U Ha@sddlZddlZddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZGdddeZGdddeZdS)N)datetime)timezone)Decimal)Real) _CompactJSON) base64_decode) base64_encode) want_bytes)BadData) BadHeader) BadPayload) BadSignature)SignatureExpired) Serializer) HMACAlgorithm) NoneAlgorithmcseZdZdZeejeejeeje dZ dZ e Z dfdd Zdfdd Zd d Zd d ZdddZddZdddZdddZdddZZS)JSONWebSignatureSerializerzThis serializer implements JSON Web Signature (JWS) support. Only supports the JWS Compact Serialization. .. deprecated:: 2.0 Will be removed in ItsDangerous 2.1. Use a dedicated library such as authlib. )ZHS256ZHS384HS512nonerNcsLtjdtddtj||||||d|dkr6|j}||_|||_dS)NzsJWS support is deprecated and will be removed in ItsDangerous 2.1. Use a dedicated JWS/JWT library such as authlib.) stacklevel)salt serializerserializer_kwargssigner signer_kwargs) warningswarnDeprecationWarningsuper__init__default_algorithmalgorithm_namemake_algorithm algorithm)self secret_keyrrrrrr# __class__4/tmp/pip-unpacked-wheel-4vz609l6/itsdangerous/jws.pyr!,s"  z#JSONWebSignatureSerializer.__init__Fc st|}d|krtd|dd\}}z t|}Wn.tk rb}ztd|dW5d}~XYnXz t|}Wn.tk r}ztd|dW5d}~XYnXztj|td} Wn.t k r}ztd|dW5d}~XYnXt | t std | d tj||d}|r|| fS|S) N.zNo "." found in valuerz:Could not base64 decode the header because of an exception)original_errorz;Could not base64 decode the payload because of an exception)rz5Could not unserialize header because it was malformedz#Header payload is not a JSON object)header) r r splitr Exceptionr r load_payloadrr isinstancedict) r&payloadr return_headerbase64d_headerbase64d_payloadZ json_headereZ json_payloadr.r(r*r+r1Ls>    z'JSONWebSignatureSerializer.load_payloadcCs8t|jj|f|j}t|jj|f|j}|d|S)Nr,)r rdumpsr)r&r.objr6r7r*r*r+ dump_payloadvsz'JSONWebSignatureSerializer.dump_payloadcCs.z |j|WStk r(tdYnXdS)NzAlgorithm not supported)jws_algorithmsKeyErrorNotImplementedError)r&r#r*r*r+r$s z)JSONWebSignatureSerializer.make_algorithmcCsB|dkr|j}|dkrdnd}|dkr,|j}|j|j|d||dS)Nr.)rsepkey_derivationr%)rr%rZ secret_keys)r&rr%rAr*r*r+ make_signersz&JSONWebSignatureSerializer.make_signercCs|r |ni}|j|d<|S)Nalg)copyr#)r& header_fieldsr.r*r*r+ make_headers z&JSONWebSignatureSerializer.make_headercCs*||}|||j}||||S)zLike :meth:`.Serializer.dumps` but creates a JSON Web Signature. It also allows for specifying additional fields to be included in the JWS header. )rFrBr%signr;)r&r:rrEr.rr*r*r+r9s z JSONWebSignatureSerializer.dumpscCsT|j|||jt|dd\}}|d|jkrDtd||d|rP||fS|S)z{Reverse of :meth:`dumps`. If requested via ``return_header`` it will return a tuple of payload and header. Tr5rCzAlgorithm mismatch)r.r4)r1rBr%Zunsignr getr#r )r&srr5r4r.r*r*r+loadss z JSONWebSignatureSerializer.loadscCsd|i}|||||S)Nr5)Z_loads_unsafe_impl)r&rJrr5kwargsr*r*r+ loads_unsafesz'JSONWebSignatureSerializer.loads_unsafe)NNNNNN)NF)NN)NN)NF)NF)__name__ __module__ __qualname____doc__rhashlibsha256sha384sha512rr<r"rZdefault_serializerr!r1r;r$rBrFr9rKrM __classcell__r*r*r(r+rs.  *   rcsPeZdZdZdZdfdd ZfddZdfd d Zd d Zd dZ Z S)TimedJSONWebSignatureSerializeraWorks like the regular :class:`JSONWebSignatureSerializer` but also records the time of the signing and can be used to expire signatures. JWS currently does not specify this behavior but it mentions a possible extension like this in the spec. Expiry date is encoded into the header similar to what's specified in `draft-ietf-oauth -json-web-token `_. iNc s(tj|f||dkr|j}||_dSN)r r!DEFAULT_EXPIRES_IN expires_in)r&r'rZrLr(r*r+r!sz(TimedJSONWebSignatureSerializer.__init__cs2t|}|}||j}||d<||d<|S)Niatexp)r rFnowrZ)r&rEr.r[r\r(r*r+rFs   z+TimedJSONWebSignatureSerializer.make_headerFcstj||dd\}}d|kr*td|dtd|d}zt|d|d<Wntk rb|YnX|ddkrt||d|krtd|||d |r||fS|S) NTrHr\zMissing expiry date)r4zExpiry date is not an IntDaterzSignature expired)r4Z date_signed) r rKrr int ValueErrorr]rget_issue_date)r&rJrr5r4r.Zint_date_errorr(r*r+rKs&    z%TimedJSONWebSignatureSerializer.loadscCs0|d}t|ttfr,tjt|tjdSdS)aRIf the header contains the ``iat`` field, return the date the signature was issued, as a timezone-aware :class:`datetime.datetime` in UTC. .. versionchanged:: 2.0 The timestamp is returned as a timezone-aware ``datetime`` in UTC rather than a naive ``datetime`` assumed to be UTC. r[)tzN) rIr2rrr fromtimestampr^rutc)r&r.rvr*r*r+r`s z.TimedJSONWebSignatureSerializer.get_issue_datecCs ttSrX)r^time)r&r*r*r+r]sz#TimedJSONWebSignatureSerializer.now)N)NF) rNrOrPrQrYr!rFrKr`r]rVr*r*r(r+rWs  rW)rRrerrrdecimalrZnumbersr_jsonrencodingrr r excr r r rrrrrrrrrWr*r*r*r+s*                $