3 e@sddlZddlZddlZddlmZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZGdddeZGdddeZdS)N)datetime)timezone)Decimal)Real) _CompactJSON) base64_decode) base64_encode) want_bytes)BadData) BadHeader) BadPayload) BadSignature)SignatureExpired) Serializer) HMACAlgorithm) NoneAlgorithmcseZdZdZeejeejeeje dZ dZ e Z dfdd Zdfdd Zd d Zd d ZdddZddZdddZdddZdddZZS)JSONWebSignatureSerializerzThis serializer implements JSON Web Signature (JWS) support. Only supports the JWS Compact Serialization. .. deprecated:: 2.0 Will be removed in ItsDangerous 2.1. Use a dedicated library such as authlib. )ZHS256ZHS384HS512nonerNcsLtjdtddtj||||||d|dkr6|j}||_|j||_dS)NzsJWS support is deprecated and will be removed in ItsDangerous 2.1. Use a dedicated JWS/JWT library such as authlib.) stacklevel)salt serializerserializer_kwargssigner signer_kwargs) warningswarnDeprecationWarningsuper__init__default_algorithmalgorithm_namemake_algorithm algorithm)self secret_keyrrrrrr#) __class__8/tmp/pip-build-3irwxpxt/itsdangerous/itsdangerous/jws.pyr!,s z#JSONWebSignatureSerializer.__init__Fc .st|}d|krtd|jdd\}}y t|}Wn.tk rb}ztd|dWYdd}~XnXy t|}Wn.tk r}ztd|dWYdd}~XnXytj|td} Wn.t k r}ztd|dWYdd}~XnXt | t std | d tj||d}|r|| fS|S) N.zNo "." found in valuerz:Could not base64 decode the header because of an exception)original_errorz;Could not base64 decode the payload because of an exception)rz5Could not unserialize header because it was malformedz#Header payload is not a JSON object)header) r r splitr Exceptionr r load_payloadrr isinstancedict) r&payloadr return_headerbase64d_headerbase64d_payloadZ json_headereZ json_payloadr-)r(r)r*r0Ls8    z'JSONWebSignatureSerializer.load_payloadcCs8t|jj|f|j}t|jj|f|j}|d|S)Nr+)r rdumpsr)r&r-objr5r6r)r)r* dump_payloadvs z'JSONWebSignatureSerializer.dump_payloadc Cs,y |j|Stk r&tdYnXdS)NzAlgorithm not supported)jws_algorithmsKeyErrorNotImplementedError)r&r#r)r)r*r$s z)JSONWebSignatureSerializer.make_algorithmcCsB|dkr|j}|dkrdnd}|dkr,|j}|j|j|d||dS)Nr.)rsepkey_derivationr%)rr%rZ secret_keys)r&rr%r@r)r)r* make_signersz&JSONWebSignatureSerializer.make_signercCs|r |jni}|j|d<|S)Nalg)copyr#)r& header_fieldsr-r)r)r* make_headers z&JSONWebSignatureSerializer.make_headercCs*|j|}|j||j}|j|j||S)zLike :meth:`.Serializer.dumps` but creates a JSON Web Signature. It also allows for specifying additional fields to be included in the JWS header. )rErAr%signr:)r&r9rrDr-rr)r)r*r8s z JSONWebSignatureSerializer.dumpscCsT|j|j||jjt|dd\}}|jd|jkrDtd||d|rP||fS|S)z{Reverse of :meth:`dumps`. If requested via ``return_header`` it will return a tuple of payload and header. T)r4rBzAlgorithm mismatch)r-r3)r0rAr%Zunsignr getr#r )r&srr4r3r-r)r)r*loadss z JSONWebSignatureSerializer.loadscCsd|i}|j||||S)Nr4)Z_loads_unsafe_impl)r&rHrr4kwargsr)r)r* loads_unsafesz'JSONWebSignatureSerializer.loads_unsafe)NNNNNN)NF)NN)NN)NF)NF)__name__ __module__ __qualname____doc__rhashlibsha256sha384sha512rr;r"rZdefault_serializerr!r0r:r$rArEr8rIrK __classcell__r)r))r(r*rs* *   rcsPeZdZdZdZdfdd ZfddZdfd d Zd d Zd dZ Z S)TimedJSONWebSignatureSerializeraWorks like the regular :class:`JSONWebSignatureSerializer` but also records the time of the signing and can be used to expire signatures. JWS currently does not specify this behavior but it mentions a possible extension like this in the spec. Expiry date is encoded into the header similar to what's specified in `draft-ietf-oauth -json-web-token `_. iNc s(tj|f||dkr|j}||_dS)N)r r!DEFAULT_EXPIRES_IN expires_in)r&r'rWrJ)r(r)r*r!sz(TimedJSONWebSignatureSerializer.__init__cs2tj|}|j}||j}||d<||d<|S)Niatexp)r rEnowrW)r&rDr-rXrY)r(r)r*rEs   z+TimedJSONWebSignatureSerializer.make_headerFc stj||dd\}}d|kr*td|dtd|d}yt|d|d<Wntk rb|YnX|ddkrt||d|jkrtd||j|d |r||fS|S) NT)r4rYzMissing expiry date)r3zExpiry date is not an IntDaterzSignature expired)r3Z date_signed) r rIrr int ValueErrorrZrget_issue_date)r&rHrr4r3r-Zint_date_error)r(r)r*rIs$    z%TimedJSONWebSignatureSerializer.loadscCs0|jd}t|ttfr,tjt|tjdSdS)aRIf the header contains the ``iat`` field, return the date the signature was issued, as a timezone-aware :class:`datetime.datetime` in UTC. .. versionchanged:: 2.0 The timestamp is returned as a timezone-aware ``datetime`` in UTC rather than a naive ``datetime`` assumed to be UTC. rX)tzN) rGr1rrr fromtimestampr[rutc)r&r-rvr)r)r*r]s z.TimedJSONWebSignatureSerializer.get_issue_datecCs ttjS)N)r[time)r&r)r)r*rZsz#TimedJSONWebSignatureSerializer.now)N)NF) rLrMrNrOrVr!rErIr]rZrTr)r))r(r*rUs  rU)rPrbrrrdecimalrZnumbersr_jsonrencodingrr r excr r r rrrrrrrrrUr)r)r)r*s*                $