1 iUddlmZddlZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZmZddlmZddlmZmZddlmZmZmZmZmZmZm Z m!Z!m"Z" dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+dd l,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEddlFmGZGmHZHmIZImJZJmKZKmLZLmMZMejNdkrddl mOZOnddlPmOZOee>e@fZQdeRd<ee3e5fZSdeRd<ee;ee3e;e8fZVdeRd<ee@e5e ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kreturndict[str, Algorithm]cXtttjttjttjd}t rI|ttjttjttjttjtttjtttjtttjtttjtttjttjttjtd |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rVrWrXrNrYrOrQrPrSrTrUrR) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmr$r#r%r&RSAPSSAlgorithm OKPAlgorithm)default_algorithmss C:\Users\Dell Inspiron 16\Desktop\tws\AgrotaPowerBi\back-agrota-powerbi\mcp-client-agrota\venv\Lib\site-packages\jwt/algorithms.pyget_default_algorithmsrns( }344}344}344 00 !!%l&9::%l&9::%l&9::$[%7CC%k&8)DD$[%7CC$[%7CC$& ))?@@()?@@()?@@%     & cHeZdZUdZdZded<d$dZd%d Zed&dZ ed'dZ ed(dZ e e ed)dZe e e d*d+dZe ed*d,dZe ed-d!Zd.d#ZdS)/ AlgorithmzH The interface for an algorithm used to sign and verify tokens. Nz$tuple[type[AllowedKeys], ...] | None_crypto_key_typesbytestrbytesrZct|dd}|ttrt|trzt |t jr`t j|t}| |t| St|| S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrf isinstancetype issubclassr HashAlgorithmHashrrgrtfinalizedigest)selfrsrvrs rmcompute_hash_digestzAlgorithm.compute_hash_digests4T22  % %  58T** 58V%9:: 5 [_5F5FGGGF MM' " " "**++ +'**113344 4rokey PublicKeyTypes | PrivateKeyTypesNonectr|jtdt||jsAd|jD}|jj}|jj}t d|d|d|dS)acCheck that the key belongs to the right cryptographic family. Note that this method only works when ``cryptography`` is installed. :param key: Potentially a cryptography key :type key: :py:data:`PublicKeyTypes ` | :py:data:`PrivateKeyTypes ` :raises ValueError: if ``cryptography`` is not installed, or this method is called by a non-cryptography algorithm :raises InvalidKeyError: if the key doesn't match the expected key classes NzhThis method requires the cryptography library, and should only be used by cryptography-based algorithms.c3$K|] }|jV dSN)__name__).0clss rm z2Algorithm.check_crypto_key_type..s$LLcS\LLLLLLrozExpected one of z, got: z. Invalid Key type for )rfrr ValueErrorrz __class__rr)rr valid_classes actual_class self_classs rmcheck_crypto_key_typezAlgorithm.check_crypto_key_types T3;z #t566 LLT5KLLLM=1L0J!j=jjjj^hjj    rorcdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nrrs rm prepare_keyzAlgorithm.prepare_keyromsgcdS)zn Returns a digital signature for the specified message using the specified key value. Nrrrrs rmsignzAlgorithm.signrrosigboolcdS)zz Verifies that the specified digital signature is valid for the specified message and key values. Nrrrrrs rmverifyzAlgorithm.verifyrrokey_objas_dict Literal[True]rcdSrrrrs rmto_jwkzAlgorithm.to_jwks BEroFLiteral[False]strcdSrrrs rmrzAlgorithm.to_jwks cro JWKDict | strcdS)z3 Serializes a given key into a JWK Nrrs rmrzAlgorithm.to_jwkrrojwk str | JWKDictcdS)zJ Deserializes a given key from JWK back into a key object Nrrs rmfrom_jwkzAlgorithm.from_jwk rro str | NonecdS)z Return a warning message if the key is below the minimum recommended length for this algorithm, or None if adequate. Nrrs rmcheck_key_lengthzAlgorithm.check_key_lengths tro)rsrtrZrt)rrrZr)rrrZr)rrtrrrZrt)rrtrrrrtrZr)rrrrrZrF)rrrrrZr)rrrrrZr)rrrZr)rrrZr)r __module__ __qualname____doc__rr__annotations__rrrrrrr staticmethodrrrrrormrqrqs ?CBBBB5555,.   ^    ^    ^ DDD^\XE 05^\X    ^\    ^\ rorqc\eZdZdZddZdd Zdd ZedddZeddZ dS)razZ Placeholder for use when no signing or verification operations are required. rrrZrc8|dkrd}|td|S)NrIz*When alg = "none", key value must be None.rrs rmrzNoneAlgorithm.prepare_key s) "99C ?!"NOO O rorrtcdS)Nrorrs rmrzNoneAlgorithm.sign)ssrorrcdS)NFrrs rmrzNoneAlgorithm.verify,suroFrrrr ctrryrs rmrzNoneAlgorithm.to_jwk/!###rorrctrrrs rmrzNoneAlgorithm.from_jwk3rroN)rrrZr)rrtrrrZrt)rrtrrrrtrZrr)rrrrrZr )rrrZr ) rrrrrrrrrrrrormraras $$$$\$$$$\$$$roraceZdZUdZejZded<ejZ ded<ej Z ded<d%d Z d&dZ eed'dZeed(d)dZed(d*dZed+dZd,dZd-d!Zd.d#Zd$S)/rbzf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rcrdrervrrZrc||_dSrrvrrvs rm__init__zHMACAlgorithm.__init__Bs   ror str | bytesrtc~t|}t|st|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrr)rr key_bytess rmrzHMACAlgorithm.prepare_keyEsM$$  # # z)'<'< !9  rorrrrcdSrrrs rmrzHMACAlgorithm.to_jwkPsILroFrrcdSrrrs rmrzHMACAlgorithm.to_jwkTsNQcrorrctt|dd}|r|Stj|S)Noct)kkty)rrdecodejsondumps)rrrs rmrzHMACAlgorithm.to_jwkXsO"+g"6"677>>@@    #J:c?? "rorrcN t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt dt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rzrrloadsdictrrgetr)robjs rmrzHMACAlgorithm.from_jwkds E#s## !#z#C&& !   E E E!"9:: D E 775>>U " "!"344 4C))) A A A'rc|j}t||krBdt|d|d|jdSdS)NzThe HMAC key is z> bytes long, which is below the minimum recommended length of z bytes for z. See RFC 7518 Section 3.2.)rv digest_sizelennameupper)rr min_lengths rmrzHMACAlgorithm.check_key_lengthus|]]__0 s88j -3s88--5?--==??'--//---  trorc\tj|||jSr)hmacnewrvrrs rmrzHMACAlgorithm.signs$xS$-0077999rorcTtj||||Sr)rcompare_digestrrs rmrzHMACAlgorithm.verifys#"3 #s(;(;<<rr2r<r0rr=rr)rrr public_key private_keys rmrzRSAAlgorithm.prepare_keysu#t566 1NC000cE3<00 B @AAA#C((I '' 33 <1DY1O1OJ..z::: j9993G!D444K..{;;; {;;;    !4Y!?!?J..z::: j99999"$89   )B   s+&A C/4:C// E:8D52E5"EErrrrcdSrrrs rmrzRSAAlgorithm.to_jwksPSPSroFrrcdSrrrs rmrzRSAAlgorithm.to_jwksUXUXrorrc d}t|drM|}ddgt|jjt|jjt|jt|jt|j t|j t|j t|j d }nt|dre|}ddgt|jt|jd}ntd|r|Stj|S)Nprivate_numbersRSAr) rkey_opsnedpqdpdqqir)rrrrNot a public or private key)hasattrrrpublic_numbersrrrrrrdmp1dmq1iqmprrr)rrrnumberss rmrzRSAAlgorithm.to_jwks)-Cw 122 E!1133! &x*7+A+CDDKKMM*7+A+CDDKKMM*7955<<>>*7955<<>>*7955<<>>+GL99@@BB+GL99@@BB+GL99@@BB  (++ E!0022! (z*7955<<>>*7955<<>> &&CDDD ' z#&rorrc > t|trtj| nt|tr| nt n#t $rt ddwxYw ddkrt ddd vrd vrd vrd vrt d gd } fd |D}t|}|rt|st d dtt dt d}|rtt dt d t dt dt dt d|}nst d}t|j||j\}}t|||t!||t#||t%|||}|Sd vrLd vrHtt dt dSt d)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcg|]}|vSrr)rproprs rm z)RSAAlgorithm.from_jwk.. sCCCtts{CCCroz@RSA key must include all parameters if any are present besides drrrrr)rrrr r r r r)rzrrrrrrranyallr3rr1r7rrr4r5r6rr) r other_props props_foundany_props_foundr r rrrrs @rmrzRSAAlgorithm.from_jwks Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~&&%&677TAczzcSjjSCZZC<<)O;:: CCCC{CCC "%k"2"2" 3{+;+; )Z "2'C11'C11"" #/-c#h77-c#h77-c#h770T;;0T;;0T;;'5GG,CH55A4&(!^-=DAq0)!Q//)!Q//)!Q//'5G**,,,s ''C11'C11*,, &&CDDDs A A A(rrtr0cz||tj|}|Sr)rr!PKCS1v15rvrrr signatures rmrzRSAAlgorithm.sign:s."xxW-=-?-?QQI ror2rc |||tj|dS#t$rYdSwxYw)NTF)rr!rrvrrs rmrzRSAAlgorithm.verify>sW  3W%5%7%7IIIt#   uu s;? A  A N)rvrrZr)rrBrZr)rrrZrB)rrBrrrZrr)rrBrrrZr)rrBrrrZr)rrrZrBrrtrr0rZrtrrtrr2rrtrZr)rrrrr rcrrdrer tupler{rEr r r0r2rrrrrrrrrrrrrrormrhrhs  8>}DDDD7=}DDDD7=}DDDD D ${#S( ) HU=,67 8 8  (, ++++ % % % %        <  SSS  S  XXXX  X $ '$ '$ '$ ' $ 'L E EE EE E E EN          rorhcbeZdZUdZejZded<ejZded<ejZded<e e e e dfe eeefZ d)d*dZd+dZd,dZd-dZd.dZeed/dZeed0d1d#Zed0d2d%Zed3d(ZdS)4rizr Performs signing and verification operations using ECDSA and the specified hash function rrcrdre.Nrvrexpected_curvetype[EllipticCurve] | NonerZrc"||_||_dSr)rvr!)rrvr!s rmrzECAlgorithm.__init__Ts %DM"0D   rorrCc|jdSt|j|js*td|jjd|jjddS)z9Validate that the key's curve matches the expected curve.NzThe key's curve 'z%' does not match the expected curve 'z' for this algorithm)r!rzcurverrrs rm_validate_curvezECAlgorithm._validate_curve\sv"*ci)<== %M MM"16MMM  roAllowedECKeys | str | bytesct||jr,tt|}|||St|t t fstdt|} | drt|}nt|}| |tt|}|||S#t$rUt|d}| |tt |}|||cYSwxYw)Nrs ecdsa-sha2-r)rzrrr rCr&rtrrrrr>r=rr*rr<r()rrec_keyrr ec_public_keyrec_private_keys rmrzECAlgorithm.prepare_keygs[#t566 mS11$$V,,, cE3<00 B @AAA#C((I  &''77@1DY1O1OJJ!4Y!?!?J**:666 $%;Z H H $$]333$$ & & &29tLLL **;777!%&={!K!K$$^444%%%%  &s=A4C22AEErrtr(c||t|}t||jSr)rr"rvrr%)rrrder_sigs rmrzECAlgorithm.signs7hhsE$--//$:$:;;G';; ;rorrc< t||j}n#t$rYdSwxYw t|tr|n|}|||t|dS#t$rYdSwxYw)NFT) rr%rrzr(rrr"rvr)rrrrr-rs rmrzECAlgorithm.verifys .sCI>>   uu  "#'>??CNN$$$ !!'3dmmoo0F0FGGGt#   uu s &&A!B BBrrrrcdSrrrs rmrzECAlgorithm.to_jwksORsroFrrcdSrrrs rmrzECAlgorithm.to_jwksTWTWrorct|tr'|}n9t|tr|}nt dt|jtrd}nnt|jtrd}nQt|jtrd}n4t|jtrd}nt d|jd|t|j |jj t|j|jj d }t|trGt|j|jj |d <|r|St%j|S) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rzr(rr r*rr%r$r%r&r#rr:rrr;r private_valuerr)rrr r9rs rmrzECAlgorithm.to_jwks'#:;; E!(!3!3!5!5!D!D!F!FG%;<< E!(!7!7!9!9%&CDDD'-33 IGM955 IGM955 IGM955 I!%&G &G&GHHH&"$&}5&((&"$&}5&(( # #C'#:;; ,++--;&}5&((C  ' z#&rorrc t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt ddd|vsd|vrt ddt|d}t|d}|d}|dkrJt|t|cxkrd krnnt}nt d d|d krIt|t|cxkrd krnnt}nt d d|dkrIt|t|cxkrdkrnnt}npt dd|dkrHt|t|cxkrd krnnt}n!t dt d|tt|dt|d|}d|vr|St|d}t|t|krt dt||t%t|d|S)Nrrr7zNot an Elliptic curve keyr:r;r9r2 z)Coords should be 32 bytes for curve P-256r30z)Coords should be 48 bytes for curve P-384r4Bz)Coords should be 66 bytes for curve P-521r5z-Coords should be 32 bytes for curve secp256k1r6big) byteorder)r:r;r%rz!D should be {} bytes for curve {})rzrrrrrrrrrr$r%r&r#r+int from_bytesrr)r)rrr:r;r% curve_objr rs rmrzECAlgorithm.from_jwksg Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~%%%&ABBL#~~C%&ABBL ..A ..AGGENNEq66SVV))))r))))) ) II)C '!!q66SVV))))r))))) ) II)C '!!q66SVV))))r))))) ) II)C +%%q66SVV))))r))))) ) II)G&&?&?&?@@@7..e.44..e.44N #~~%00222 ..A1vvQ%7Q/qE22Nkmm rr)rvrr!r"rZr)rrCrZr)rr'rZrC)rrtrr(rZrt)rrtrrCrrtrZr)rrCrrrZrr)rrCrrrZr)rrCrrrZr)rrrZrC)rrrrr rcrrdrer rr{rEr r r(r*rrrr&rrrrrrrrrormririEs  8>}DDDD7=}DDDD7=}DDDD D ${#S( ) HU24JJK L L  :> 1 1 1 1 1     & & & &@ < < < <     "  RRR  R  WWWW  W ) ') ') ') ' ) 'V G G G  G G G roric"eZdZdZd dZdd Zd S)rjzA Performs a signature using RSASSA-PSS with MGF1 rrtrr0rZc ||tjtj||j|}|S)Nmgf salt_length)rr!PSSMGF1rvrrs rmrzRSAPSSAlgorithm.sign sd"xx  T]]__55 $  ;    I ror2rrc  |||tjtj||j|dS#t $rYdSwxYw)NrHTF)rr!rKrLrvrrrs rmrzRSAPSSAlgorithm.verify+s  K#L99$(MMOO$?MMOOt#   uu sA9A== B  B Nrr)rrrrrrrrormrjrjsF            rorjc eZdZdZeeeedfee e e e e fZd"dZd#d Zd$dZd%dZeed&dZeed'd(dZed'd)dZed*d Zd!S)+rkz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. .kwargsrrZrc dSrr)rrOs rmrzOKPAlgorithm.__init__Ms DrorAllowedOKPKeys | str | bytesrDct|ttfs|||St|tr|dn|}t|tr|dn|}d|vrt |}nCd|vrt|d}n-|dddkrt|}ntd||td |S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-rrD) rzrrtrrencoder=r<r>rr )rrkey_strr loaded_keys rmrzOKPAlgorithm.prepare_keyPscC<00 **3/// -7U-C-CLcjj)))G/9#s/C/CL 7+++I#g--0;; %001)dKKK 1''0;; %&CDDD  & &z 2 2 2(*55 5rorr#Ed25519PrivateKey | Ed448PrivateKeyrtct|tr|dn|}||}|S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes rS)rzrrUr)rrr msg_bytesrs rmrzOKPAlgorithm.signfs@0:#s/C/CL 7+++I"xx 22I rorrcj t|tr|dn|}t|tr|dn|}t|ttfr|n|}|||dS#t$rYdSwxYw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rSTF)rzrrUr.r,rrr)rrrrrZ sig_bytesrs rmrzOKPAlgorithm.verifyts 3=c33G3GPCJJw///S 3=c33G3GPCJJw///S "#(9?'KLLCNN$$$ !!)Y777t#   uu sB B$$ B21B2rrrcdSrrrrs rmrzOKPAlgorithm.to_jwksLOCroFrrcdSrrr^s rmrzOKPAlgorithm.to_jwksQTQTrorct|ttfr|tjt j}t|trdnd}tt| d|d}|r|Stj |St|ttfr|tjtjt!}|tjt j}t|trdnd}tt| tt| d|d}|r|Stj |St%d) N)encodingformatEd25519Ed448OKP)r:rr9)rarbencryption_algorithm)r:rrr9r)rzr/r- public_bytesr8Rawr;rrrrrr.r, private_bytesr:r9rr)rrr:r9rrs rmrzOKPAlgorithm.to_jwks# 0.ABB +$$%\'+%$.c3C#D#DQii'*+a..99@@BB  +J:c??*# 1?CDD +%%%\(,)5& NN$$11%\'+2 $.c3D#E#ERii7)+a..99@@BB)+a..99@@BB  +J:c??*!"?@@ @rorrc> t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt d|d}|dkr|dkrt d|d |vrt d t|d } d |vr.|dkrtj |Stj |St|d }|dkrtj |Stj |S#t $r}t d |d}~wwxYw) NrrrezNot an Octet Key Pairr9rcrdr6r:zOKP should have "x" parameterrzInvalid key parameter)rzrrrrrrrrr/from_public_bytesr-r.from_private_bytesr,)rrr%r:rerrs rmrzOKPAlgorithm.from_jwks Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~&&%&=>>>GGENNE !!ew&6&6%&?&?&?@@@#~~%&EFFF ..A Hc>> ))/A!DDD);A>>>$SWWS\\22I%%,?BBB&9!<<< H H H%&=>>CG Hs6A A A';E=E=-;E=)E== FFFN)rOrrZr)rrQrZrD)rrrrXrZrt)rrrrDrrrZr)rrDrrrZrr)rrDrrrZr)rrDrrrZr)rrrZrD)rrrrr rr{rEr r r.r/r,r-rrrrrrrrrrrrormrkrk:sP  !D ${#S( ) H%$#"$          6 6 6 6,        4  OOO  O  TTTT  T , A, A, A, A , A\  H H H  H H Hrork)rZr[)i __future__rrrrossysabcrrtypingrrrr r r r r r exceptionsrtypesrrutilsrrrrrrrrrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr!,cryptography.hazmat.primitives.asymmetric.ecr"r#r$r%r&r'r(r)r*r+/cryptography.hazmat.primitives.asymmetric.ed448r,r-1cryptography.hazmat.primitives.asymmetric.ed25519r.r/-cryptography.hazmat.primitives.asymmetric.rsar0r1r2r3r4r5r6r7,cryptography.hazmat.primitives.serializationr8r9r:r;r<r=r> version_inforAtyping_extensionsrBrrCrDrErFrGrgetenv/cryptography.hazmat.primitives.asymmetric.typesrJrKrfModuleNotFoundErrorrMrequires_cryptographyrnrqrarbrhrirjrkrrormrs""""""" ########                      ('''''''''''''                      VNNNNNNNN<<<<<<555555AAAAAA                                             7""$$$$$$$ 0/////!&m\&A BNBBBB$%<>T%TUMUUUU %+_nL!N#>=.#PQKQQQQ$).0A?R%$),.>N$ YRY~r::;;         JJ    7""       ++++++NMNKJJJ     DiiiiiiiiX$$$$$I$$$lHlHlHlHlHylHlHlHlHlHg _ H_ HsDE''+FF