PǻiUddlmZddlZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZmZmZddlmZddlmZmZddlmZmZmZmZmZmZm Z m!Z!m"Z" dd l#m$Z$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+dd l,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEddlFmGZGmHZHmIZImJZJmKZKmLZLmMZMejdk\rddl mOZOnddlPmOZOee>e@fZQdeRd<ee3e5fZSdeRd<ee;ee3e;e8fZVdeRd<ee@e5e ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kc4tttjttjttjd}t r<|j ttjttjttjttjtttjtttjtttjtttjtttjttjttjtd |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rVrWrXrNrYrOrQrPrSrTrUrR) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmr$r#r%r&RSAPSSAlgorithm OKPAlgorithm)default_algorithmss L/opt/lhia/marcimex/agent/venv/lib/python3.12/site-packages/jwt/algorithms.pyget_default_algorithmsrls  }334}334}334 0!!%l&9&9:%l&9&9:%l&9&9:$[%7%7C%k&8&8)D$[%7%7C$[%7%7C$&& ))?)?@()?)?@()?)?@%  & ceZdZUdZdZded<ddZddZeddZ eddZ edd Z e e edd Ze e e d dd Ze eddd Ze edd ZddZy) AlgorithmzH The interface for an algorithm used to sign and verify tokens. Nz$tuple[type[AllowedKeys], ...] | None_crypto_key_typescft|dd}|ttrxt|trht |t jrNt j|t}|j|t|jSt||jS)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrd isinstancetype issubclassr HashAlgorithmHashrrebytesfinalizedigest)selfbytestrrrr}s rkcompute_hash_digestzAlgorithm.compute_hash_digests4T2  % % 8T*8V%9%9:[[_5FGF MM' "*+ +'*1134 4rmctr |j tdt||jsSd|jD}|jj }|jj }t d|d|d|y)acCheck that the key belongs to the right cryptographic family. Note that this method only works when ``cryptography`` is installed. :param key: Potentially a cryptography key :type key: :py:data:`PublicKeyTypes ` | :py:data:`PrivateKeyTypes ` :raises ValueError: if ``cryptography`` is not installed, or this method is called by a non-cryptography algorithm :raises InvalidKeyError: if the key doesn't match the expected key classes NzhThis method requires the cryptography library, and should only be used by cryptography-based algorithms.c34K|]}|jywN)__name__).0clss rk z2Algorithm.check_crypto_key_type..sLcS\\LszExpected one of z, got: z. Invalid Key type for )rdrp ValueErrorrv __class__rr)r~key valid_classes actual_class self_classs rkcheck_crypto_key_typezAlgorithm.check_crypto_key_typesT33;z #t556LT5K5KLM==11L00J!"=/F]^h]ij  7rmcy)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nr~rs rk prepare_keyzAlgorithm.prepare_keyrmcy)zn Returns a digital signature for the specified message using the specified key value. Nrr~msgrs rksignzAlgorithm.signrrmcy)zz Verifies that the specified digital signature is valid for the specified message and key values. Nrr~rrsigs rkverifyzAlgorithm.verifyrrmcyrrkey_objas_dicts rkto_jwkzAlgorithm.to_jwks BErmcyrrrs rkrzAlgorithm.to_jwks rmcy)z3 Serializes a given key into a JWK Nrrs rkrzAlgorithm.to_jwkrrmcy)zJ Deserializes a given key from JWK back into a key object Nrjwks rkfrom_jwkzAlgorithm.from_jwk rrmcy)z Return a warning message if the key is below the minimum recommended length for this algorithm, or None if adequate. Nrrs rkcheck_key_lengthzAlgorithm.check_key_lengths rm)rr{returnr{)rz PublicKeyTypes | PrivateKeyTypesrNone)rrrr)rr{rrrr{)rr{rrrr{rbool)rrr Literal[True]rrF)rrrLiteral[False]rstr)rrrrr JWKDict | str)r str | JWKDictrr)rrr str | None)r __module__ __qualname____doc__rp__annotations__rrrrrrr staticmethodrrrrrmrkroros ?C;B5,.      DE 05-     rmrocNeZdZdZddZd dZd dZed d dZed dZ y)r_zZ Placeholder for use when no signing or verification operations are required. c.|dk(rd}| td|S)NrIz*When alg = "none", key value must be None.rrs rkrzNoneAlgorithm.prepare_key s$ "9C ?!"NO O rmcy)Nrmrrs rkrzNoneAlgorithm.sign)srmcy)NFrrs rkrzNoneAlgorithm.verify,srmctrrurs rkrzNoneAlgorithm.to_jwk/ !##rmctrrrs rkrzNoneAlgorithm.from_jwk3rrmN)rrrr)rr{rrrr{)rr{rrrr{rrr)rrrrrr )rrrr ) rrrrrrrrrrrrmrkr_r_s> $$$$rmr_ceZdZUdZej Zded<ejZ ded<ejZ ded<ddZ ddZ eeddZeeddd Zeddd Zedd Zdd Zdd ZddZy)r`zf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rarbrcc||_yrrrr~rrs rk__init__zHMACAlgorithm.__init__Bs   rmc^t|}t|s t|r td|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrr)r~r key_bytess rkrzHMACAlgorithm.prepare_keyEs5$  #z)'<!9  rmcyrrrs rkrzHMACAlgorithm.to_jwkPsILrmcyrrrs rkrzHMACAlgorithm.to_jwkTsNQrmc~tt|jdd}|r|Stj|S)Noct)kkty)rrdecodejsondumps)rrrs rkrzHMACAlgorithm.to_jwkXs<"+g"67>>@  J::c? "rmc t|trtj|}nt|tr|}nt |jddk7r t dt|dS#t $r t ddwxYw)NKey is not valid JSONrrzNot an HMAC keyr) rvrrloadsdictrrgetr)robjs rkrzHMACAlgorithm.from_jwkds E#s##zz#C&   775>U "!"34 4C))  E!"9: D Es ?A..Bc|jj}t||kr;dt|d|d|jjj dSy)NzThe HMAC key is z> bytes long, which is below the minimum recommended length of z bytes for z. See RFC 7518 Section 3.2.)rr digest_sizelennameupper)r~r min_lengths rkrzHMACAlgorithm.check_key_lengthuse]]_00 s8j "3s8*-55?L ==?''--/01,-  rmc`tj|||jjSr)hmacnewrrr}rs rkrzHMACAlgorithm.signs"xxS$--07799rmcNtj||j||Sr)rcompare_digestrrs rkrzHMACAlgorithm.verifys ""3 #s(;<rr2r<r0rr=rr)r~rr public_key private_keys rkrzRSAAlgorithm.prepare_keys#t556NC00cE3<0 @AA#C(I '' 31DY1OJ..z: j993G!D4K..{; {;;  !4Y!?J..z: j99"$89 )B   s**7995<<>*7995<<>+GLL9@@B+GLL9@@B+GLL9@@B (+!002! (z*7995<<>*7995<<> &&CDD zz#&rmc : t|trtj|}nt|tr|}nt |jddk7r t ddd|vrTd|vrOd|vrJd|vr t d gd }|Dcgc]}||v}}t|}|rt|s t d dtt|dt|d}|rjtt|dt|d t|d t|dt|dt|d|}|j'St|d}t|j||j\} } t|| | t!|| t#|| t%| | |}|j'Sd|vr6d|vr2tt|dt|dj)St d#t $r t ddwxYwcc}w)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrz@RSA key must include all parameters if any are present besides drrrrr)rrrrrrrr)rvrrrrrrranyallr3rr1r7rrr4r5r6rr) rr other_propsprop props_foundany_props_foundrrrrrs rkrzRSAAlgorithm.from_jwks: Ic3'**S/CT*C$$wwu~&%&67TAczcSjSCZC<)O; 7BCtts{C C"%k"2"3{+;)Z "2'C1'C1" #/-c#h7-c#h7-c#h70T;0T;0T;'5G2**,,,CH5A4&((!^-=-=DAq0)!Q/)!Q/)!Q/'5G**,,s ''C1'C1*, &&CDD{ I%&=>DH IDs?G? H?Hcl|j|tj|j}|Sr)rr!PKCS1v15rrr~rr signatures rkrzRSAAlgorithm.sign:s)"xxW-=-=-?QI rmc |j||tj|jy#t$rYywxYw)NTF)rr!rrrrrs rkrzRSAAlgorithm.verify>s=  3W%5%5%7I#  s47 AAN)rrtype[hashes.HashAlgorithm]rr)rrBrr)rzAllowedRSAKeys | str | bytesrrB)rrBrrrrr)rrBrrrr)rrBrrrr)rrrrBrr{rr0rr{rr{rr2rr{rr)rrrrr rarrbrcr tuplerwrEr r r0r2rprrrrrrrrrrrrmrkrfrfs 8>}}4D7=}}4D7=}}4D ${#S( ) U=,67 8 (, }+ %  <  S  S  X  X $ ' $ 'L E E E EN  rmrfcFeZdZUdZej Zded<ejZded<ejZded<e e e e dfe eeefZ d ddZdd Zdd Zdd Zdd Zeedd ZeedddZedddZeddZy)rgzr Performs signing and verification operations using ECDSA and the specified hash function rrarbrc.Nc ||_||_yr)rrexpected_curve)r~rrrs rkrzECAlgorithm.__init__Ts %DM"0D rmc|jyt|j|js:td|jjd|jjdy)z9Validate that the key's curve matches the expected curve.NzThe key's curve 'z%' does not match the expected curve 'z' for this algorithm)rrvcurverrrs rk_validate_curvezECAlgorithm._validate_curve\sg""*cii)<)<=%' '78"116677KM>rmc&t||jr#tt|}|j ||St|t t fs tdt|} |jdr t|}n t|}|j|tt|}|j ||S#t$rDt|d}|j|tt |}|j ||cYSwxYw)Nrs ecdsa-sha2-r)rvrpr rCrr{rrrrr>r=rr*rr<r()r~rec_keyrr ec_public_keyrec_private_keys rkrzECAlgorithm.prepare_keygs#t556mS1$$V, cE3<0 @AA#C(I  &''71DY1OJ!4Y!?J**:6 $%;Z H $$]3$$ &29tL **;7!%&={!K$$^4%%  &s'ACA DDc|j|t|j}t||jSr)rr"rrrr)r~rrder_sigs rkrzECAlgorithm.signs.hhsE$--/$:;G'; ;rmc t||j} t|tr|j n|}|j ||t|jy#t$rYywxYw#t$rYywxYw)NFT) rrrrvr(rrr"rrr)r~rrrr%rs rkrzECAlgorithm.verifys .sCII> "#'>?NN$ !!'3dmmo0FG  $  s#A&A A5& A21A25 BBcyrrrs rkrzECAlgorithm.to_jwksORrmcyrrrs rkrzECAlgorithm.to_jwksTWrmct|tr|jj}n,t|tr|j}n t dt|j trd}not|j trd}nRt|j trd}n5t|j trd}nt d|j d|t|j|j jjt|j|j jjd }t|trJt|j!j"|j jj|d <|r|St%j&|S) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rvr(rrr*rrr$r%r&r#rr2rrr3r private_valuerr)rrrr1rs rkrzECAlgorithm.to_jwksf'#:;!(!3!3!5!D!D!FG%;DH Is ?JJr)rrrrztype[EllipticCurve] | Nonerr)rrCrr)rzAllowedECKeys | str | bytesrrC)rr{rr(rr{)rr{rrCrr{rr)rrCrrrrr)rrCrrrr)rrCrrrr)rrrrC)rrrrr rarrbrcr rrwrEr r r(r*rprrrrrrrrrrrmrkrgrgEs 8>}}4D7=}}4D7=}}4D ${#S( ) U24JJK L :> 10 17 1  1  &@ <  "  R  R  W  W ) ' ) 'V G  G rmrgc eZdZdZddZddZy)rhzA Performs a signature using RSASSA-PSS with MGF1 c |j|tjtj|j |j j |j }|S)Nmgf salt_length)rr!PSSMGF1rrrrs rkrzRSAPSSAlgorithm.sign sS"xx  T]]_5 $  ; ;   I rmc  |j||tjtj|j |j j |j y#t $rYywxYw)Nr@TF)rr!rCrDrrrrrs rkrzRSAPSSAlgorithm.verify+sh  KK#LL9$(MMO$?$?MMO#  sA0A33 A?>A?Nrr)rrrrrrrrmrkrhrhs   rmrhc eZdZdZeeeedfee e e e e fZd dZd dZ ddZ ddZeeddZeedddZeddd Zedd Zy )riz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. .c yrr)r~kwargss rkrzOKPAlgorithm.__init__Ms rmct|ttfs|j||St|tr|j dn|}t|tr|j dn|}d|vr t |}n1d|vrt|d}n|dddk(r t|}n td|j|td |S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-rrD) rvrr{rrencoder=r<r>rr )r~rkey_strr loaded_keys rkrzOKPAlgorithm.prepare_keyPscC<0**3/ -7U-Ccjj)G/9#s/C 7+I#g-0; %01)dK 1'0; %&CDD  & &z 2(*5 5rmcnt|tr|jdn|}|j|}|S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes rJ)rvrrLr)r~rr msg_bytesrs rkrzOKPAlgorithm.signfs10:#s/C 7+I"xx 2I rmc$ t|tr|jdn|}t|tr|jdn|}t|ttfr|j n|}|j ||y#t$rYywxYw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rJTF)rvrrLr.r,rrr)r~rrrrP sig_bytesrs rkrzOKPAlgorithm.verifyts 3=c33GCJJw/S 3=c33GCJJw/S "#(9?'KLNN$ !!)Y7#  sBB BBcyrrrrs rkrzOKPAlgorithm.to_jwksLOrmcyrrrTs rkrzOKPAlgorithm.to_jwksQTrmcFt|ttfr|jtj t j }t|trdnd}tt|jd|d}|r|Stj|St|ttfr|jtj tj t!}|j#jtj t j }t|trdnd}tt|jtt|jd|d}|r|Stj|St%d) N)encodingformatEd25519Ed448OKP)r2rr1)rWrXencryption_algorithm)r2rrr1r)rvr/r- public_bytesr8Rawr;rrrrrr.r, private_bytesr:r9rr)rrr2r1rrs rkrzOKPAlgorithm.to_jwks\# 0.AB$$%\\'++%$.c3C#Di'*+a.9@@B  J::c?*# 1?CD%%%\\(,,)5& NN$11%\\'++2 $.c3D#Ei7)+a.9@@B)+a.9@@B  J::c?*!"?@ @rmc t|trtj|}nt|tr|}nt |jddk7r t d|jd}|dk7r|dk7rt d|d |vr t d t|jd } d |vr/|dk(rtj|Stj|St|jd }|dk(rtj|Stj|S#t $r t ddwxYw#t $r}t d |d}~wwxYw) Nrrr[zNot an Octet Key Pairr1rYrZr.r2zOKP should have "x" parameterrzInvalid key parameter)rvrrrrrrrrr/from_public_bytesr-r.from_private_bytesr,)rrrr2rerrs rkrzOKPAlgorithm.from_jwksZ Ic3'**S/CT*C$$wwu~&%&=>>GGENE !ew&6%w&?@@#~%&EFF .A Hc> )/AA!DD);;A>>$SWWS\2I%,??BB&99!<<- I%&=>DH I. H%&=>CG Hs5?D/3EE&3EE/E E" EE"N)rHrrr)rzAllowedOKPKeys | str | bytesrrD)rrrz#Ed25519PrivateKey | Ed448PrivateKeyrr{)rrrrDrrrr)rrDrrrrr)rrDrrrr)rrDrrrr)rrrrD)rrrrr rrwrEr r r.r/r,r-rprrrrrrrrrrmrkriri:s ! ${#S( ) %$#"$     6, " )L    " )7 >I   4  O  O  T  T , A , A\  H  Hrmri)rzdict[str, Algorithm])i __future__rrrrossysabcrrtypingrrrr r r r r r exceptionsrtypesrrutilsrrrrrrrrrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr!,cryptography.hazmat.primitives.asymmetric.ecr"r#r$r%r&r'r(r)r*r+/cryptography.hazmat.primitives.asymmetric.ed448r,r-1cryptography.hazmat.primitives.asymmetric.ed25519r.r/-cryptography.hazmat.primitives.asymmetric.rsar0r1r2r3r4r5r6r7,cryptography.hazmat.primitives.serializationr8r9r:r;r<r=r> version_inforAtyping_extensionsrBrrCrDrErFrGrgetenv/cryptography.hazmat.primitives.asymmetric.typesrJrKrdModuleNotFoundErrorrMrequires_cryptographyrlror_r`rfrgrhrirrmrkr{s2" #   ('   VN<5A       7"$ 0!&m\&A BNIB$%<>T%TUM9U %+_nL!NI#>=.#PQKQ$).0A?R% $),.>N$yYRYY~r:; J  DiiX$I$lHylHg u  7" +NMNKJ sC8F00/G"!G"