~ht-ddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z dd lm Z dd l m Z dd l m Z dd l mZd dlmZd dlmZGddZdZdZdZy))json_b64encode)to_bytes) to_unicode)urlsafe_b64encode)BadSignatureError) DecodeError)InvalidHeaderParameterNameError)MissingAlgorithmError)UnsupportedAlgorithmError) ensure_dict)extract_header)extract_segment) JWSHeader) JWSObjectcxeZdZegdZiZddZedZdZ ddZ dZ ddZ d Z dd Zd Zd Zd Zy)JsonWebSignature) algjkujwkkidx5ux5cx5tzx5t#S256typctycritNc ||_||_yN)_private_headers _algorithms)self algorithmsprivate_headerss T/opt/mcp/mcp-sentiment/venv/lib/python3.12/site-packages/authlib/jose/rfc7515/jws.py__init__zJsonWebSignature.__init__'s /%ct|r|jdk7rtd|||j|j<y)NJWSzInvalid algorithm for JWS, )algorithm_type ValueErrorALGORITHMS_REGISTRYname)cls algorithms r%register_algorithmz#JsonWebSignature.register_algorithm+s9I44=:9-HI I2; /r'c>t|d}|j||j|||\}}t|j}t t |}dj||g}t |j||} dj||| gS)a"Generate a JWS Compact Serialization. The JWS Compact Serialization represents digitally signed or MACed content as a compact, URL-safe string, per `Section 7.1`_. .. code-block:: text BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) :param protected: A dict of protected header :param payload: A bytes/string of payload :param key: Private key used to generate signature :return: byte N.) r_validate_private_headers_prepare_algorithm_keyr protectedrrjoinsign) r"r5payloadkey jws_headerr/protected_segmentpayload_segment signing_input signatures r%serialize_compactz"JsonWebSignature.serialize_compact1s y$/  &&y144YM 3*:+?+?@+HW,=> #4o"FG %inn]C&HI yy+_iHIIr'c t|}|jdd\}}|jdd\}}t |} t | d} t|} |r|| } t|} t| | d} |j| | |\}}|j|| |r| St| #t$r}t d|d}~wwxYw)aExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 r2rzNot enough segmentsNcompact) rrsplitsplitr+r_extract_headerr_extract_payload_extract_signaturerr4verifyr)r"sr9decoder=signature_segmentr;r<excr5r:r8r>rvr/s r%deserialize_compactz$JsonWebSignature.deserialize_compactMs > A/0xxa/@ ,M,1>1D1DT11M . $$56 y$/ "?3 WoG&'89 z7I 644Z#N 3   M9c :I## >34# = >s5B11 C : CC ctfd}t|tr+|tj|}t |d<|S|Dcgc]}|tj|}}t |dScc}w)aGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. c@ j| j|\}}t|j}dj | g}t |j ||}t|t|d}|j|j|d<|S)Nr2)r5r>header) r3r4rr5r6rr7rrP) r:_alg_keyr;r=r>rLr9r8r<r"s r%_signz.JsonWebSignature.serialize_json.._signs  * *: 644Z#NJD$ .z/C/C D  II'8/&JKM)$))M4*HII((9:' 2B  ,)008 Ir'r8)r8 signatures)r isinstancedictr from_dictr) r" header_objr8r9rSdatahrTr<s ` `` @r%serialize_jsonzJsonWebSignature.serialize_jsonos()1  j$ ',,Z89D(9DOK=GHeI//23H H%o6jQQIs"B ct|d}|jd}| tdt|}t |}|r||}d|vr3|j ||||\}}t ||d}|r|St|g} d} |dD]/} |j ||| |\}}| j||r.d} 1t | |d}| r|St|) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r)r8zMissing "payload" valuerTflatTFjson) r getrrrE_validate_json_jwsrrappend) r"objr9rIr<r8r:validrLheadersis_validrXs r%deserialize_jsonz!JsonWebSignature.deserialize_jsons#u%''),  "78 8"?3"?3 WoG s " $ 7 7#s! J:w7B #B' 'l+ !J $ 7 7*c! J NN: &   !w 0 I##r'ct|ttfr|j|||Sd|vr|j|||S|j |||S)aGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r5)rUlisttupler[r?)r"rPr8r9s r% serializezJsonWebSignature.serializesY ftUm ,&&vw< < & &&vw< <%%fgs;;r'ct|tr|j|||St|}|j dr$|j dr|j|||S|j |||S)aDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. {})rUrVrfr startswithendswithrM)r"rHr9rIs r% deserializezJsonWebSignature.deserializesm a ((C8 8 QK << !**T"2((C8 8''377r'c(d|vr t|d}|j||jvr t||jvr t|j|}t |r |||}n | d|vr|d}|j |}||fS)Nrr)r r!r r,callable prepare_key)r"rPr8r9rr/s r%r4z'JsonWebSignature._prepare_algorithm_keys  ') )Um    'Ct7G7G,G+- - d.. .+- -,,S1 C=fg&C [Uf_-C##C(#~r'c|jL|jj}|j|j}|D]}||vst |yyr)r !REGISTERED_HEADER_PARAMETER_NAMEScopyunionr )r"rPnamesks r%r3z*JsonWebSignature._validate_private_headerss^  ,::??AEKK 5 56E =E>9!<< = -r'c|jd}|s td|jd}|s tdt|}t|}|jd}|rt |t s tdt ||} |j| ||\} }dj||g} tt|} | j| | |r| dfS| d fS) Nr5zMissing "protected" valuer>zMissing "signature" valuerPzInvalid "header" valuer2TF) r_rrrDrUrVrr4r6rFrG) r"r<r8rXr9r;rJr5rPr:r/r=r>s r%r`z#JsonWebSignature._validate_json_jwss&NN;7 9: :&NN;7 9: :$%67#$56 ) *VT267 7y&1 44Z#N 3 #4o"FG &x0A'BC   M9c :t# #5  r')NNr)__name__ __module__ __qualname__ frozensetrur,r& classmethodr0r?rMr[rfrjrpr4r3r`r'r%rrse(1 )%"&<< J8 $D,R\0$d<$8*$ =!r'rc"t|tSr)r r)header_segments r%rDrD+s .+ 66r'c$t|tdS)Nr>rr)rJs r%rFrF/s ,k; GGr'c$t|tdS)Nr8r)r<s r%rErE3s ?K CCr'N)authlib.common.encodingrrrrauthlib.jose.errorsrrr r r authlib.jose.utilr r rmodelsrrrrDrFrErr'r%rsM2,.51+?59),-V!V!r7HDr'