B
    d[+                 @  s   d dl mZ d dlZd dlZd dlZd dlmZmZ ddlm	Z	m
Z
mZmZ ddlmZmZmZmZ ddlmZmZ ddlmZ erdd	lmZmZ G d
d dZe ZejZejZejZejZejZejZej Z dS )    )annotationsN)TYPE_CHECKINGAny   )	Algorithmget_default_algorithms
has_cryptorequires_cryptography)DecodeErrorInvalidAlgorithmErrorInvalidSignatureErrorInvalidTokenError)base64url_decodebase64url_encode)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc            
   @  s"  e Zd ZdZd@ddddddZed	d
ddZddddddZdddddZdd
ddZ	dddddZ
dAddd dd!d"d"dd#d$d%ZdBd'd(ddd)d*d+d,d-ZdCd'd(ddd)d.d+d/d0Zd'd*d1d2d3Zd'd4d1d5d6ZdDdd*dd(ddd7d8d9Zd*dd:d;d<Zd.dd=d>d?ZdS )EPyJWSZJWTNzlist[str] | Nonezdict[str, Any] | NoneNone)
algorithmsoptionsreturnc             C  sl   t  | _|d k	rt|nt| j| _x(t| j D ]}|| jkr4| j|= q4W |d krZi }|  || _d S )N)r   _algorithmsset_valid_algslistkeys_get_default_optionsr   )selfr   r   key r    X/work/yifan.wang/ringdown/master-ringdown-env/lib/python3.7/site-packages/jwt/api_jws.py__init__   s    
zPyJWS.__init__zdict[str, bool])r   c               C  s   ddiS )Nverify_signatureTr    r    r    r    r!   r   1   s    zPyJWS._get_default_optionsstrr   )alg_idalg_objr   c             C  s>   || j krtdt|ts$td|| j |< | j| dS )zW
        Registers a new Algorithm for use when creating and verifying tokens.
        z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r   
ValueError
isinstancer   	TypeErrorr   add)r   r%   r&   r    r    r!   register_algorithm5   s    


zPyJWS.register_algorithm)r%   r   c             C  s*   || j krtd| j |= | j| dS )z
        Unregisters an Algorithm for use when creating and verifying tokens
        Throws KeyError if algorithm is not registered.
        zJThe specified algorithm could not be removed because it is not registered.N)r   KeyErrorr   remove)r   r%   r    r    r!   unregister_algorithmB   s
    
zPyJWS.unregister_algorithmz	list[str]c             C  s
   t | jS )zM
        Returns a list of supported values for the 'alg' parameter.
        )r   r   )r   r    r    r!   get_algorithmsP   s    zPyJWS.get_algorithms)alg_namer   c          
   C  sZ   y
| j | S  tk
rT } z,ts:|tkr:td| d|td|W dd}~X Y nX dS )z
        For a given string name, return the matching Algorithm object.

        Example usage:

        >>> jws_obj.get_algorithm_by_name("RS256")
        zAlgorithm 'z9' could not be found. Do you have cryptography installed?zAlgorithm not supportedN)r   r,   r   r	   NotImplementedError)r   r0   er    r    r!   get_algorithm_by_nameV   s    
zPyJWS.get_algorithm_by_nameHS256FTbytesz AllowedPrivateKeys | str | bytesz
str | Noneztype[json.JSONEncoder] | Nonebool)payloadr   	algorithmheadersjson_encoderis_payload_detachedsort_headersr   c             C  s,  g }|d k	r|nd}	|rD| d}
|
r.|d }	| d}|dkrDd}| j|	d}|rh| | || |d sv|d= |rd|d< nd|kr|d= tj|d||d	 }|t| |r|}nt|}|| d
	|}| 
|	}||}|||}|t| |rd|d< d
	|}|dS )Nnonealgb64FT)typr>   r@   ),:)
separatorscls	sort_keys   .    r   zutf-8)get
header_typ_validate_headersupdatejsondumpsencodeappendr   joinr3   prepare_keysigndecode)r   r7   r   r8   r9   r:   r;   r<   segmentsZ
algorithm_Zheaders_algZheaders_b64headerZjson_headerZmsg_payloadsigning_inputr&   	signatureencoded_stringr    r    r!   rN   g   sF    










zPyJWS.encode zstr | byteszAllowedPublicKeys | str | byteszbytes | Nonezdict[str, Any])jwtr   r   r   detached_payloadr   c             K  s   |rt dt|  t |d kr*i }| j|}|d }|rL|sLtd| |\}	}
}}|dddkr|d kr~td|}	d	|

dd	d
 |	g}
|r| |
|||| |	||dS )Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r#   z\It is required that you pass in a value for the "algorithms" argument when calling decode().r?   TFzIt is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rF   r   r   )r7   rU   rW   )warningswarntupler   r   r   r
   _loadrH   rP   rsplit_verify_signature)r   rZ   r   r   r   r[   kwargsZmerged_optionsr#   r7   rV   rU   rW   r    r    r!   decode_complete   s.    	
zPyJWS.decode_completer   c             K  s:   |rt dt|  t | j|||||d}|d S )Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )r[   r7   )r\   r]   r^   r   r   rc   )r   rZ   r   r   r   r[   rb   decodedr    r    r!   rS      s    	zPyJWS.decode)rZ   r   c             C  s   |  |d }| | |S )zReturns back the JWT header parameters as a dict()

        Note: The signature is not verified so the header parameters
        should not be fully trusted until signature verification is complete
           )r_   rJ   )r   rZ   r9   r    r    r!   get_unverified_header   s    
zPyJWS.get_unverified_headerz*tuple[bytes, bytes, dict[str, Any], bytes]c          
   C  s  t |tr|d}t |ts,tdt y$|dd\}}|dd\}}W n, tk
r| } ztd|W d d }~X Y nX yt|}W n2 t	t
jfk
r } ztd|W d d }~X Y nX yt|}W n2 tk
r }	 ztd|	 |	W d d }	~	X Y nX t |tstdyt|}
W n4 t	t
jfk
rT } ztd	|W d d }~X Y nX yt|}W n4 t	t
jfk
r } ztd
|W d d }~X Y nX |
|||fS )Nzutf-8z$Invalid token type. Token must be a rF   r   zNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r(   r$   rN   r5   r
   r`   splitr'   r   r)   binasciiErrorrL   loadsdict)r   rZ   rV   Zcrypto_segmentZheader_segmentZpayload_segmenterrZheader_datarU   r2   r7   rW   r    r    r!   r_      s8    


"zPyJWS._load)rV   rU   rW   r   r   r   c       
   
   C  s   y|d }W n t k
r(   tdY nX |r>|d k	rF||krFtdy| |}W n, tk
r } ztd|W d d }~X Y nX ||}	|||	|stdd S )Nr>   zAlgorithm not specifiedz&The specified alg value is not allowedzAlgorithm not supportedzSignature verification failed)r,   r   r3   r1   rQ   verifyr   )
r   rV   rU   rW   r   r   r>   r&   r2   Zprepared_keyr    r    r!   ra     s    
zPyJWS._verify_signature)r9   r   c             C  s   d|kr|  |d  d S )Nkid)_validate_kid)r   r9   r    r    r!   rJ   8  s    zPyJWS._validate_headers)rn   r   c             C  s   t |tstdd S )Nz(Key ID header parameter must be a string)r(   r$   r   )r   rn   r    r    r!   ro   <  s    
zPyJWS._validate_kid)NN)r4   NNFT)rY   NNN)rY   NNN)rY   N)__name__
__module____qualname__rI   r"   staticmethodr   r+   r.   r/   r3   rN   rc   rS   rf   r_   ra   rJ   ro   r    r    r    r!   r      s6        @   *   + r   )!
__future__r   rh   rL   r\   typingr   r   r   r   r   r   r	   
exceptionsr
   r   r   r   utilsr   r   r   r   r   r   Z_jws_global_objrN   rc   rS   r+   r.   r3   rf   r    r    r    r!   <module>   s*     (