o

��h�v�@
spdd
lm
Z

ddlZddlZddlZddlmZmZ
ddlm	Z	m
Z
mZmZm
Z
mZmZ
ddlmZ
ddlmZmZ
ddlmZmZmZmZmZmZmZmZmZ
zldd	lm Z m!Z!
dd
l"m#Z#
ddl$m%Z%
ddl&m'Z'
dd
l(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2
ddl3m4Z4m5Z5
ddl6m7Z7m8Z8
ddl9m:Z:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@mAZA
ddlBmCZCmDZDmEZEmFZFmGZGmHZHmIZI
dZJWneKy�


dZJYn
we	r�e:e<BZLe/e1BZMe7e8Be4Be5BZNeLeMBeNBZOe:e/Be7Be4BZPe<e1Be8Be5BZQhd�
ZRd'dd�ZSGdd�de�ZTGdd�deT�ZUGdd�deT�ZVeJ�
r6Gdd �d eT�ZWGd!d"�d"eT�ZXGd#d$�d$eW�ZYGd%d&�d&eT�ZZdSdS)(�)
�annotationsN)�ABC�abstractmethod)�
TYPE_CHECKING�Any�ClassVar�Literal�NoReturn�cast�overload�
�
�InvalidKeyError)�HashlibHash�JWKDict)	�base64url_decode�base64url_encode�der_to_raw_signature�force_bytes�from_base64url_uint�
is_pem_format�
is_ssh_key�raw_to_der_signature�to_base64url_uint)�InvalidSignature�UnsupportedAlgorithm)
�default_backend)
�hashes)
�padding)
�ECDSA�	SECP256K1�	SECP256R1�	SECP384R1�	SECP521R1�
EllipticCurve�EllipticCurvePrivateKey�EllipticCurvePrivateNumbers�EllipticCurvePublicKey�EllipticCurvePublicNumbers)�Ed448PrivateKey�Ed448PublicKey)�Ed25519PrivateKey�Ed25519PublicKey)�
RSAPrivateKey�RSAPrivateNumbers�RSAPublicKey�RSAPublicNumbers�rsa_crt_dmp1�rsa_crt_dmq1�rsa_crt_iqmp�rsa_recover_prime_factors)�Encoding�NoEncryption�
PrivateFormat�PublicFormat�load_pem_private_key�load_pem_public_key�load_ssh_public_keyTF>�ES256�ES384�ES512�ES521�EdDSA�PS256�PS384�PS512�RS256�RS384�RS512�ES256K�return�dict[str, Algorithm]c
C
s�t�t
t
j�
t
t
j�
t
t
j�
d
�}trG|�ttj�
ttj�
ttj�
ttj�
ttj�
ttj�
ttj�
ttj�
t	t	j�
t	t	j�
t	t	j�
t
�d��

|S)zE
    Returns the algorithms that are implemented by the library.
    )�none�HS256�HS384�HS512)rDrErFr<rGr=r?r>rArBrCr@)�
NoneAlgorithm�
HMACAlgorithm�SHA256�SHA384�SHA512�
has_crypto�update�RSAAlgorithm�ECAlgorithm�RSAPSSAlgorithm�OKPAlgorithm)
�default_algorithms�rZ�D/usr/local/CyberPanel/lib/python3.10/site-packages/jwt/algorithms.py�get_default_algorithmsis0


�








�


��r\c@
s�eZ
dZd
Zd"dd�Zed#d	d
��
Zed$dd
��
Zed%dd��
Ze	e
ed&dd��
�
�
Ze	e
ed'd(dd��
�
�
Ze
ed'd)dd��
�
Ze
ed*dd ��
�
Zd!S)+�	AlgorithmzH
    The interface for an algorithm used to sign and verify tokens.
    �bytestr�bytesrHcC
sjt|d
d�}|durt
�
tr-t|t�r-t|tj�r-tj|�t	�d�}|�
|
�

t|���
St||
�
�
��
S)z�
        Compute a hash digest using the specified algorithm's hash algorithm.

        If there is no hash algorithm, raises a NotImplementedError.
        �hash_algN)
�backend)�getattr�NotImplementedErrorrS�
isinstance�type�
issubclassr�
HashAlgorithm�HashrrTr_�finalize�digest)�selfr^r`rjrZrZr[�compute_hash_digest�s

��
�


zAlgorithm.compute_hash_digest�keyrc
C
�d
S)z�
        Performs necessary validation and conversions on the key and returns
        the key value in the proper format for sign() and verify().
        NrZ�rkrmrZrZr[�prepare_key��zAlgorithm.prepare_key�msgc
C
rn)zn
        Returns a digital signature for the specified message
        using the specified key value.
        NrZ�rkrrrmrZrZr[�sign�rqzAlgorithm.sign�sig�boolc
C
rn)zz
        Verifies that the specified digital signature is valid
        for the specified message and key values.
        NrZ�rkrrrmrurZrZr[�verify�rqzAlgorithm.verify�as_dict�
Literal[True]rc
C
�dS�
NrZ��key_objryrZrZr[�to_jwk��zAlgorithm.to_jwkF�Literal[False]�strc
C
r{r|rZr}rZrZr[r�r��
JWKDict | strc
C
rn)z3
        Serializes a given key into a JWK
        NrZr}rZrZr[r�rq�jwk�
str | JWKDictc


C
rn)zJ
        Deserializes a given key from JWK back into a key object
        NrZ�
r�rZrZr[�from_jwk�rqzAlgorithm.from_jwkN)r^r_rHr_)rmrrHr)rrr_rmrrHr_)rrr_rmrrur_rHrv)ryrzrHr�
F)ryr�rHr�)ryrvrHr�)r�r�rHr)
�__name__�
__module__�__qualname__�__doc__rlrrprtrxr�staticmethodrr�rZrZrZr[r]�s.














r]c@
sLeZ
dZd
Zddd�Zdd
d�Zddd�Zedd dd��
Zed!dd��
Z	dS)"rNzZ
    Placeholder for use when no signing or verification
    operations are required.
    rm�
str | NonerH�NonecC
s |
d
krd}
|
du
rtd�
�
|
S)N�z*When alg = "none", key value must be None.r
rorZrZr[rp�s



zNoneAlgorithm.prepare_keyrrr_c
C
rn)N�rZrsrZrZr[rt��
zNoneAlgorithm.signrurvc
C
rn)NFrZrwrZrZr[rx�r�zNoneAlgorithm.verifyFr~rryr	c
C
�t��
r|�
rcr}rZrZr[r��zNoneAlgorithm.to_jwkr�r�c


C
r�r|r�r�rZrZr[r��r�zNoneAlgorithm.from_jwkN)rmr�rHr�)rrr_rmr�rHr_)rrr_rmr�rur_rHrvr�)r~rryrvrHr	)r�r�rHr	)
r�r�r�r�rprtrxr�rr�rZrZrZr[rN�s


	


rNc@
s�eZ
dZUd
ZejZded<ejZ	ded<ej
Zded<d)d
d�Zd*dd�Z
eed+dd��
�
Zee	d,d-dd��
�
Zed,d.dd��
Zed/d d!��
Zd0d#d$�Zd1d&d'�Zd(S)2rOzf
    Performs signing and verification operations using HMAC
    and the specified hash function.
    zClassVar[HashlibHash]rPrQrRr`rrHr�cC
�
|
|_dSr|�
r`�rkr`rZrZr[�__init__��

zHMACAlgorithm.__init__rm�str | bytesr_cC
s$t|
�
}t
|�
st|�
rtd
�
�
|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrr�rkrm�	key_bytesrZrZr[rp�s


�zHMACAlgorithm.prepare_keyr~ryrzrc
C
r{r|rZr}rZrZr[r

�zHMACAlgorithm.to_jwkFr�r�c
C
r{r|rZr}rZrZr[r
r�rvr�cC
s(tt
|�
�
��d
d�}|
r|St�|�
S)N�oct)�
k�kty)rr�decode�json�dumps)r~ryr�rZrZr[r
s
�

r�r�c
C
sjzt|t
�rt�|�
}
n
t|t�r|}
nt�
Wnty#


td
�
d�w|
�d�
dkr/td�
�
t|
d�
S)N�Key is not valid JSONr�r�zNot an HMAC keyr�)	rdr�r��loads�dict�
ValueErrorr�getr)r��objrZrZr[r�"
s





�


�
zHMACAlgorithm.from_jwkrrcC
st�
||
|j���Sr|)�hmac�newr`rjrsrZrZr[rt3
�
zHMACAlgorithm.signrucC
st�
||�|
|��Sr|)r��compare_digestrtrwrZrZr[rx6
r�zHMACAlgorithm.verifyN)r`rrHr�)rmr�rHr_)r~r�ryrzrHrr�)r~r�ryr�rHr�)r~r�ryrvrHr�)r�r�rHr_)rrr_rmr_rHr_)rrr_rmr_rur_rHrv)r�r�r�r��hashlib�sha256rP�__annotations__�sha384rQ�sha512rRr�rprr�rr�rtrxrZrZrZr[rO�s(








�


rOc@
s�eZ
dZUd
ZejZded<ejZded<ejZded<d,d
d�Z	d-dd�Z
eed.dd��
�
Z
ee	d/d0dd��
�
Z
ed/d1dd��
Z
ed2d d!��
Zd3d%d&�Zd4d)d*�Zd+S)5rUz~
        Performs signing and verification operations using
        RSASSA-PKCS-v1_5 and the specified hash function.
        �$ClassVar[type[hashes.HashAlgorithm]]rPrQrRr`�type[hashes.HashAlgorithm]rHr�cC
r�r|r�r�rZrZr[r�F
r�zRSAAlgorithm.__init__rm�AllowedRSAKeys | str | bytes�AllowedRSAKeyscC
s�t|
t
tf�r	|
St|
ttf�std
�
�
t|
�
}z|�d�
r&ttt	|�
�WStt
t
|dd��WStyO


z
ttt|�
�WYStt
fyN


td�
d�ww)N�Expecting a PEM-formatted key.sssh-rsa�
�passwordz(Could not parse the provided public key.)rdr-r/r_r��	TypeErrorr�
startswithr
r;r9r�r:rrr�rZrZr[rpI
s,






�




����zRSAAlgorithm.prepare_keyr~ryrzrc
C
r{r|rZr}rZrZr[ra
r�zRSAAlgorithm.to_jwkFr�r�c
C
r{r|rZr}rZrZr[rg
r�rvr�cC
s�d}t|d
�rD|�
�}ddg
t|jj�
��t|jj�
��t|j�
��t|j�
��t|j	�
��t|j
�
��t|j�
��t|j�
��d�
}n t|d�r`|��}ddg
t|j�
��t|j�
��d�}nt
d�
�
|
rh|St�|�
S)N�private_numbers�RSArt)
r��key_ops�
n�
e�
d�
p�
q�dp�dq�qirx)r�r�r�r��Not a public or private key)�hasattrr�r�public_numbersr�r�r�r�r�r��dmp1�dmq1�iqmprr�r�)r~ryr��numbersrZrZr[rm
s2









�




�

r�r�c
		
s�
zt|t
�rt�|�
�n
t|t�r|�nt�
Wnty#


td
�
d�w��d�
dkr0td�
d�d�vr�d�vr�d�vr�d�vrDtd	�
�
gd
�
}
�f
dd�|
D�
}t|�
}|r`t	|�
s`td
�
d�t
t�d�
t�d�
�}|r�tt�d�
t�d�
t�d�
t�d�
t�d�
t�d�
|d�}|��St�d�
}t
|j||j�\}}t|||t||�t||�t||�|d�}|��Sd�vr�d�vr�t
t�d�
t�d�
���Std�
�
)Nr�r�r�zNot an RSA keyr�r�r��othz5Unsupported RSA private key: > 2 primes not supported)r�r�r�r�r�c

sg|]}
|
�v�qSrZrZ)�.0�prop�
r�rZr[�
<listcomp>�
sz)RSAAlgorithm.from_jwk.<locals>.<listcomp>z@RSA key must include all parameters if any are present besides dr�r�r�r�r�)r�r�r�r�r�r�r�r�)rdr�r�r�r�r�rr��any�allr0rr.r4r�r�r1r2r3�private_key�
public_key)	r��other_props�props_found�any_props_foundr�r�r�r�r�rZr�r[r��
s~





�


�



�



��



�













��


�






�





��zRSAAlgorithm.from_jwkrrr_r-cC
s|�|
t
��|���Sr|)rtr�PKCS1v15r`rsrZrZr[rt�
s
zRSAAlgorithm.signr/rucC
s4z|�||
t
��|���
Wd
Sty


YdSw)NTF)rxrr�r`rrwrZrZr[rx�
s




�zRSAAlgorithm.verifyN�r`r�rHr�)rmr�rHr�)r~r�ryrzrHrr�)r~r�ryr�rHr�)r~r�ryrvrHr�)r�r�rHr��rrr_rmr-rHr_�rrr_rmr/rur_rHrv)r�r�r�r�rrPr�rQrRr�rprr�rr�rtrxrZrZrZr[rU<
s(








�
&

GrUc@
s�eZ
dZUd
ZejZded<ejZded<ejZded<d+d
d�Z	d,dd�Z
d-dd�Zd.dd�Ze
ed/dd��
�
Ze
e	 d0d1d#d��
�
Zed0d2d%d��
Zed3d(d)��
Zd*S)4rVzr
        Performs signing and verification operations using
        ECDSA and the specified hash function
        r�rPrQrRr`r�rHr�cC
r�r|r�r�rZrZr[r��
r�zECAlgorithm.__init__rm�AllowedECKeys | str | bytes�
AllowedECKeyscC
s�t|
t
tf�r	|
St|
ttf�std
�
�
t|
�
}z|�d�
r#t|�
}nt	|�
}Wnt
y7


t|dd�}Yn
wt|t
tf�sDtd�
d�|S)Nr�secdsa-sha2-r�zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms)
rdr%r'r_r�r�rr�r;r:r�r9r)rkrmr��
crypto_keyrZrZr[rp�
s,






�

�
�
��zECAlgorithm.prepare_keyrrr_r%cC
s |�|
t
|���
�}t||j�Sr|)rtrr`r�curve)rkrrrm�der_sigrZrZr[rts
zECAlgorithm.signrurvcC
snzt||j
�}Wn
ty


Yd
Swzt|t�r|��n
|}|�||
t|���
�
WdSt	y6


Yd
Sw)NFT)
rr�r�rdr%r�rxrr`r)rkrrrmrur�r�rZrZr[rxs



�
��


�zECAlgorithm.verifyr~ryrzrc
C
r{r|rZr}rZrZr[r'r�zECAlgorithm.to_jwkFr�r�c
C
r{r|rZr}rZrZr[r-r�r�cC
s�t|t
�r|����}nt|t�r|��}ntd
�
�
t|jt�r#d}n#t|jt�r,d}nt|jt	�r5d}nt|jt
�r>d}ntd|j���
�
d|t|j|jj
d���t|j|jj
d���d	�}t|t
�rst|��j|jj
d���|d
<|
rw|St�|�
S)Nr��P-256�P-384�P-521�	secp256k1�Invalid curve: �EC)
�
bit_length)r��crv�
x�
yr�)rdr%r�r�r'rr�r!r"r#r rr��key_sizer�r�r��
private_valuer�r�)r~ryr�r�r�rZrZr[r3sJ
















�


��




��

r�r�c
C
szt|t
�rt�|�
}
n
t|t�r|}
nt�
Wnty#


td
�
d�w|
�d�
dkr0td�
d�d|
v
s8d|
v
r=td�
d�t|
�d�
�
}t|
�d�
�
}|
�d�
}|dkrmt	|�
t	|�
krbd	krhn
nt
�}netd
�
d�|dkr�t	|�
t	|�
krdkr�n
nt�}nHtd
�
d�|dkr�t	|�
t	|�
kr�dkr�n
nt�}n+td�
d�|dkr�t	|�
t	|�
kr�d	kr�n
td�
�
t
�}ntd�
�
td|���
�
ttj|dd�tj|dd�|d�}d|
v
r�|��St|
�d�
�
}t	|�
t	|�
kr�tdt	|�
|��
ttj|dd�|���S)Nr�r�r�zNot an Elliptic curve keyr�r�r�r�� z)Coords should be 32 bytes for curve P-256r��0z)Coords should be 48 bytes for curve P-384r��Bz)Coords should be 66 bytes for curve P-521r�z-Coords should be 32 bytes for curve secp256k1r��big)
�	byteorder)r�r�r�r�z!D should be {} bytes for curve {})rdr�r�r�r�r�rr�r�lenr!r"r#r r(�int�
from_bytesr�r&r�)r�r�r�r�r��	curve_objr�r�rZrZr[r�_s�





�


�





 


�� 


�� 


��

��
�


�




�
��zECAlgorithm.from_jwkNr�)rmr�rHr�)rrr_rmr%rHr_)rrr_rmr�rur_rHrv)r~r�ryrzrHrr�)r~r�ryr�rHr�)r~r�ryrvrHr�)r�r�rHr�)r�r�r�r�rrPr�rQrRr�rprtrxrr�rr�rZrZrZr[rV�
s(










�
+
rVc@
s$eZ
dZd
Zddd�Zddd
�ZdS)rWzA
        Performs a signature using RSASSA-PSS with MGF1
        rrr_rmr-rHcC
s,|�|
t
jt
�|���
|��jd
�|���S)N��mgf�salt_length)rtr�PSS�MGF1r`�digest_sizersrZrZr[rt�s




��zRSAPSSAlgorithm.signr/rurvc	C
sJz|�||
t
jt
�|���
|��jd
�|���
WdSty$


YdSw)Nr�TF)rxrr�r�r`r�rrwrZrZr[rx�s






��	

�zRSAPSSAlgorithm.verifyNr�r�)r�r�r�r�rtrxrZrZrZr[rW�s


rWc@
s~eZ
dZd
Zd'dd�Zd(dd�Zd)dd�Zd*dd�Zee	d+dd��
�
Z
ee		d,d-dd��
�
Z
e	d,d.d!d��
Z
e	d/d$d%��
Zd&S)0rXz�
        Performs signing and verification operations using EdDSA

        This class requires ``cryptography>=2.6`` to be installed.
        �kwargsrrHr�c

K
r{r|rZ)rkr�rZrZr[r��r�zOKPAlgorithm.__init__rm�AllowedOKPKeys | str | bytes�AllowedOKPKeyscC
s�t|
t
tf�r?t|
t
�r|
�d
�
n
|
}t|
t�r|
�d
�
n
|
}d|vr(t|�
}
nd|vr3t|dd�}
n|dd�dkr?t|�
}
t|
tt	t
tf�sLtd�
�
|
S)	N�utf-8z-----BEGIN PUBLICz-----BEGIN PRIVATEr�r
�zssh-zcExpecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for EdDSA algorithms)
rdr_r�r��encoder:r9r;r+r,r)r*r)rkrm�key_strr�rZrZr[rp�s"











�
�zOKPAlgorithm.prepare_keyrrr��#Ed25519PrivateKey | Ed448PrivateKeyr_cC
s"t|
t
�r
|
�d
�
n
|
}|�|�
S)aS

            Sign a message ``msg`` using the EdDSA private key ``key``
            :param str|bytes msg: Message to sign
            :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey`
                or :class:`.Ed448PrivateKey` isinstance
            :return bytes signature: The signature, as bytes
            r
)rdr�r
rt)rkrrrm�	msg_bytesrZrZr[rt�s


zOKPAlgorithm.signrurvcC
srz.t|
t
�r|
�d
�
n
|
}t|t
�r|�d
�
n
|}t|ttf�r$|��n
|}|�||�
WdSty8


YdSw)a�

            Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key``

            :param str|bytes sig: EdDSA signature to check ``msg`` against
            :param str|bytes msg: Message to sign
            :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key:
                A private or public EdDSA key instance
            :return bool verified: True if signature is valid, False if not.
            r
TF)rdr�r
r+r)r�rxr)rkrrrmrur
�	sig_bytesr�rZrZr[rx�s


��


�zOKPAlgorithm.verifyryrzrc
C
r{r|rZ�rmryrZrZr[rr�zOKPAlgorithm.to_jwkFr�r�c
C
r{r|rZr	
rZrZr[rr�r�cC
s�t|t
tf�r.|jtjtjd
�}t|t
�rdn
d}tt|�
�
�	�d|d�}|
r)|St
�|�
St|tt
f�rp|jtjtjt�d�}|��jtjtjd
�}t|t�rRdn
d}tt|�
�
�	�tt|�
�
�	�d|d�}|
rk|St
�|�
Std�
�
)	N)�encoding�format�Ed25519�Ed448�OKP)r�r�r�)r

r
�encryption_algorithm)r�r�r�r�r�)rdr,r*�public_bytesr5�Rawr8rrr�r�r�r+r)�
private_bytesr7r6r�r)rmryr�r�r�r�rZrZr[rsB


�

�





�

�


�

r�r�c

C
s
zt|t
�rt�|�
}
n
t|t�r|}
nt�
Wnty#


td
�
d�w|
�d�
dkr/td�
�
|
�d�
}|dkrC|dkrCtd|���
�
d	|
v
rKtd
�
�
t|
�d	�
�
}z+d|
v
rg|dkrat	�
|�
WSt�
|�
WSt|
�d�
�
}|dkrxt�
|�
WSt�
|�
WSty�
}
ztd�
|�d}~w
w)
Nr�r�r
zNot an Octet Key Pairr�r
r

r�r�zOKP should have "x" parameterr�zInvalid key parameter)rdr�r�r�r�r�rr�rr,�from_public_bytesr*r+�from_private_bytesr))r�r�r�r�r��errrZrZr[r�Js>





�


�
















��zOKPAlgorithm.from_jwkN)r�rrHr�)rmr
rHr

)rrr�rmr
rHr_)rrr�rmr

rur�rHrv)rmr

ryrzrHrr�)rmr

ryr�rHr�)rmr

ryrvrHr�)r�r�rHr

)r�r�r�r�r�rprtrxrr�rr�rZrZrZr[rX�s"








�
.
rX)rHrI)[�
__future__rr�r�r��abcrr�typingrrrrr	r
r�
exceptionsr�typesrr�utilsrrrrrrrrr�cryptography.exceptionsrr�cryptography.hazmat.backendsr�cryptography.hazmat.primitivesr�)cryptography.hazmat.primitives.asymmetricr�,cryptography.hazmat.primitives.asymmetric.ecrr r!r"r#r$r%r&r'r(�/cryptography.hazmat.primitives.asymmetric.ed448r)r*�1cryptography.hazmat.primitives.asymmetric.ed25519r+r,�-cryptography.hazmat.primitives.asymmetric.rsar-r.r/r0r1r2r3r4�,cryptography.hazmat.primitives.serializationr5r6r7r8r9r:r;rS�ModuleNotFoundErrorr�r�r

�AllowedKeys�AllowedPrivateKeys�AllowedPublicKeys�requires_cryptographyr\r]rNrOrUrVrWrXrZrZrZr[�<module>
sb


$

,




0
($



�
���
"IH+D����