3 }:ay4@sdZddlZddlZddlZddlZddlmZmZmZm Z m Z ddl Z ddl mZddlmZddlmZddlmZddlmZdd lmZmZmZejeZGd d d ejejd ZejGd ddeZ ejGdddeZ!ejGdddeZ"dS)z JSON Web Key.N)DictOptionalSequenceTypeUnion)default_backend)hashes) serialization)ec)rsa)errors json_utilutilc@seZdZUdZdZiZeeeffZ e e e Z e e ddddZ eeeeee eeff ejfdd Zejd d Zedd d ZedddZdS)JWKz JSON Web Key.ZktyN,:T)indentZ separatorsZ sort_keyscsJtj|td}|jtjfddjjDfjj |j S)zgCompute JWK Thumbprint. https://tools.ietf.org/html/rfc7638 :returns: bytes )backendcs i|]\}}|jkr||qS)required).0kv)selfr/usr/lib/python3.6/jwk.py 4sz"JWK.thumbprint..) rZHashrupdatejsondumpsZto_jsonitems_thumbprint_json_dumps_paramsencodefinalize)rZ hash_functionZdigestr)rr thumbprint*s zJWK.thumbprintcCs tdS)ziGenerate JWK with public key. For symmetric cryptosystems, this would return ``self``. N)NotImplementedError)rrrr public_key9szJWK.public_keycCs|dkrtn|}i}xVtjtjfD]F}y ||||Stttjjfk rh}z|||<WYdd}~Xq$Xq$WxRtj tj fD]B}y |||Sttjjfk r}z|||<WYdd}~Xq|Xq|Wt j dj |dS)NzUnable to deserialize key: {0})rr Zload_pem_private_keyZload_der_private_key ValueError TypeError cryptography exceptionsZUnsupportedAlgorithmZload_pem_public_keyZload_der_public_keyr Errorformat)clsdatapasswordrr)loadererrorrrr_load_cryptography_keyBs"    zJWK._load_cryptography_keycCsy|j|||}Wn4tjk rF}ztjd|t|dSd}~XnX|jtk rvt||j  rvtjdj |j |j x(|j j D]}t||j r||dSqWtjdj |j dS)aLoad serialized key as JWK. :param str data: Public or private key serialized as PEM or DER. :param str password: Optional password. :param backend: A `.PEMSerializationBackend` and `.DERSerializationBackend` provider. :raises errors.Error: if unable to deserialize, or unsupported JWK algorithm :returns: JWK of an appropriate type. :rtype: `JWK` z,Loading symmetric key, asymmetric failed: %s)keyNz"Unable to deserialize {0} into {1}zUnsupported algorithm: {0})r1r r*loggerdebugJWKOcttypNotImplemented isinstancecryptography_key_typesr+ __class__TYPESvalues)r,r-r.rr2r0Zjwk_clsrrrload\s    zJWK.load)rr)NN)NN)__name__ __module__ __qualname____doc__type_field_namer;rstrrr9rr7rr rrintboolrZSHA256r#abcabstractmethodr% classmethodr1r=rrrrrs   &  r) metaclassc@s>eZdZdZdZd ZdejfZddZ e ddZ d d Z d S) r5zSymmetric JWK.octr2rcCsdtj|jiS)Nr)r encode_b64joser2)rrrrfields_to_partial_jsonszJWKOct.fields_to_partial_jsoncCs|tj|ddS)Nr)r2)r decode_b64jose)r,jobjrrrfields_from_jsonszJWKOct.fields_from_jsoncCs|S)Nr)rrrrr%szJWKOct.public_keyN)r2) r>r?r@rAr6 __slots__rrBrrLrHrOr%rrrrr5|s  r5csteZdZdZdZejejfZdZ de j dfZ fddZ edd Zed d Zd d ZeddZddZZS)JWKRSAzRSA JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` wrapped in :class:`~josepy.util.ComparableRSAKey` ZRSAr2encs>d|kr,t|dtj r,tj|d|d<tj||dS)Nr2)r8rZComparableRSAKeysuper__init__)rargskwargs)r:rrrUs zJWKRSA.__init__cCs0t|jd}tj|d}tj|jd|dS)zOEncode Base64urlUInt. :type data: long :rtype: unicode big) byteorderlength)max bit_lengthmathZceilr rKto_bytes)r,r-r[rrr _encode_paramszJWKRSA._encode_paramc CsFy$tj|}|stjtj|ddStk r@tjYnXdS)zDecode Base64urlUInt.rY)rZN)r rMr DeserializationErrorrD from_bytesr&)r,r-binaryrrr _decode_params zJWKRSA._decode_paramcCst||jjdS)N)r2)typer2r%)rrrrr%szJWKRSA.public_keyc sBfdddD\}}tj||d}dkr>|jt}njd}dks|dks|d ks|d ks|d ks|d krtfd ddD\}}} } } } tdd| Drtjdj| tfdd| D\}}} } } n6tj |||\}}tj ||} tj ||} tj ||} tj |||| | | |jt}|dS)Nc3s|]}j|VqdS)N)rd)rx)r,rNrr sz*JWKRSA.fields_from_json..rSrR)rRrSdpqdpdqqiZothc3s|]}j|VqdS)N)get)rrf)rNrrrgscss|]}|dkr|VqdS)Nr)rZparamrrrrgsz(Some private parameters are missing: {0}c3s|]}j|VqdS)N)rd)rrf)r,rrrgs)r2)rSrR)rirjrkrlrm)r ZRSAPublicNumbersr%rrdtupler r*r+Zrsa_recover_prime_factorsZ rsa_crt_dmp1Z rsa_crt_dmq1Z rsa_crt_iqmpZRSAPrivateNumbers private_key) r,rNrSrRpublic_numbersr2rhrirjrkrlrmZ all_paramsr)r,rNrrOs."    zJWKRSA.fields_from_jsonc s~tjjtjr*jj}|j|jd}n>jj}jj j}|j|j|j |j |j |j |j|jd}fdd|jDS)N)rSrR)rSrRrhrirjrkrlrmcsi|]\}}j||qSr)r`)rr2value)rrrrsz1JWKRSA.fields_to_partial_json..)r8r2_wrappedr RSAPublicKeyrqrSrRprivate_numbersr%rhrirjZdmp1Zdmq1Ziqmpr)rZnumbersparamsprivatepublicr)rrrLs      zJWKRSA.fields_to_partial_json)r2)r>r?r@rAr6r rtZ RSAPrivateKeyr9rPrrBrrUrHr`rdr%rOrL __classcell__rr)r:rrQs     'rQcseZdZdZdZdZejejfZ de j ddfZ fddZ ed d Zed d Zed dZeddZeddZddZeddZddZZS)JWKECzEC JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` wrapped in :class:`~josepy.util.ComparableRSAKey` ZECr2crvrfycs>d|kr,t|dtj r,tj|d|d<tj||dS)Nr2)r8rZComparableECKeyrTrU)rrVrW)r:rrrU s zJWKEC.__init__cCstj|jd|dS)zlEncode Base64urlUInt. :type data: long :type key_size: long :rtype: unicode rY)rZr[)r rKr_)r,r-r[rrrr`szJWKEC._encode_paramc Cs`y>tj|}t||kr2tjdj||t|dtj|ddStk rZtjYnXdS)zDecode Base64urlUInt.ziExpected parameter "{name}" to be {valid_lengths} bytes after base64-decoding; got {length} bytes instead)nameZ valid_lengthsr[rY)rZN) r rMlenr rar+rDrbr&)r,r-r}Z valid_lengthrcrrrrds  zJWKEC._decode_paramcCs0|dkr dS|dkrdS|dkr$dStjdS)NZ secp256r1zP-256Z secp384r1zP-384Z secp521r1zP-521)r SerializationError)r,Z curve_namerrr_curve_name_to_crv+szJWKEC._curve_name_to_crvcCs<|dkrtjS|dkr tjS|dkr0tjStjdS)NzP-256zP-384zP-521)r SECP256R1 SECP384R1 SECP521R1r ra)r,r{rrr _crv_to_curve5szJWKEC._crv_to_curvecCs4t|tjrdSt|tjr dSt|tjr0dSdS)N 0B)r8r rrr)r,curverrrexpected_length_for_curve@s    zJWKEC.expected_length_for_curvecsi}tjjtjr jjn>tjjtjrTjj}jjj|j |d<n t j dj |d<j |d<fdd|jD}jjj|d<|S)NrhzRSupplied key is neither of type EllipticCurvePublicKey nor EllipticCurvePrivateKeyrfr|cs&i|]\}}j|jj|qSr)r`rr)rr2rr)rxrrrrVsz0JWKEC.fields_to_partial_json..r{)r8r2rsr EllipticCurvePublicKeyrqEllipticCurvePrivateKeyrur%Z private_valuer rrfr|rrrr})rrvrwr)rxrrrLIs     zJWKEC.fields_to_partial_jsoncsjd}j|fddd D\}}tj|||d}dkrX|jt}n&jdd}tj||jt}|dS) Nr{c3s |]}j||VqdS)N)rd)rrS)r,expected_lengthrNrrrg_sz)JWKEC.fields_from_json..rfr|)rfr|rrh)r2)rfr|) rrr ZEllipticCurvePublicNumbersr%rrdZEllipticCurvePrivateNumbersrp)r,rNrrfr|rqr2rhr)r,rrNrrOZs  zJWKEC.fields_from_jsoncCs8t|jdr|jj}n|jjjt}t||dS)Nr%)r2)hasattrr2r%rqrre)rr2rrrr%is  zJWKEC.public_key)r2)r>r?r@rAr6rPr rrr9rrBrrUrHr`rdrrrrLrOr%ryrr)r:rrzs     rz)#rArFrZloggingr^ZtypingrrrrrZcryptography.exceptionsr(Zcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrr Z)cryptography.hazmat.primitives.asymmetricr r Zjosepyr r rZ getLoggerr>r3ZTypedJSONObjectWithFieldsABCMetarregisterr5rQrzrrrrs(      gk