`ddlZddlZddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZGddeZGddeZdS)N)datetime)timezone)Decimal)Real) _CompactJSON) base64_decode) base64_encode) want_bytes)BadData) BadHeader) BadPayload) BadSignature)SignatureExpired) Serializer) HMACAlgorithm) NoneAlgorithmceZdZdZeejeejeeje dZ dZ e Z dfd Zdfd ZdZd Zdd Zd Zdd Zdd ZddZxZS)JSONWebSignatureSerializerzThis serializer implements JSON Web Signature (JWS) support. Only supports the JWS Compact Serialization. .. deprecated:: 2.0 Will be removed in ItsDangerous 2.1. Use a dedicated library such as authlib. )HS256HS384HS512nonerNctjdtdt||||||||j}||_|||_dS)NzsJWS support is deprecated and will be removed in ItsDangerous 2.1. Use a dedicated JWS/JWT library such as authlib.) stacklevel)salt serializerserializer_kwargssigner signer_kwargs) warningswarnDeprecationWarningsuper__init__default_algorithmalgorithm_namemake_algorithm algorithm) self secret_keyrrrr r!r( __class__s 0lib/python3.11/site-packages/itsdangerous/jws.pyr&z#JSONWebSignatureSerializer.__init__,s           !/'      !!3N,,,^<<Fct|}d|vrtd|dd\}} t|}n##t$r}t d|d}~wwxYw t|}n##t$r}td|d}~wwxYw t |t} n##t$r}t d|d}~wwxYwt| tst d | t ||}|r|| fS|S) N.zNo "." found in valuerz:Could not base64 decode the header because of an exception)original_errorz;Could not base64 decode the payload because of an exception)rz5Could not unserialize header because it was malformedz#Header payload is not a JSON object)header) r rsplitr Exceptionr r% load_payloadrr isinstancedict) r+payloadr return_headerbase64d_headerbase64d_payload json_headere json_payloadr3r-s r.r6z'JSONWebSignatureSerializer.load_payloadLsW%% w  455 5*1--a*@*@' '77KK   L     (99LL   M     WW))+,)OOFF   G    &$'' RA&QQQ Q''&&| &KK  #F? "sGA A.A))A.2B B" BB"&(C C/C**C/ct|jj|fi|j}t|jj|fi|j}|dz|zS)Nr1)r rdumpsr)r+r3objr;r<s r. dump_payloadz'JSONWebSignatureSerializer.dump_payloadvsn& !DO !& C CD,B C C  ( !DO !# @ @)? @ @  $66r/cX |j|S#t$rtdwxYw)NzAlgorithm not supported)jws_algorithmsKeyErrorNotImplementedError)r+r(s r.r)z)JSONWebSignatureSerializer.make_algorithmsD A&~6 6 A A A%&?@@ @ As )cp||j}|dnd}||j}||j|d||S)Nr.)rsepkey_derivationr*)rr*r secret_keys)r+rr*rKs r. make_signerz&JSONWebSignatureSerializer.make_signersU <9D#'<T  I{{  )    r/cJ|r|ni}|j|d<|S)Nalg)copyr()r+ header_fieldsr3s r. make_headerz&JSONWebSignatureSerializer.make_headers.)6>##%%%B+u  r/c||}|||j}||||S)zLike :meth:`.Serializer.dumps` but creates a JSON Web Signature. It also allows for specifying additional fields to be included in the JWS header. )rRrMr*signrC)r+rBrrQr3r s r.rAz JSONWebSignatureSerializer.dumpssP !!-00!!$77{{4,,VS99:::r/c||||jt |d\}}|d|jkrtd|||r||fS|S)z{Reverse of :meth:`dumps`. If requested via ``return_header`` it will return a tuple of payload and header. Tr:rOzAlgorithm mismatch)r3r9)r6rMr*unsignr getr(r )r+srr:r9r3s r.loadsz JSONWebSignatureSerializer.loadss++   T4> 2 2 9 9*Q-- H H,   ::e   3 3 30QQQ Q  #F? "r/c:d|i}|||||S)Nr:)_loads_unsafe_impl)r+rYrr:kwargss r. loads_unsafez'JSONWebSignatureSerializer.loads_unsafes&!=1&&q$???r/)NNNNNNNF)NN)__name__ __module__ __qualname____doc__rhashlibsha256sha384sha512rrEr'rdefault_serializerr&r6rCr)rMrRrArZr^ __classcell__r-s@r.rrsUw~..w~..w~..  N % ======@((((((T777AAA     " ;;;;"@@@@@@@@r/rcJeZdZdZdZd fd ZfdZd fd ZdZd Z xZ S) TimedJSONWebSignatureSerializeraWorks like the regular :class:`JSONWebSignatureSerializer` but also records the time of the signing and can be used to expire signatures. JWS currently does not specify this behavior but it mentions a possible extension like this in the spec. Expiry date is encoded into the header similar to what's specified in `draft-ietf-oauth -json-web-token `_. iNc \tj|fi|||j}||_dSN)r%r&DEFAULT_EXPIRES_IN expires_in)r+r,rpr]r-s r.r&z(TimedJSONWebSignatureSerializer.__init__s;..v...  0J$r/ct|}|}||jz}||d<||d<|S)Niatexp)r%rRnowrp)r+rQr3rrrsr-s r.rRz+TimedJSONWebSignatureSerializer.make_headersJ$$]33hhjjDO#u u  r/Fct||d\}}d|vrtd|td|} t |d|d<n#t $r|wxYw|ddkr||d|kr%td||| |r||fS|S) NTrVrszMissing expiry date)r9zExpiry date is not an IntDaterzSignature expired)r9 date_signed) r%rZrr int ValueErrorrtrget_issue_date)r+rYrr:r9r3int_date_errorr-s r.rZz%TimedJSONWebSignatureSerializer.loadss''--4t-DD   4gFFF F"#BGTTT !u ..F5MM ! ! !  ! %=1   %=488:: % %"# //77   #F? "s A)) A6c|d}t|ttfr-t jt |tjSdS)aRIf the header contains the ``iat`` field, return the date the signature was issued, as a timezone-aware :class:`datetime.datetime` in UTC. .. versionchanged:: 2.0 The timestamp is returned as a timezone-aware ``datetime`` in UTC rather than a naive ``datetime`` assumed to be UTC. rr)tzN) rXr7rrr fromtimestamprwrutc)r+r3rvs r.ryz.TimedJSONWebSignatureSerializer.get_issue_datesVZZ   b4/ * * D)#b''hlCCC C D Dr/cBttjSrn)rwtime)r+s r.rtz#TimedJSONWebSignatureSerializer.nows49;;r/rnr_) r`rarbrcror&rRrZryrtrirjs@r.rlrls  %%%%%%8 D D D       r/rl)rdrr"rrdecimalrnumbersr_jsonrencodingr r r excr r rrrrrr rrrrlr/r.rs ############ !!!!!!""""""!!!!!!!!!!!!`@`@`@`@`@`@`@`@FI I I I I &@I I I I I r/