
     h	5                         d dl mZ d dl mZ d dl mZ d dl mZ d dlmZ d dlmZ d dlmZ d dlm	Z	 d d	lm
Z
 d d
lmZ d dlmZ d dlmZ d dlmZ ddlmZ ddlmZ  G d d          Zd Zd Zd ZdS )    )json_b64encode)to_bytes)
to_unicode)urlsafe_b64encode)BadSignatureError)DecodeError)#InvalidCritHeaderParameterNameErrorInvalidHeaderParameterNameError)MissingAlgorithmError)UnsupportedAlgorithmError)ensure_dict)extract_header)extract_segment   )	JWSHeader)	JWSObjectc                       e Zd Z eg d          Zi ZddZed             Zd Z	ddZ
d ZddZd	 Zdd
Zd Zd Zd Zd Zd ZdS )JsonWebSignature)algjkujwkkidx5ux5cx5tzx5t#S256typctycritNc                 "    || _         || _        d S N)_private_headers_algorithms)self
algorithmsprivate_headerss      j/Users/user/workspace/sujinbaek/cqa-test-app/venv/lib/python3.11/site-packages/authlib/jose/rfc7515/jws.py__init__zJsonWebSignature.__init__(   s     /%    c                 b    |r|j         dk    rt          d|          || j        |j        <   d S )NJWSzInvalid algorithm for JWS, )algorithm_type
ValueErrorALGORITHMS_REGISTRYname)cls	algorithms     r'   register_algorithmz#JsonWebSignature.register_algorithm,   sD     	JI4==H9HHIII2;	///r)   c                    t          |d          }|                     |           |                     |           |                     |||          \  }}t	          |j                  }t          t          |                    }d                    ||g          }t          |	                    ||                    }	d                    |||	g          S )a"  Generate a JWS Compact Serialization. The JWS Compact Serialization
        represents digitally signed or MACed content as a compact, URL-safe
        string, per `Section 7.1`_.

        .. code-block:: text

            BASE64URL(UTF8(JWS Protected Header)) || '.' ||
            BASE64URL(JWS Payload) || '.' ||
            BASE64URL(JWS Signature)

        :param protected: A dict of protected header
        :param payload: A bytes/string of payload
        :param key: Private key used to generate signature
        :return: byte
        N   .)
r   _validate_private_headers_validate_crit_headers_prepare_algorithm_keyr   	protectedr   r   joinsign)
r$   r8   payloadkey
jws_headerr1   protected_segmentpayload_segmentsigning_input	signatures
             r'   serialize_compactz"JsonWebSignature.serialize_compact2   s      y$//
&&y111##I...44YMM	3*:+?@@+HW,=,=>> 		#4o"FGG%inn]C&H&HII	yy+_iHIIIr)   c                 0   	 t          |          }|                    dd          \  }}|                    dd          \  }}n"# t          $ r}t	          d          |d}~ww xY wt          |          }	|                     |	           t          |	d          }
t          |          }|r ||          }t          |          }t          |
|d          }|                     |
||          \  }}|                    |||          r|S t          |          )a  Exact JWS Compact Serialization, and validate with the given key.
        If key is not provided, the returned dict will contain the signature,
        and signing input values. Via `Section 7.1`_.

        :param s: text of JWS Compact Serialization
        :param key: key used to verify the signature
        :param decode: a function to decode payload data
        :return: JWSObject
        :raise: BadSignatureError

        .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1
        r4   r   zNot enough segmentsNcompact)r   rsplitsplitr-   r   _extract_headerr6   r   _extract_payload_extract_signaturer   r7   verifyr   )r$   sr<   decoder@   signature_segmentr>   r?   excr8   r=   r;   rA   rvr1   s                  r'   deserialize_compactz$JsonWebSignature.deserialize_compactO   s4   	>A/0xxa/@/@,M,1>1D1DT11M1M. 	> 	> 	>344#=	> $$566	##I...y$//
"?33 	&fWooG&'899	z7I6644Z#NN	3M9c:: 	I###s   AA 
A#AA#c                     t                     fdt          |t                    r1 t          j        |                    }t                    |d<   |S fd|D             }t                    |dS )a  Generate a JWS JSON Serialization. The JWS JSON Serialization
        represents digitally signed or MACed content as a JSON object,
        per `Section 7.2`_.

        :param header_obj: A dict/list of header
        :param payload: A string/dict of payload
        :param key: Private key used to generate signature
        :return: JWSObject

        Example ``header_obj`` of JWS JSON Serialization::

            {
                "protected: {"alg": "HS256"},
                "header": {"kid": "jose"}
            }

        Pass a dict to generate flattened JSON Serialization, pass a list of
        header dict to generate standard JSON Serialization.
        c                    
                     |            
                    | j                   
                    | j                   
                    |           \  }}t          | j                  }d                    |	g          }t          |	                    ||                    }t          |          t          |          d}| j        
| j        |d<   |S )Nr4   )r8   rA   header)r5   _reject_unprotected_critrS   r6   r8   r7   r   r9   r   r:   r   )r=   _alg_keyr>   r@   rA   rO   r<   r;   r?   r$   s          r'   _signz.JsonWebSignature.serialize_json.<locals>._sign   s    **:666 ))**;<<<''
(<===44Z#NNJD$ .z/C D D II'8/&JKKM)$))M4*H*HIII ((9::'	22 B  ,)08Ir)   r;   c                 J    g | ]} t          j        |                     S  )r   	from_dict).0hrW   s     r'   
<listcomp>z3JsonWebSignature.serialize_json.<locals>.<listcomp>   s.    HHHeeI/2233HHHr)   )r;   
signatures)r   
isinstancedictr   rZ   r   )r$   
header_objr;   r<   datar^   rW   r?   s   ` ``  @@r'   serialize_jsonzJsonWebSignature.serialize_jsonr   s    ( )11	 	 	 	 	 	 	 	* j$'' 	5,Z8899D(99DOKHHHHZHHH
%o66jQQQr)   c                    t          |d          }|                    d          }|t          d          t          |          }t	          |          }|r ||          }d|vr?|                     ||||          \  }}t          ||d          }|r|S t          |          g }	d}
|d         D ]6}|                     ||||          \  }}|	                    |           |sd}
7t          |	|d	          }|
r|S t          |          )
a  Exact JWS JSON Serialization, and validate with the given key.
        If key is not provided, it will return a dict without signature
        verification. Header will still be validated. Via `Section 7.2`_.

        :param obj: text of JWS JSON Serialization
        :param key: key used to verify the signature
        :param decode: a function to decode payload data
        :return: JWSObject
        :raise: BadSignatureError

        .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2
        r+   r;   NzMissing "payload" valuer^   flatTFjson)	r   getr   r   rH   _validate_json_jwsr   r   append)r$   objr<   rL   r?   r;   r=   validrO   headersis_validra   s               r'   deserialize_jsonz!JsonWebSignature.deserialize_json   sS    #u%%''),,"7888"?33"?33 	&fWooGs"" $ 7 7#s! !J :w77B 	#B'''l+ 	! 	!J $ 7 7*c! !J NN:&&& ! w00 	I###r)   c                     t          |t          t          f          r|                     |||          S d|v r|                     |||          S |                     |||          S )a  Generate a JWS Serialization. It will automatically generate a
        Compact or JSON Serialization depending on the given header. If a
        header is in a JSON header format, it will call
        :meth:`serialize_json`, otherwise it will call
        :meth:`serialize_compact`.

        :param header: A dict/list of header
        :param payload: A string/dict of payload
        :param key: Private key used to generate signature
        :return: byte/dict
        r8   )r_   listtuplerc   rB   )r$   rS   r;   r<   s       r'   	serializezJsonWebSignature.serialize   sm     ftUm,, 	=&&vw<<<&  &&vw<<<%%fgs;;;r)   c                 (   t          |t                    r|                     |||          S t          |          }|                    d          r,|                    d          r|                     |||          S |                     |||          S )a  Deserialize JWS Serialization, both compact and JSON format.
        It will automatically deserialize depending on the given JWS.

        :param s: text of JWS Compact/JSON Serialization
        :param key: key used to verify the signature
        :param decode: a function to decode payload data
        :return: dict
        :raise: BadSignatureError

        If key is not provided, it will still deserialize the serialization
        without verification.
           {   })r_   r`   rn   r   
startswithendswithrP   )r$   rK   r<   rL   s       r'   deserializezJsonWebSignature.deserialize   s     a 	9((C888QKK<< 	9!**T"2"2 	9((C888''3777r)   c                 @   d|vrt                      |d         }| j        || j        vrt                      || j        vrt                      | j        |         }t	          |          r |||          }n|d|v r|d         }|                    |          }||fS )Nr   r   )r   r#   r   r.   callableprepare_key)r$   rS   r;   r<   r   r1   s         r'   r7   z'JsonWebSignature._prepare_algorithm_key   s    ')))Um'Ct7G,G,G+---d...+---,S1	C== 	 #fg&&CC[Uf__-C##C((#~r)   c                     | j         K| j                                        }|                    | j                   }|D ]}||vrt	          |          d S d S r!   )r"   !REGISTERED_HEADER_PARAMETER_NAMEScopyunionr   )r$   rS   namesks       r'   r5   z*JsonWebSignature._validate_private_headers  sr      ,:??AAEKK 566E = =E>>9!<<< " -,= =r)   c                 4    |rd|v rt          d          dS dS )uG   Reject 'crit' when found in the unprotected header (RFC 7515 §4.1.11).r   Nr
   )r$   unprotected_headers     r'   rT   z)JsonWebSignature._reject_unprotected_crit  s3     	:&,>">">1&999	: 	:">">r)   c                 f   d|v r|d         }t          |t                    rt          d |D                       st          d          | j                                        }| j        r|                    | j                  }|D ]*}||vrt          |          ||vrt          |          )d S d S )Nr   c              3   @   K   | ]}t          |t                    V  d S r!   )r_   str)r[   xs     r'   	<genexpr>z:JsonWebSignature._validate_crit_headers.<locals>.<genexpr>$  s=       = ='(
1c""= = = = = =r)   )	r_   rp   allr   r}   r~   r"   r   r	   )r$   rS   crit_headersr   r   s        r'   r6   z'JsonWebSignature._validate_crit_headers   s    V!&>LlD11 > = =,8= = = : : > 6f===:??AAE$ ;D$9::! A AE>>=a@@@f__=a@@@ % A Ar)   c                    |                     d          }|st          d          |                     d          }|st          d          t          |          }t          |          }|                     d          }|r$t	          |t
                    st          d          |                     |           |                     |           t          ||          }	| 	                    |	||          \  }
}d
                    ||g          }t          t          |                    }|
                    |||          r|	dfS |	d	fS )
Nr8   zMissing "protected" valuerA   zMissing "signature" valuerS   zInvalid "header" valuer4   TF)rg   r   r   rG   r_   r`   rT   r6   r   r7   r9   rI   rJ   )r$   r?   r;   ra   r<   r>   rM   r8   rS   r=   r1   r@   rA   s                r'   rh   z#JsonWebSignature._validate_json_jws1  s]   &NN;77  	;9:::&NN;77  	;9:::$%677#$566	)) 	8*VT22 	86777 	%%f---
 	##I...y&11
44Z#NN	3		#4o"FGG&x0A'B'BCC	M9c:: 	$t##5  r)   )NNr!   )__name__
__module____qualname__	frozensetr}   r.   r(   classmethodr2   rB   rP   rc   rn   rr   rx   r7   r5   rT   r6   rh   rY   r)   r'   r   r      s,       (1		
 	
 	
) )%" & & & & < < [<
J J J:!$ !$ !$ !$F1R 1R 1Rf0$ 0$ 0$ 0$d< < <$8 8 8 8*  $	= 	= 	=: : :
A A A"! ! ! ! !r)   r   c                 ,    t          | t                    S r!   )r   r   )header_segments    r'   rG   rG   P  s    .+666r)   c                 .    t          | t          d          S )NrA   r   r   )rM   s    r'   rI   rI   T  s    ,k;GGGr)   c                 .    t          | t          d          S )Nr;   r   )r?   s    r'   rH   rH   X  s    ?KCCCr)   N)authlib.common.encodingr   r   r   r   authlib.jose.errorsr   r   r	   r   r   r   authlib.jose.utilr   r   r   modelsr   r   r   rG   rI   rH   rY   r)   r'   <module>r      s   2 2 2 2 2 2 , , , , , , . . . . . . 5 5 5 5 5 5 1 1 1 1 1 1 + + + + + + C C C C C C ? ? ? ? ? ? 5 5 5 5 5 5 9 9 9 9 9 9 ) ) ) ) ) ) , , , , , , - - - - - -            z! z! z! z! z! z! z! z!z	7 7 7H H HD D D D Dr)   