U ]7@sdZddlZddlZddlZddlZddlZddlmZmZm Z m Z m Z m Z Gddde ZGddde jZGdd d e jZGd d d e jZGd d d e ZedkreedS)zJSON Web Signature.N)b64errors json_utiljwajwkutilc@s,eZdZdZdZeddZeddZdS) MediaTypez MediaType field encoder/decoder.z application/cCs(d|kr$d|krtd|j|S|S)zDecoder./;zUnexpected semi-colon)rDeserializationErrorPREFIXclsvaluer,/usr/lib/python3/dist-packages/josepy/jws.pydecodes   zMediaType.decodecCs.d|kr*||jst|t|jdS|S)zEncoder.r N) startswithr AssertionErrorlenr rrrencodeszMediaType.encodeN)__name__ __module__ __qualname____doc__r classmethodrrrrrrr s  rc@seZdZdZejdejjddZ ejdddZ ejde j jddZ ejdddZ ejd ddZejd dd d Zejd ejddZejdejddZejdejejddZejdejejddZejddd d ZddZddZddZejddZejddZejddZdS)Headera6JOSE Header. .. warning:: This class supports **only** Registered Header Parameter Names (as defined in section 4.1 of the protocol). If you need Public Header Parameter Names (4.2) or Private Header Parameter Names (4.3), you must subclass and override :meth:`from_json` and :meth:`to_partial_json` appropriately. .. warning:: This class does not support any extensions through the "crit" (Critical) Header Parameter (4.1.11) and as a conforming implementation, :meth:`from_json` treats its occurrence as an error. Please subclass if you seek for a different behaviour. :ivar x5tS256: "x5t#S256" :ivar str typ: MIME Media Type, inc. :const:`MediaType.PREFIX`. :ivar str cty: Content-Type, inc. :const:`MediaType.PREFIX`. algT)decoder omitemptyjku)rrkidx5ux5crrdefaultx5tzx5t#S256typ)encoderrrctycritcstfddtjDS)z4Fields that would not be omitted in the JSON object.c3s0|](\}}|t|s|t|fVqdSN)Zomitgetattr).0nameZfieldselfrr Nsz%Header.not_omitted..)dictsixZ iteritems_fieldsr/rr/r not_omittedLs  zHeader.not_omittedcCs^t|t|s tdt||}|}t||rFtd||t|f|S)NzHeader cannot be added to: {0}z+Addition of overlapping headers not defined) isinstancetype TypeErrorformatr5set intersectionupdate)r0otherZnot_omitted_selfZnot_omitted_otherrrr__add__Rs zHeader.__add__cCs|jdkrtd|jS)zFind key based on header. .. todo:: Supports only "jwk" header parameter lookup. :returns: (Public) key found in the header. :rtype: .JWK :raises josepy.errors.Error: if key could not be found Nz No key found)rrErrorr/rrrfind_key`s  zHeader.find_keycCstddS)Nz("crit" is not supported, please subclass)rr )Z unused_valuerrrr*osz Header.critcCsdd|DS)NcSs&g|]}ttjtjj|jqSr)base64 b64encodeOpenSSLcryptoZdump_certificate FILETYPE_ASN1wrappedr-Zcertrrr ys  zHeader.x5c..rrrrrr#wsz Header.x5cc CsJztdd|DWStjjk rD}zt|W5d}~XYnXdS)Nc ss,|]$}ttjtjjt|VqdSr+)rZComparableX509rCrDZload_certificaterErA b64decoderGrrrr1s  zHeader.x5c..)tuplerCrDr?rr )rerrorrrrr#|s  N)rrrrrFieldr JWASignature from_jsonrr rJWKr!r"r#decode_b64joser&Zx5tS256rrrr'r)r*r5r>r@rr(rrrrr&sN    rcseZdZdZeZdZejddddZ ejddeej dZ ejd ej ej d Ze jd d Z e jd d Z fddZeddZeddZdddZedefddZfddZefddZZS) SignatureaJWS Signature. :ivar combined: Combined Header (protected and unprotected, :class:`Header`). :ivar unicode protected: JWS protected header (Jose Base-64 decoded). :ivar header: JWS Unprotected Header (:class:`Header`). :ivar str signature: The signature. )combined protectedTr$header)rr%r signature)rr(cCst|dSNutf-8)rencode_b64joserrIrrrrTszSignature.protectedcCst|dSrX)rrQrrIrrrrTsc s8d|kr||}tt|jf||jjdk s4tdS)NrS)_with_combinedsuperrR__init__rSrr)r0kwargs __class__rrr]s zSignature.__init__cCsZd|ks t|d|jdj}|d|jdj}|rJ||j|}n|}||d<|S)NrSrVrT)rgetr4r% header_cls json_loads)rr^rVrTrSrrrr[s zSignature._with_combinedcCst|ddt|S)NrY.)rrBr)rrTpayloadrrr_msgszSignature._msgNcCs8|dkr|jn|}|jjj|j|j||j|dS)zEVerify. :param JWK key: Key used for verification. N)keysigmsg)rSr@rverifyrgrWrfrT)r0rergrrrrjs  zSignature.verifyc Kst||jst|}||d<|r,||d<t||jjsBt||jjsTti}|D]} | |kr\|| || <q\|r|jf| } nd} |jf|} | |j | | |} || | | dS)z;Sign. :param JWK key: Key for signature. rrrU)rTrVrW) r6ktyr public_keyr:issubsetrbr4popZ json_dumpssignrgrf) rrergrZ include_jwkprotectr^Z header_paramsZprotected_paramsrVrTrWrrrros"  zSignature.signcs$tt|}|ds |d=|S)NrV)r\rRfields_to_partial_jsonr5)r0fieldsr_rrrqs z Signature.fields_to_partial_jsoncs8tt||}||}d|dkr4td|S)NrrSzalg not present)r\rRfields_from_jsonr[r5rr )rjobjrrZfields_with_combinedr_rrrss   zSignature.fields_from_json)N)rrrrrrb __slots__rrMrTrOrVrQrZrWr(rr]rr[rfrj frozensetrorqrs __classcell__rrr_rrRs@        rRc@sdeZdZdZdZeZdddZeddZ e dd Z d d Z ed d Z dddZeddZdS)JWSzgJSON Web Signature. :ivar str payload: JWS Payload. :ivar str signature: JWS Signatures. re signaturesNcstfddjDS)Verify.c3s|]}|jVqdSr+)rjrer-rhrgr0rrr1szJWS.verify..)allrz)r0rgrr}rrjsz JWS.verifycKs |||jjfd|i|fdS)Sign.rery) signature_clsro)rrer^rrrroszJWS.signcCst|jdkst|jdS)zPGet a singleton signature. :rtype: :class:`JWS.signature_cls` r)rrzrr/rrrrW sz JWS.signaturecCs\t|jdkstd|jjks&tt|jj ddt|j dt|jjS)z7Compact serialization. :rtype: bytes rrrYrd) rrzrrWrVr5rrBrTrrer/rrr to_compacts  zJWS.to_compactcCshz|d\}}}Wntk r2tdYnX|jt|dt|d}|t||fdS)zACompact deserialization. :param bytes compact: rdzOCompact JWS serialization should comprise of exactly 3 dot-separated componentsrY)rTrWry)split ValueErrorrr rrrJr)rcompactrTrerWrhrrr from_compact)s zJWS.from_compactTcCsR|js tt|j}|rBt|jdkrB|jd}||d<|S||jdSdS)Nrrrery)rzrrrZrerto_partial_json)r0ZflatreZretrrrr<s  zJWS.to_partial_jsoncsvd|krd|krtdnVd|krFt|dj|fdSt|dtfdd|dDdSdS)NrWrzzFlat mixed with non-flatreryc3s|]}j|VqdSr+)rrOr|rrrr1Ssz JWS.from_json..)rr rrQrnrrOrK)rrtrrrrOJs   z JWS.from_json)N)T)rrrrrurRrrjrropropertyrWrrrrOrrrrrxs     rxc@sZeZdZdZeddZeddZeddZedd Zed d Z edd dZ d S)CLIzJWS CLI.cCs|jj|j}|j|jdkr.g|_|jr@|jdt j t j  ||jt|jd}|jrt|dnt|dS)rNr)rergrrprY)rrkloadrgreadcloserprappendrxrosysstdinrr:r3print_rrZjson_dumps_pretty)rargsrgrhrrrroZs   zCLI.signc Cs|jrttj}nJzttj}Wn4tj k rd}zt |WYdSd}~XYnX|j dk r|j dk s~t|j |j }|j nd}tj|j|j|d S)r{N)rg)rrxrrrrrrcrr?r3rrgrkrrrlrstdoutwritererj)rrrhrLrgrrrrjls   z CLI.verifycCs tj|Sr+)rrNrOrargrrr _alg_typesz CLI._alg_typecCs|tjjkst|Sr+)rRrbr4rrrrr _header_typeszCLI._header_typecCs|tjjksttjj|Sr+)rrPZTYPESrrrrr _kty_typesz CLI._kty_typeNcCs|dkrtjdd}t}|jddd|}|d}|j|jd|jdd t d d d |jd d|j t j d|jddd|j d|d}|j|jd|jdd t d dd |jd|jdd ||}||S)z Parse arguments and sign/verify.Nrz --compact store_true)actionro)funcz-kz--keyrbT)r7Zrequiredz-az--alg)r7r%z-pz --protectr)rr7rjFz--kty)rargvargparseArgumentParser add_argumentZadd_subparsersZ add_parserZ set_defaultsroZFileTyperrZRS256rrjr parse_argsr)rrparserZ subparsersZ parser_signZ parser_verifyZparsedrrrrunsP   zCLI.run)N) rrrrrrorjrrrrrrrrrWs     r__main__)rrrArrCr3ZjosepyrrrrrrobjectrZJSONObjectWithFieldsrrRrxrrexitrrrrrs `r_V