3 }:aY7@sdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z GdddZ Gdddej ZGdd d ej ZGd d d ej ZGd d d ZedkreejdS)zJSON Web Signature.N)b64errors json_utiljwajwkutilc@s,eZdZdZdZeddZeddZdS) MediaTypez MediaType field encoder/decoder.z application/cCs(d|kr$d|krtjd|j|S|S)zDecoder./;zUnexpected semi-colon)rDeserializationErrorPREFIX)clsvaluer/usr/lib/python3.6/jws.pydecodes   zMediaType.decodecCs.d|kr*|j|jst|t|jdS|S)zEncoder.r N) startswithr AssertionErrorlen)r rrrrencodeszMediaType.encodeN)__name__ __module__ __qualname____doc__r classmethodrrrrrrr s rc@seZdZdZejdejjddZ ejdddZ ejde j jddZ ejdddZ ejd ddZejd dfd Zejd ejddZejd ejddZejdejejddZejdejejddZejddfd ZddZddZddZejddZejddZejddZdS)Headera6JOSE Header. .. warning:: This class supports **only** Registered Header Parameter Names (as defined in section 4.1 of the protocol). If you need Public Header Parameter Names (4.2) or Private Header Parameter Names (4.3), you must subclass and override :meth:`from_json` and :meth:`to_partial_json` appropriately. .. warning:: This class does not support any extensions through the "crit" (Critical) Header Parameter (4.1.11) and as a conforming implementation, :meth:`from_json` treats its occurrence as an error. Please subclass if you seek for a different behaviour. :ivar x5tS256: "x5t#S256" :ivar str typ: MIME Media Type, inc. :const:`MediaType.PREFIX`. :ivar str cty: Content-Type, inc. :const:`MediaType.PREFIX`. algT)decoder omitemptyjku)rrkidx5ux5c)rdefaultx5tzx5t#S256typ)encoderrrctycritcsfddjjDS)z4Fields that would not be omitted in the JSON object.cs,i|]$\}}|jt|st||qSr)Zomitgetattr).0nameZfield)selfrr Msz&Header.not_omitted..)_fieldsitems)r,r)r,r not_omittedKs zHeader.not_omittedcCs^t|t|s tdjt||j}|j}t|j|rFtd|j|t|f|S)NzHeader cannot be added to: {0}z+Addition of overlapping headers not defined) isinstancetype TypeErrorformatr0set intersectionupdate)r,otherZnot_omitted_selfZnot_omitted_otherrrr__add__Qs  zHeader.__add__cCs|jdkrtjd|jS)zFind key based on header. .. todo:: Supports only "jwk" header parameter lookup. :returns: (Public) key found in the header. :rtype: .JWK :raises josepy.errors.Error: if key could not be found Nz No key found)rrError)r,rrrfind_key_s  zHeader.find_keycCstjddS)Nz("crit" is not supported, please subclass)rr )Z unused_valuerrrr(nsz Header.critcCsdd|DS)NcSs&g|]}tjtjjtjj|jqSr)base64 b64encodeOpenSSLcryptoZdump_certificate FILETYPE_ASN1wrapped)r*certrrr xszHeader.x5c..r)rrrrr"vsz Header.x5ccCsHytdd|DStjjk rB}ztj|WYdd}~XnXdS)Ncss,|]$}tjtjjtjjtj|VqdS)N)rZComparableX509r>r?Zload_certificater@r< b64decode)r*rBrrr ~szHeader.x5c..)tupler>r?r:rr )rerrorrrrr"{s  N)rrrrrFieldr JWASignature from_jsonrrrJWKr r!r"decode_b64joser$Zx5tS256rrrr%r'r(r0r9r;rr&rrrrr%s.    rcseZdZdZeZdZejddddZ ejddeej dZ ejd ej ej d Ze jd d Z e jd d Z fddZeddZeddZdddZedefddZfddZefddZZS) SignatureaJWS Signature. :ivar combined: Combined Header (protected and unprotected, :class:`Header`). :ivar unicode protected: JWS protected header (Jose Base-64 decoded). :ivar header: JWS Unprotected Header (:class:`Header`). :ivar str signature: The signature. combined protectedT)rr#header)rr#r signature)rr&cCstj|jdS)Nzutf-8)rencode_b64joser)rrrrrOszSignature.protectedcCstj|jdS)Nzutf-8)rrLr)rrrrrOsc s4d|kr|j|}tjf||jjdk s0tdS)NrN)_with_combinedsuper__init__rNrr)r,kwargs) __class__rrrVs zSignature.__init__cCsZd|ks t|jd|jdj}|jd|jdj}|rJ||jj|}n|}||d<|S)NrNrQrO)rgetr.r# header_cls json_loads)r rWrQrOrNrrrrTs zSignature._with_combinedcCstj|jddtj|S)Nzutf-8.)rr=r)r rOpayloadrrr_msgszSignature._msgNcCs8|dkr|jjn|}|jjj|j|j|j|j|dS)zEVerify. :param JWK key: Key used for verification. N)keysigmsg)rNr;rverifyr_rRr^rO)r,r]r_rrrrbszSignature.verifyc Kst||jst|}||d<|r,|j|d<t|j|jjsBt|j|jjsTti}x"|D]} | |kr^|j| || <q^W|r|jf|j } nd} |jf|} |j |j |j | |} || | | dS)z;Sign. :param JWK key: Key for signature. rrrP)rOrQrR) r1ktyr public_keyr5issubsetrZr.popZ json_dumpssignr_r^) r r]r_rZ include_jwkprotectrWZ header_paramsZprotected_paramsrQrOrRrrrrgs"   zSignature.signcs tj}|djs|d=|S)NrQ)rUfields_to_partial_jsonr0)r,fields)rXrrris  z Signature.fields_to_partial_jsoncs4tj|}|j|}d|djkr0tjd|S)NrrNzalg not present)rUfields_from_jsonrTr0rr )r jobjrjZfields_with_combined)rXrrrks    zSignature.fields_from_json)rN)N)rrrrrrZ __slots__rrHrOrJrQrLrSrRr&rrVrrTr^rb frozensetrgrirk __classcell__rr)rXrrMs*        rMc@sdeZdZdZdZeZdddZeddZ e d d Z d d Z ed dZ dddZeddZdS)JWSzgJSON Web Signature. :ivar str payload: JWS Payload. :ivar str signature: JWS Signatures. r] signaturesNcstfddjDS)zVerify.c3s|]}|jjVqdS)N)rbr])r*r`)r_r,rrrEszJWS.verify..)allrq)r,r_r)r_r,rrbsz JWS.verifycKs |||jjfd|i|fdS)zSign.r])r]rq) signature_clsrg)r r]rWrrrrgszJWS.signcCst|jdkst|jdS)zPGet a singleton signature. :rtype: :class:`JWS.signature_cls` r)rrqr)r,rrrrR sz JWS.signaturecCs\t|jdkstd|jjjks&ttj|jjj ddtj|j dtj|jjS)z7Compact serialization. :rtype: bytes rtrzutf-8r\) rrqrrRrQr0rr=rOrr])r,rrr to_compacts&zJWS.to_compactc Cshy|jd\}}}Wntk r2tjdYnX|jtj|jdtj|d}|tj||fdS)zACompact deserialization. :param bytes compact: r\zOCompact JWS serialization should comprise of exactly 3 dot-separated componentszutf-8)rOrR)r]rq)split ValueErrorrr rsrrDr)r compactrOr]rRr`rrr from_compact(s zJWS.from_compactTcCsR|js ttj|j}|rBt|jdkrB|jdj}||d<|S||jdSdS)Nrtrr])r]rq)rqrrrSr]rto_partial_json)r,Zflatr]retrrrrz;s  zJWS.to_partial_jsoncsvd|krd|krtjdnVd|krFtj|jdjj|fdStj|dtfdd|dDdSdS)NrRrqzFlat mixed with non-flatr])r]rqc3s|]}jj|VqdS)N)rsrJ)r*r`)r rrrERsz JWS.from_json..)rr rrLrfrsrJrF)r rlr)r rrJIs  z JWS.from_json)r]rq)N)T)rrrrrmrMrsrbrrgpropertyrRruryrzrJrrrrrps     rpc@sZeZdZdZeddZeddZeddZedd Zed d Z edd dZ d S)CLIzJWS CLI.cCs|jjj|jj}|jj|jdkr.g|_|jr@|jjdt j t j jj ||jt|jd}|jr~t|jjdn t|jdS)zSign.Nr)r]r_rrhzutf-8)rrcloadr_readcloserhrxappendrprgsysstdinrr5printrurZjson_dumps_pretty)r argsr_r`rrrrgYs   zCLI.signcCs|jrtjtjjj}n@ytjtjj}Wn*tj k rZ}z t |dSd}~XnX|j dk r|j dk stt |j j|j jj}|j jnd}tjj|j|j|d S)zVerify.rtN)r_)rxrpryrrrrr[rr:rr_rcrr~rdrstdoutwriter]rb)r rr`rGr_rrrrbks  z CLI.verifycCs tjj|S)N)rrIrJ)r argrrr _alg_typesz CLI._alg_typecCs|tjjkst|S)N)rMrZr.r)r rrrr _header_typeszCLI._header_typecCs|tjjksttjj|S)N)rrKZTYPESr)r rrrr _kty_typesz CLI._kty_typeNcCs|dkrtjdd}tj}|jddd|j}|jd}|j|jd|jdd tj d d d |jd d|j t j d|jddd|j d|jd}|j|jd|jdd tj d dd |jd|jdd |j|}|j|S)z Parse arguments and sign/verify.Nrtz --compact store_true)actionrg)funcz-kz--keyrbT)r2Zrequiredz-az--alg)r2r#z-pz --protectr)rr2rbFz--kty)rargvargparseArgumentParser add_argumentZadd_subparsersZ add_parserZ set_defaultsrgZFileTyperrZRS256rrbr parse_argsr)r rparserZ subparsersZ parser_signZ parser_verifyZparsedrrrruns*   zCLI.run)N) rrrrrrgrbrrrrrrrrr}Vs     r}__main__)rrr<rr>ZjosepyrrrrrrrZJSONObjectWithFieldsrrMrpr}rexitrrrrrs `r_V