o

�h�8�@
s�dd
lm
Z

ddlZddlZddlmZ
ddlmZmZ
ddl	m	Z	m
Z
mZ
ddlm
Z
mZ
ddlmZ
dd	lmZmZmZmZmZmZmZmZmZ
dd
lmZ
e
r`ddlmZmZ
ddlm Z 
Gd
d�d�Z!e!�Z"e"j#Z#e"j$Z$e"j%Z%dS)�)
�annotationsN)
�timegm)�Iterable�Sequence)�datetime�	timedelta�timezone)�
TYPE_CHECKING�Any�
)
�api_jws)	�DecodeError�ExpiredSignatureError�ImmatureSignatureError�InvalidAudienceError�InvalidIssuedAtError�InvalidIssuerError�InvalidJTIError�InvalidSubjectError�MissingRequiredClaimError)
�RemovedInPyjwt3Warning)�AllowedPrivateKeys�AllowedPublicKeys)
�PyJWKc@
s�eZ
dZdOdPdd�ZedQd	d
��
Z	
	
	
	dRdSdd�Z	
	
dTdUdd�Z		
	
	
	
	
	
	
	dVdWd1d2�ZdXd4d5�Z			
	
	
	
	
	
	
	dVdYd6d7�Z
	
	
	
	dZd[d8d9�Zd\d:d;�ZdOd]d<d=�Z
d]d>d?�Zd^dBdC�Zd^dDdE�Zd^dFdG�ZdHdI�
d_dKdL�Zd`dMdN�Zd
S)a�PyJWTN�options�dict[str, Any] | None�return�NonecC
s"|
duri}
i|���
|
�
|_
dS�
N)�_get_default_optionsr)�selfr�r"�>/usr/local/CyberCP/lib/python3.10/site-packages/jwt/api_jwt.py�__init__s


zPyJWT.__init__�dict[str, bool | list[str]]c
C
sd
d
d
d
d
d
d
d
gd�	S)NT)	�verify_signature�
verify_exp�
verify_nbf�
verify_iat�
verify_aud�
verify_iss�
verify_sub�
verify_jti�requirer"r"r"r"r#r #s







�zPyJWT._get_default_optionsT�payload�dict[str, Any]�key�(AllowedPrivateKeys | PyJWK | str | bytes�	algorithm�
str | None�headers�json_encoder�type[json.JSONEncoder] | None�sort_headers�bool�strc	C
snt|
t
�s	td
�
�
|
��}
dD]}t|
�|�
t�r#t|
|���
|
|<q|j|
||d�}t	j
||||||d�S)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)�exp�iat�nbf)r5r6)
r8)�
isinstance�dict�	TypeError�copy�getrr�utctimetuple�_encode_payloadr�encode)	r!r/r1r3r5r6r8�
time_claim�json_payloadr"r"r#rE1s,



�

�


�





�zPyJWT.encode�bytescC
stj
|
d
|d��d�
S)z�
        Encode a given payload to the bytes to be signed.

        This method is intended to be overridden by subclasses that need to
        encode the payload in a different way, e.g. compress the payload.
        )�
,�
:)�
separators�clszutf-8)�json�dumpsrE)r!r/r5r6r"r"r#rDWs


��zPyJWT._encode_payload�r
�jwt�str | bytes�'AllowedPublicKeys | PyJWK | str | bytes�
algorithms�Sequence[str] | None�verify�bool | None�detached_payload�bytes | None�audience�str | Iterable[str] | None�issuer�str | Sequence[str] | None�subject�leeway�float | timedelta�kwargsr
cK
s
|rtj
d
t|���
��tdd�
t|pi�
}|�dd�
|du
r/||dkr/tj
dtdd�
|ds]|�dd	�
|�d
d	�
|�dd	�
|�dd	�
|�d
d	�
|�dd	�
|�dd	�
tj	|
||||d�}|�
|�
}
i|j�
|�
}|j|
||||
|	d�
|
|d<|S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: ��
�
stacklevelr&Tz�The `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)�categoryrcr'Fr(r)r*r+r,r-)r1rSrrW)rYr[r^r]r/)
�warnings�warn�tuple�keysrr?�
setdefault�DeprecationWarningr�decode_complete�_decode_payloadr�_validate_claims)r!rPr1rSrrUrWrYr[r]r^r`�decodedr/�merged_optionsr"r"r#rkisV


�
�



�











�







�	
zPyJWT.decode_completernc
C
sRz	t�
|
d
�
}Wnty
}
ztd|���
|�d}~w
wt|t�s'td�
�
|S)a


        Decode the payload from a JWS dictionary (payload, signature, header).

        This method is intended to be overridden by subclasses that need to
        decode the payload in a different way, e.g. decompress compressed
        payloads.
        r/zInvalid payload string: Nz-Invalid payload string: must be a json object)rM�loads�
ValueErrorr
r>r?)r!rnr/�
er"r"r#rl�s


��


zPyJWT._decode_payloadc
K
sH|rtj
d
t|���
��tdd�
|j|
||||||||	|
d�
}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rarb)rUrWrYr]r[r^r/)rerfrgrhrrk)
r!rPr1rSrrUrWrYr]r[r^r`rnr"r"r#�decode�s*


�
�









�zPyJWT.decodecC
s

t|t
�r	|��}|du
rt|ttf�std
�
�
|�|
|�
tjt	j
d�
��}d|
vr6|dr6|�|
||�
d|
vrE|drE|�
|
||�
d|
vrT|drT|�|
||�
|d	r^|�|
|�
|d
rn|j|
||�dd�d
�
|drx|�|
|�
|dr�|�|
�

dSdS)Nz+audience must be a string, iterable or None)
�tzr<r)r=r(r;r'r+r*�
strict_audF�
�strictr,r-)r>r�
total_secondsr:rr@�_validate_required_claimsr�nowr�utc�	timestamp�
_validate_iat�
_validate_nbf�
_validate_exp�
_validate_iss�
_validate_audrB�
_validate_sub�
_validate_jti)r!r/rrYr[r]r^rzr"r"r#rm�s.
	







�

�zPyJWT._validate_claimscC
s(|d
D]
}|
�|�
durt
|�
�
qdS)Nr.)rBr)r!r/r�claimr"r"r#ry
s


��zPyJWT._validate_required_claimscC
sHd
|
v
rdSt|
d
t
�std�
�
|du
r |
�d
�
|kr"td�
�
dSdS)z�
        Checks whether "sub" if in the payload is valid ot not.
        This is an Optional claim

        :param payload(dict): The payload which needs to be validated
        :param subject(str): The subject of the token
        �subNzSubject must be a stringzInvalid subject)r>r:rrB)r!r/r]r"r"r#r�
s	



�
zPyJWT._validate_subcC
s(d
|
v
rdSt|
�
d
�
t�std�
�
dS)z�
        Checks whether "jti" if in the payload is valid ot not
        This is an Optional claim

        :param payload(dict): The payload which needs to be validated
        �jtiNzJWT ID must be a string)r>rBr:r)r!r/r"r"r#r�2
s


�zPyJWT._validate_jtirz�floatcC
�Bzt|
d
�
}Wnt
y


td�
d�w|||krtd�
�
dS)Nr<z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))�intrqrr)r!r/rzr^r<r"r"r#r}@
s



���
�zPyJWT._validate_iatcC
r�)Nr=z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))r�rqr
r)r!r/rzr^r=r"r"r#r~O
s



�
�zPyJWT._validate_nbfcC
sBzt|
d
�
}Wnt
y


td�
d�w|||k
rtd�
�
dS)Nr;z/Expiration Time claim (exp) must be an integer.zSignature has expired)r�rqr
r)r!r/rzr^r;r"r"r#r]
s



���
�zPyJWT._validate_expFrvrwc

s�|durd
|
v
s|
d
sdStd�
�
d
|
v
s|
d
st
d
�
�
|
d
�|r@t|t�s-td�
�
t�t�s6td�
�
|�kr>td�
�
dSt�t�rH�g
�t�t�sQtd�
�
tdd��D�
�
r^td�
�
t|t�rf|g
}t�f
d	d�|D�
�
rutd
�
�
dS)N�audzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc
s
s�|]	}
t|
t
�V
qdSr)r>r:)�.0�
cr"r"r#�	<genexpr>�
s�z&PyJWT._validate_aud.<locals>.<genexpr>c
3
s�|]}
|
�v
V
qdSrr")r�r��
�audience_claimsr"r#r��
s�zAudience doesn't match)rrr>r:�list�any�all)r!r/rYrwr"r�r#r�m
s4
















�zPyJWT._validate_audcC
sV|durdSd
|
v
rtd
�
�
t
|t�r|
d
|krtd�
�
dS|
d
|v
r)td�
�
dS)N�isszInvalid issuer)rr>r:r)r!r/r[r"r"r#r��
s





�
�zPyJWT._validate_issr)rrrr)rr%)NNNT)r/r0r1r2r3r4r5rr6r7r8r9rr:)NN)r/r0r5rr6r7rrH)	rONNNNNNNr
)rPrQr1rRrSrTrrrUrVrWrXrYrZr[r\r]r4r^r_r`r
rr0)rnr0rr
)rPrQr1rRrSrTrrrUrVrWrXrYrZr]r4r[r\r^r_r`r
rr
)NNNr
)
r/r0rr0r]r4r^r_rr)r/r0rr0rr)r/r0rr)r/r0rzr�r^r�rr)r/r0rYrZrwr9rr)r/r0r[r
rr)�__name__�
__module__�__qualname__r$�staticmethodr rErDrkrlrsrmryr�r�r}r~rr�r�r"r"r"r#rs^




�)
�




�
J




�-


�
*	



�2r)&�
__future__rrMre�calendarr�collections.abcrrrrr�typingr	r
rOr�
exceptionsr
rrrrrrrrrrSrr�api_jwkrr�_jwt_global_objrErkrsr"r"r"r#�<module>
s*




,