B
    d1.                 @  s   d dl mZ d dlZd dlZd dlmZ d dlmZ d dlmZm	Z	m
Z
 d dlmZmZ ddlmZ dd	lmZmZmZmZmZmZmZ dd
lmZ erddlmZmZ G dd dZe ZejZejZej Z dS )    )annotationsN)timegm)Iterable)datetime	timedeltatimezone)TYPE_CHECKINGAny   )api_jws)DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysc               @  sB  e Zd Zd@dddddZeddd	d
ZdAddddddddddZdBdddddddZdCdddddd d!dd"d#dd$d%d&Zdd#d'd(d)Z	dDdddddd d!dd"d#d#d$d*d+Z
dEddd"dd,d-d.Zdddd/d0d1Zdd2d2dd3d4d5Zdd2d2dd3d6d7Zdd2d2dd3d8d9Zdd!dd:d;d<Zdd#dd=d>d?ZdS )FPyJWTNzdict[str, Any] | NoneNone)optionsreturnc             C  s   |d kri }|   || _d S )N)_get_default_optionsr   )selfr    r   X/work/yifan.wang/ringdown/master-ringdown-env/lib/python3.7/site-packages/jwt/api_jwt.py__init__   s    zPyJWT.__init__zdict[str, bool | list[str]])r   c               C  s   ddddddg dS )NT)verify_signature
verify_exp
verify_nbf
verify_iat
verify_aud
verify_issrequirer   r   r   r   r   r       s    zPyJWT._get_default_optionsHS256Tzdict[str, Any]z AllowedPrivateKeys | str | bytesz
str | Noneztype[json.JSONEncoder] | Noneboolstr)payloadkey	algorithmheadersjson_encodersort_headersr   c       	      C  sr   t |tstd| }x0dD ](}t ||tr t||  ||< q W | j|||d}t	j
||||||dS )NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)r,   r-   )r.   )
isinstancedict	TypeErrorcopygetr   r   utctimetuple_encode_payloadr   encode)	r   r)   r*   r+   r,   r-   r.   Z
time_claimZjson_payloadr   r   r   r9   ,   s$    


zPyJWT.encodebytes)r)   r,   r-   r   c             C  s   t j|d|ddS )z
        Encode a given payload to the bytes to be signed.

        This method is intended to be overridden by subclasses that need to
        encode the payload in a different way, e.g. compress the payload.
        ),:)
separatorsclszutf-8)jsondumpsr9   )r   r)   r,   r-   r   r   r   r8   R   s
    zPyJWT._encode_payload r   zstr | byteszAllowedPublicKeys | str | byteszlist[str] | Nonezbool | Nonezbytes | Nonezstr | Iterable[str] | Nonezfloat | timedeltar	   )jwtr*   
algorithmsr   verifydetached_payloadaudienceissuerleewaykwargsr   c
             K  s   |
rt dt|
  t t|p&i }|dd |d k	rX||d krXt jdtd |d s|dd |dd |d	d |d
d |dd |d r|stdt	j
|||||d}| |}| j|}| j|||||	d ||d< |S )Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r   TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryr    Fr!   r"   r#   r$   z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r*   rC   r   rE   )rF   rG   rH   r)   )warningswarntuplekeysr   r3   
setdefaultDeprecationWarningr   r   decode_complete_decode_payloadr   _validate_claims)r   rB   r*   rC   r   rD   rE   rF   rG   rH   rI   decodedr)   Zmerged_optionsr   r   r   rQ   d   s>    

zPyJWT.decode_complete)rT   r   c          
   C  sZ   yt |d }W n0 tk
rB } ztd| W dd}~X Y nX t|tsVtd|S )a  
        Decode the payload from a JWS dictionary (payload, signature, header).

        This method is intended to be overridden by subclasses that need to
        decode the payload in a different way, e.g. decompress compressed
        payloads.
        r)   zInvalid payload string: Nz-Invalid payload string: must be a json object)r?   loads
ValueErrorr   r2   r3   )r   rT   r)   er   r   r   rR      s     
zPyJWT._decode_payloadc
             K  sB   |
rt dt|
  t | j|||||||||	d	}|d S )Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )rD   rE   rF   rG   rH   r)   )rK   rL   rM   rN   r   rQ   )r   rB   r*   rC   r   rD   rE   rF   rG   rH   rI   rT   r   r   r   decode   s    zPyJWT.decode)r)   r   rH   r   c             C  s   t |tr| }|d k	r0t |ttfs0td| || tjt	j
d }d|krl|d rl| ||| d|kr|d r| ||| d|kr|d r| ||| |d	 r| || |d
 r| || d S )Nz+audience must be a string, iterable or None)tzr0   r"   r1   r!   r/   r    r$   r#   )r2   r   total_secondsr(   r   r4   _validate_required_claimsr   nowr   utc	timestamp_validate_iat_validate_nbf_validate_exp_validate_iss_validate_aud)r   r)   r   rF   rG   rH   r\   r   r   r   rS      s     
zPyJWT._validate_claims)r)   r   r   c             C  s,   x&|d D ]}| |d kr
t|q
W d S )Nr%   )r6   r   )r   r)   r   Zclaimr   r   r   r[      s    zPyJWT._validate_required_claimsfloat)r)   r\   rH   r   c             C  sF   yt |d }W n tk
r,   tdY nX ||| krBtdd S )Nr0   z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrV   r   r   )r   r)   r\   rH   r0   r   r   r   r_   	  s    zPyJWT._validate_iatc             C  sF   yt |d }W n tk
r,   tdY nX ||| krBtdd S )Nr1   z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))re   rV   r   r   )r   r)   r\   rH   r1   r   r   r   r`     s    zPyJWT._validate_nbfc             C  sF   yt |d }W n tk
r,   tdY nX ||| krBtdd S )Nr/   z/Expiration Time claim (exp) must be an integer.zSignature has expired)re   rV   r   r   )r   r)   r\   rH   r/   r   r   r   ra   $  s    zPyJWT._validate_exp)r)   rF   r   c               s   |d kr$d|ks|d sd S t dd|ks4|d s<td|d  t trT g t tsft dtdd  D rt dt|tr|g}t fdd|D rt dd S )NaudzInvalid audiencezInvalid claim format in tokenc             s  s   | ]}t |t V  qd S )N)r2   r(   ).0cr   r   r   	<genexpr>I  s    z&PyJWT._validate_aud.<locals>.<genexpr>c             3  s   | ]}| kV  qd S )Nr   )rg   rf   )audience_claimsr   r   ri   O  s    zAudience doesn't match)r   r   r2   r(   listanyall)r   r)   rF   r   )rj   r   rc   2  s"    


zPyJWT._validate_aud)r)   rG   r   c             C  s4   |d krd S d|krt d|d |kr0tdd S )NZisszInvalid issuer)r   r   )r   r)   rG   r   r   r   rb   R  s    zPyJWT._validate_iss)N)r&   NNT)NN)rA   NNNNNNr   )rA   NNNNNNr   )NNr   )__name__
__module____qualname__r   staticmethodr   r9   r8   rQ   rR   rX   rS   r[   r_   r`   ra   rc   rb   r   r   r   r   r      sD      "        $7       $  	 r   )!
__future__r   r?   rK   calendarr   collections.abcr   r   r   r   typingr   r	   rA   r   
exceptionsr   r   r   r   r   r   r   r   rC   r   r   r   Z_jwt_global_objr9   rQ   rX   r   r   r   r   <module>   s$   $	  E