dd1.ddlmZddlZddlZddlmZddlmZddlmZm Z m Z ddl m Z m Z ddlmZdd lmZmZmZmZmZmZmZdd lmZe rdd lmZmZGd d ZeZej<Zej>Zej@Z y)) annotationsN)timegm)Iterable)datetime timedeltatimezone) TYPE_CHECKINGAny)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeysceZdZdddZeddZ d ddZ d ddZ d ddZddZ d ddZ d dd Z dd Z dd Z dd Z dd Z ddZd dZy)!PyJWTNc>|i}i|j||_yN)_get_default_optionsoptions)selfrs -/usr/lib/python3/dist-packages/jwt/api_jwt.py__init__zPyJWT.__init__s& ?G'Q$*C*C*E'Q'Q cddddddgdS)NT)verify_signature verify_exp verify_nbf verify_iat verify_aud verify_issrequirer)r rrzPyJWT._get_default_options s#!%  r cBt|ts td|j}dD]A}t|j |t s#t ||j||<C|j|||}tj||||||S)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)headers json_encoder) sort_headers) isinstancedict TypeErrorcopygetrr utctimetuple_encode_payloadr encode) rpayloadkey algorithmr.r/r0 time_claim json_payloads rr8z PyJWT.encode,s'4(,  ,,./ QJ'++j18<&,WZ-@-M-M-O&P # Q ++ %, ~~     %   r cPtj|d|jdS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsr8)rr9r.r/s rr7zPyJWT._encode_payloadRs)zz !  &/  r c  | r4tjdt| jtt |xsi}|j dd|#||dk7rtjdt|dsZ|j dd|j dd|j d d|j d d|j d d|dr |s td tj||||| } |j| } i|j|} |j| | ||| | | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r"TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryr#Fr$r%r&r'z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r: algorithmsrdetached_payload)audienceissuerleewayr9)warningswarntuplekeysrr2 setdefaultDeprecationWarningr r decode_complete_decode_payloadr_validate_claims)rjwtr:rGrverifyrHrIrJrKkwargsdecodedr9merged_optionss rrRzPyJWT.decode_completedsk$  MM'',V[[]';&<>'   w}"%-t4  &G4F,G"G MMY,  )*   |U 3   |U 3   |U 3   |U 3   |U 3 % &zn )) !-  &&w/4DLL4G4  ^hvf  % r c tj|d}t |t s td|S#t$r}td|d}~wwxYw)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r9zInvalid payload string: Nz-Invalid payload string: must be a json object)rCloads ValueErrorr r1r2)rrXr9es rrSzPyJWT._decode_payloads\ >jj!34G'4(MN N  > 8<= = >s7 AAAc | r4tjdt| jt|j |||||||||  } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )rVrHrIrJrKr9)rLrMrNrOrrR) rrUr:rGrrVrHrIrJrKrWrXs rdecodez PyJWT.decodesr$  MM'',V[[]';&<>'   &&    -'  y!!r ct|tr|j}|!t|ttfs t d|j ||tjtjj}d|vr|dr|j|||d|vr|dr|j|||d|vr|dr|j||||d r|j|||d r|j!||yy) Nz+audience must be a string, iterable or None)tzr,r%r-r$r+r#r'r&)r1r total_secondsstrrr3_validate_required_claimsrnowrutc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_aud)rr9rrIrJrKres rrTzPyJWT._validate_claimss fi ())+F   8c8_(MIJ J &&w8llhll+557 G  5   wV 4 G  5   wV 4 G  5   wV 4 <   w / <   w 1 !r cP|dD]}|j|t|y)Nr()r5r)rr9rclaims rrdzPyJWT._validate_required_claimss2 Y' 7E{{5!)/66 7r cx t|d}|||zkDr tdy#t$r tdwxYw)Nr,z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intr\rr)rr9rerKr,s rrhzPyJWT._validate_iat sT  Tgen%C #, ()KL L  T&'RS S T$9cx t|d}|||zkDr tdy#t$r tdwxYw)Nr-z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rpr\r r)rr9rerKr-s rrizPyJWT._validate_nbfsT  Lgen%C #, ()KL L  LJK K Lrqcx t|d}|||z kr tdy#t$r tdwxYw)Nr+z/Expiration Time claim (exp) must be an integer.zSignature has expired)rpr\r r)rr9rerKr+s rrjzPyJWT._validate_exp$sT  Tgen%C 3< '(?@ @ ! TRS S Trqc`|d|vs|dsytdd|vs|ds td|dttrgtts tdt dDr tdt|tr|g}t fd|Dr tdy)NaudzInvalid audiencezInvalid claim format in tokenc3>K|]}t|t ywr)r1rc).0cs r z&PyJWT._validate_aud..Is?!:a%%?sc3&K|]}|v ywrr))rwruaudience_claimss rryz&PyJWT._validate_aud..Os>cs/)>szAudience doesn't match)rrr1rclistanyall)rr9rIr{s @rrlzPyJWT._validate_aud2s  G#75>''9: :  wu~,E2 2!%. os +./O/40&'FG G ?? ?&'FG G h $ zH >X> >&'?@ @ ?r cN|yd|vr td|d|k7r tdy)NisszInvalid issuer)rr)rr9rJs rrkzPyJWT._validate_issRs: >   +E2 2 5>V #$%56 6 $r r)rdict[str, Any] | NonereturnNone)rzdict[str, bool | list[str]])HS256NNT)r9dict[str, Any]r:z AllowedPrivateKeys | str | bytesr; str | Noner.rr/type[json.JSONEncoder] | Noner0boolrrc)NN)r9rr.rr/rrbytes)NNNNNNr)rU str | bytesr:AllowedPublicKeys | str | bytesrGlist[str] | NonerrrV bool | NonerH bytes | NonerIstr | Iterable[str] | NonerJrrKfloat | timedeltarWr rr)rXrrr )rUrr:rrGrrrrVrrHrrIrrJrrKrrWr rr )NNr)r9rrrrKrrr)r9rrrrr)r9rrefloatrKrrr)r9rrIrrr)r9rrJr rr)__name__ __module__ __qualname__r staticmethodrr8r7rRrSr_rTrdrhrirjrlrkr)r rrrsR     !()-6:!$ $ .$  $ ' $ 4 $ $  $ R*.6: '4   *02'+)-")-04!$%C C-C% C ' CC'C-CC"C !C" #CJ&02'+)-")-04!$%$" $"-$"% $" ' $"$"'$"-$"$""$" !$"" #$"T$% 22 2 " 2 2B77 7  7 M M M M  M M M M M  M A A A A  AAA-A  A@7r r)! __future__rrCrLcalendarrcollections.abcrrrrtypingr r rr exceptionsr rrrrrrrrGrrr_jwt_global_objr8rRr_r)r rrsq" $22%-A@7@7F '   !11   r