r#r$r%rr_r^rrdrrrcrarr|r&rrpropertyrirrrr'rrr]rrrrrs   rc@seZdZdZeejddddZeejedddZ ee e j dd d Z ee e dd d Zee eejdd dZedeeeeedddZdS)CLIzJWS CLI.N)argsrcCs|jj|j}|j|jdur.g|_|jr@|jdt j t j  ||jt|jd}|jr~t|dn t|dS)rNr))rvryr)r~rk)r)rloadryreadcloser~rappendrrsysstdinr!rHprintrrZjson_dumps_pretty)rrryrzrrrrs   zCLI.signc Cs|jrttj}nLzttttj}Wn0t j yf}zt |WYd}~dSd}~00|j dur|j dusJ|j |j }|j nd}tj|j|j|d S)rNF)ry)rrrrrrr!r rur rLrryrrrrstdoutwritervrr|)rrrzr[ryrrrr|s  z CLI.verify)argrcCs tj|SrV)rr\r]rrrrr _alg_typesz CLI._alg_typecCs|tjjvsJ|SrV)rdrtr8rrrr _header_typeszCLI._header_typecCs|tjjvsJtjj|SrV)r`raZTYPESrrrr _kty_typesz CLI._kty_typecCs|durtjdd}t}|jddd|}|d}|j|jd|jdd t d d d |jd d|j t j d|jddd|j d|d}|j|jd|jdd t d dd |jd|jdd ||}||S)z Parse arguments and sign/verify.Nrz --compact store_true)actionr)funcz-kz--keyrbT)rErequiredz-az--alg)rEr1z-pz --protectr)rrEr|Fz--kty)rargvargparseArgumentParser add_argumentadd_subparsers add_parser set_defaultsrFileTyperrZRS256rr|r parse_argsr)rrparserZ subparsersZ parser_signZ parser_verifyparsedrrrruns    zCLI.run)N)r"r#r$r%r&r Namespacerrr|rrr\rrr r`rarrrr'rrrrrrsr__main__)!r%rrOrtypingrrrrrrrr r ZOpenSSLr rcr r rrrr`rrZJSONObjectWithFieldsr(rdrrr"exitrrrrrs",   kfR