� L�g�-��B�ddlmZddlZddlZddlZddlmZddlmZm Z ddl mZmZm Z mZddlmZddlmZmZmZmZdd lmZmZdd lmZerddl mZmZGd�d ��Ze��ZejZejZej Z ej!Z!ej"Z"ej#Z#ej$Z$dS)�)�annotationsN)�Sequence)� TYPE_CHECKING�Any�)� Algorithm�get_default_algorithms� has_crypto�requires_cryptography)�PyJWK)�DecodeError�InvalidAlgorithmError�InvalidSignatureError�InvalidTokenError)�base64url_decode�base64url_encode)�RemovedInPyjwt3Warning)�AllowedPrivateKeys�AllowedPublicKeysc��eZdZdZ d9d:d �Zed;d��Zd<d�Zd=d�Zd>d�Z d?d�Z d@dAd$�Z dBdCd,�Z dBdDd.�Z dEd/�ZdFd1�Z dGdHd5�ZdId6�ZdJd8�ZdS)K�PyJWS�JWTN� algorithms�Sequence[str] | None�options�dict[str, Any] | None�return�Nonec�6�t��|_|�t|��nt|j��|_t |j��D]}||jvr|j|=�|�i}i|��|�|_dS)N)r �_algorithms�set�_valid_algs�list�keys�_get_default_optionsr)�selfrr�keys �[/home/asafur/pinokio/api/open-webui.git/app/env/lib/python3.11/site-packages/jwt/api_jws.py�__init__zPyJWS.__init__ s�� 2�3�3��)�5�C� �O�O�O�3�t�?O�;P�;P� �� (�-�-�/�/�0�0� *� *�C��$�*�*�*��$�S�)��?��G�A�$�3�3�5�5�A��A��dict[str, bool]c� �ddiS)N�verify_signatureT�r.r*r(r%zPyJWS._get_default_options3s ��"�D�)�)r*�alg_id�str�alg_objrc��||jvrtd��t|t��st d��||j|<|j�|��dS)zW Registers a new Algorithm for use when creating and verifying tokens. z Algorithm already has a handler.z!Object is not of type `Algorithm`N)r � ValueError� isinstancer� TypeErrorr"�add)r&r/r1s r(�register_algorithmzPyJWS.register_algorithm7sm��T�%�%�%��?�@�@�@��'�9�-�-� A��?�@�@�@�#*�� V�$�$�$�$�$r*c�z�||jvrtd��|j|=|j�|��dS)z� Unregisters an Algorithm for use when creating and verifying tokens Throws KeyError if algorithm is not registered. zJThe specified algorithm could not be removed because it is not registered.N)r �KeyErrorr"�remove)r&r/s r(�unregister_algorithmzPyJWS.unregister_algorithmDsS�� )�)�)��1�� V�$��'�'�'�'�'r*� list[str]c�*�t|j��S)zM Returns a list of supported values for the 'alg' parameter. )r#r")r&s r(�get_algorithmszPyJWS.get_algorithmsRs��D�$�%�%�%r*�alg_namec�� |j|S#t$r9}ts|tvrt d|�d��|�t d��|�d}~wwxYw)z� For a given string name, return the matching Algorithm object. Example usage: >>> jws_obj.get_algorithm_by_name("RS256") zAlgorithm 'z9' could not be found. Do you have cryptography installed?�Algorithm not supportedN)r r9r r�NotImplementedError)r&r?�es r(�get_algorithm_by_namezPyJWS.get_algorithm_by_nameXs�� H��#�H�-�-�� H� H� H�� (�.C�"C�"C�)�e�(�e�e�e��&�&?�@�@�a�G�� H��s�� A�4A � AFT�payload�bytesr'�(AllowedPrivateKeys | PyJWK | str | bytes� algorithm� str | None�headers�json_encoder�type[json.JSONEncoder] | None�is_payload_detached�bool�sort_headersc��g}|� t|t��r|j} nd} n|} |r:|�d��} | r|d} |�d��}|durd}|j| d�}|r*|�|��|�|��|ds|d=|rd|d<nd|vr|d=tj|d||� �� } |� t| ��|r|}nt|��}|� |��d �|��}|� | ��}t|t��r|j}|�|��}|�||��}|� t|��|rd|d<d �|��}|�d ��S)N�HS256�alg�b64FT)�typrRrT)�,�:)� separators�cls� sort_keys�.r*r�utf-8)r4r�algorithm_name�get� header_typ�_validate_headers�update�json�dumps�encode�appendr�joinrDr'�prepare_key�sign�decode)r&rEr'rHrJrKrMrO�segments� algorithm_�headers_alg�headers_b64�header�json_header�msg_payload� signing_inputr1� signature�encoded_strings r(rczPyJWS.encodeis*��#�u�%�%� %� �/� � �$� � �"�J�� +�!�+�+�e�,�,�K�� ,�$�U�^� �!�+�+�e�,�,�K��e�#�#�&*�#�*.��!L�!L�� #��"�"�7�+�+�+��M�M�'�"�"�"��e�}� ��u� �� !�F�5�M�M� �f�_�_��u� ��j��z�|�|� � � � �&�(�(� � ��(��5�5�6�6�6�� 4�!�K�K�*�7�3�3�K��$�$�$�� (�+�+� ��,�,�Z�8�8��c�5�!�!� ��'�C��!�!�#�&�&��L�L��4�4� ��(��3�3�4�4�4�� H�Q�K��8�,�,��$�$�W�-�-�-r*��jwt�str | bytes�'AllowedPublicKeys | PyJWK | str | bytes�detached_payload�bytes | None�dict[str, Any]c�.�|r>tjdt|��td��|�i}i|j�|�}|d}|r&|s$t |t��std��|� |��\} } }}|� dd��durD|�td ��|} d �| �d d��d| g��} |r|� | ||||��| ||d �S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: �� stacklevelr-z\It is required that you pass in a value for the "algorithms" argument when calling decode().rSTFz�It is required that you pass in a value for the "detached_payload" argument to decode a message having the b64 header set to false.rZrr)rErmrq)�warnings�warn�tupler$rrr4rr �_loadr]re�rsplit�_verify_signature) r&rtr'rrrw�kwargs�merged_optionsr-rErprmrqs r(�decode_completezPyJWS.decode_complete�so�� M�>�',�V�[�[�]�]�';�';�>�>�'�� ?��G�4�D�L�4�G�4��)�*<�=�� J� �z�#�u�7M�7M� ��n�� 59�J�J�s�O�O�1�� :�:�e�T�"�"�e�+�+��'�!�Z��'�G� �I�I�}�';�';�D�!�'D�'D�Q�'G��&Q�R�R�M�� V��"�"�=�&�)�S�*�U�U�U��"� � � r*rc��|r>tjdt|��td��|�|||||��}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r{r|)rwrE)r~rr�r$rr�)r&rtr'rrrwr��decodeds r(rhzPyJWS.decode�s�� M�>�',�V�[�[�]�]�';�';�>�>�'�� &�&��j�'�<L�'� � ��y�!�!r*c�f�|�|��d}|�|��|S)z�Returns back the JWT header parameters as a dict() Note: The signature is not verified so the header parameters should not be fully trusted until signature verification is complete r{)r�r_)r&rtrJs r(�get_unverified_headerzPyJWS.get_unverified_header�s1��*�*�S�/�/�!�$��w�'�'�'��r*�*tuple[bytes, bytes, dict[str, Any], bytes]c��t|t��r|�d��}t|t��st dt�� |�dd��\}}|�dd��\}}n"#t$r}t d��|�d}~wwxYw t|��}n.#ttjf$r}t d��|�d}~wwxYw tj |��}n%#t$r} t d| ��| �d} ~ wwxYwt|t��st d�� t|��} n.#ttjf$r}t d ��|�d}~wwxYw t|��}n.#ttjf$r}t d ��|�d}~wwxYw| |||fS)Nr[z$Invalid token type. Token must be a rZrzNot enough segmentszInvalid header paddingzInvalid header string: z,Invalid header string: must be a json objectzInvalid payload paddingzInvalid crypto padding)r4r0rcrFr r��splitr3rr5�binascii�Errorra�loads�dict)r&rtrp�crypto_segment�header_segment�payload_segment�err�header_datarmrCrErqs r(r�zPyJWS._loads0��c�3�� &��*�*�W�%�%�C��#�u�%�%� N��L�U�L�L�M�M�M� >�,/�J�J�t�Q�,?�,?�)�M�>�.;�.A�.A�$��.J�.J�+�N�O�O�� >� >� >��3�4�4�#�=�� >�� A�*�>�:�:�K�K��8�>�*� A� A� A��6�7�7�S�@�� A�� D��Z��,�,�F�F�� D� D� D��;��;�;�<�<�!�C�� D��&�$�'�'� N��L�M�M�M� B�&��7�7�G�G��8�>�*� B� B� B��7�8�8�c�A�� B�� A�(��8�8�I�I��8�>�*� A� A� A��6�7�7�S�@�� A�� :�:sx�2B� B*�B%�%B*�.B>�>C)�C$�$C)�-D� D$�D�D$�E�F�2F�F�F�G�1G�Grprmrqc��|�t|t��r|jg} |d}n#t$rt d��d�wxYw|r|�||vrt d��t|t��r|j}|j}nN |�|��}n"#t$r} t d��| �d} ~ wwxYw|� |��}|� |||��std��dS)NrRzAlgorithm not specifiedz&The specified alg value is not allowedrAzSignature verification failed)r4rr\r9rrr'rDrBrf�verifyr) r&rprmrqr'rrRr1�prepared_keyrCs r(r�zPyJWS._verify_signature+sF��*�S�%�"8�"8��,�-�J� M��-�C�C�� M� M� M�'�(A�B�B��L� M�� R�z�-�#�Z�2G�2G�'�(P�Q�Q�Q��c�5�!�!� 4��m�G��7�L�L� N��4�4�S�9�9��&� N� N� N�+�,E�F�F�A�M�� N��"�.�.�s�3�3�L��~�~�m�\�9�E�E� I�'�(G�H�H�H� I� Is!�*�A�B� B9�$B4�4B9c�H�d|vr|�|d��dSdS)N�kid)� _validate_kid)r&rJs r(r_zPyJWS._validate_headersJs3��G��w�u�~�.�.�.�.�.��r*r�c�N�t|t��std��dS)Nz(Key ID header parameter must be a string)r4r0r)r&r�s r(r�zPyJWS._validate_kidNs0��#�s�#�#� P�#�$N�O�O�O� P� Pr*)NN)rrrrrr)rr+)r/r0r1rrr)r/r0rr)rr<)r?r0rr)NNNFT)rErFr'rGrHrIrJrrKrLrMrNrOrNrr0)rsNNN)rtrur'rvrrrrrwrxrry)rtrur'rvrrrrrwrxrr)rtrurry)rtrurr�)rsN)rprFrmryrqrFr'rvrrrr)rJryrr)r�rrr)�__name__� __module__�__qualname__r^r)�staticmethodr%r7r;r>rDrcr�rhr�r�r�r_r�r.r*r(rrs��J�,0�)-�B�B�B�B�B�&�*�*�*��\�*�%�%�%�%�(�(�(�(�&�&�&�&�H�H�H�H�*!%�)-�6:�$)�!�K.�K.�K.�K.�K.�`8:�+/�)-�)-� , �, �, �, �, �b8:�+/�)-�)-� "�"�"�"�"�, � � � �$;�$;�$;�$;�V8:�+/� I�I�I�I�I�>/�/�/�/�P�P�P�P�P�Pr*r)%� __future__rr�rar~�collections.abcr�typingrrrrr r r�api_jwkr� exceptionsr rrr�utilsrrrrrr�_jws_global_objrcr�rhr7r;rDr�r.r*r(�<module>r�s��"�"�"�"�"�"��$�$�$�$�$�$�%�%�%�%�%�%�%�%��6�5�5�5�5�5�5�5�,�,�,�,�,�,��B�A�A�A�A�A�A�A�A�sP�sP�sP�sP�sP�sP�sP�sP�l �%�'�'�� !�1�� $�7��&�;��'�=��'�=��r*