a Bg6@sdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZddlZddlmZddlmZmZddlmZmZddlZddlmZmZmZeeZ Gdd d ej!ej"d Z#e#j$Gd d d e#Z%e#j$Gd dde#Z&e#j$Gddde#Z'dS) JSON Web Key.N) AnyCallableDictMappingOptionalSequenceTupleTypeUnion)default_backend)hashes serialization)ecrsa)errors json_utilutilc@seZdZUdZdZiZeeedfe d<dZ e ee dfe d<e Zeee d<dd d d Zeeeeeeeeffe d <e e d <ejfegejfedddZejddddZedeeeee e dddZedeeeee ddddZ dS)JWKrZktyTYPES.cryptography_key_typesrequiredN),:T)indentZ separatorsZ sort_keys_thumbprint_json_dumps_paramskey) hash_functionreturncsNtj|td}|tjfddDfij | S)zgCompute JWK Thumbprint. https://tools.ietf.org/html/rfc7638 :returns: bytes )backendcs i|]\}}|jvr||qSr)r).0kvselfr./usr/lib/python3.9/site-packages/josepy/jwk.py @z"JWK.thumbprint..) r ZHashr updatejsondumpsZto_jsonitemsrencodefinalize)r%rZdigestrr$r& thumbprint3s zJWK.thumbprintrcCs tdS)ziGenerate JWK with public key. For symmetric cryptosystems, this would return ``self``. N)NotImplementedErrorr$rrr& public_keyFszJWK.public_key)datapasswordr rc Cs|durtn|}i}tjtjfD]R}z||||WStttjjfyr}z||t |<WYd}~q"d}~00q"tj tj fD]N}z|||WSttjjfy}z||t |<WYd}~qd}~00qt d|dS)NzUnable to deserialize key: {0})r rZload_pem_private_keyZload_der_private_key ValueError TypeError cryptography exceptionsZUnsupportedAlgorithmstrZload_pem_public_keyZload_der_public_keyrErrorformat)clsr3r4r r8Zloader_privateerrorZ loader_publicrrr&_load_cryptography_keyOs$$zJWK._load_cryptography_keyc Csz||||}Wn<tjyN}z"td|t|dWYd}~Sd}~00|jtur|t||j s|td |j |j |j D]}t||j r||dSqtd |j dS)aLoad serialized key as JWK. :param str data: Public or private key serialized as PEM or DER. :param str password: Optional password. :param backend: A `.PEMSerializationBackend` and `.DERSerializationBackend` provider. :raises errors.Error: if unable to deserialize, or unsupported JWK algorithm :returns: JWK of an appropriate type. :rtype: `JWK` z,Loading symmetric key, asymmetric failed: %srNz"Unable to deserialize {0} into {1}zUnsupported algorithm: {0})r>rr:loggerdebugJWKOcttypNotImplemented isinstancerr; __class__rvalues)r<r3r4r rr=Zjwk_clsrrr&loadls   zJWK.load)NN)NN)!__name__ __module__ __qualname____doc__type_field_namerrr9r __annotations__rr rrDrrrr rintboolr ZSHA256rZ HashAlgorithmbytesr/abcabstractmethodr2 classmethodr>rHrrrr&rs: (   r) metaclassc@sleZdZUdZdZdZdejfZe e d<e e e fdddZ eee efdd d d Zddd d ZdS)rBzSymmetric JWK.octr?r"rr0cCsdt|jiS)Nr")rencode_b64joserr$rrr&fields_to_partial_jsonszJWKOct.fields_to_partial_jsonjobjrcCs|t|ddS)Nr"r?)rdecode_b64joser<rZrrr&fields_from_jsonszJWKOct.fields_from_jsoncCs|SNrr$rrr&r2szJWKOct.public_keyN)rIrJrKrLrC __slots__rrMrrQrNrr9rXrTrrr]r2rrrr&rBs  rBcseZdZUdZdZejejfZdZ de j dfZ e jjed<eeddfd d Zeeed d d Zeeed ddZddddZeeeefddddZeeefdddZZS)JWKRSAzRSA JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` wrapped in :class:`~josepy.util.ComparableRSAKey` ZRSAr?enrNargskwargsrcs@d|vr*t|dtjs*t|d|d<tj|i|dSNr)rErComparableRSAKeysuper__init__r%rdrerFrr&riszJWKRSA.__init__)r3rcCs0t|d}t|d}t|jd|dS)zOEncode Base64urlUInt. :type data: long :rtype: unicode big byteorderlength)max bit_lengthmathZceilrrWto_bytesr<r3rprrr& _encode_paramszJWKRSA._encode_paramcCsFz&t|}|sttj|ddWSty@tYn0dS)Decode Base64urlUInt.rmroN)rr[rDeserializationErrorrO from_bytesr5)r<r3binaryrrr& _decode_params  zJWKRSA._decode_paramr0cCst||jdS)Nr?)typerr2r$rrr&r2szJWKRSA.public_keyrYc sDfdddD\}}tj||d}dvr@|tdSd}dvs~dvs~d vs~d vs~d vs~d vrtfd ddD\}}}} } } tdd| Drtd| tfdd| D\}}}} } n6t |||\}}t ||}t ||} t ||} t ||||| | |t} | dS)Nc3s|]}|VqdSr^r|r!xr\rr& r(z*JWKRSA.fields_from_json..rbra)rarbdr?pqdpdqqiZothc3s|]}|VqdSr^)getr)rZrr&rr()rrrrrcss|]}|dur|VqdSr^r)r!Zparamrrr&rr(z(Some private parameters are missing: {0}c3s|]}t|VqdSr^)r|r9r)r<rr&rr()rZRSAPublicNumbersr2r r|tuplerr:r;Zrsa_recover_prime_factorsZ rsa_crt_dmp1Z rsa_crt_dmq1Z rsa_crt_iqmpZRSAPrivateNumbers private_key) r<rZrbrapublic_numbersrrrrrr all_paramsrrr\r&r]sH"   zJWKRSA.fields_from_jsonc s~tjjtjr*j}|j|jd}n>j}j }|j|j|j |j |j |j |j|jd}fdd|DS)Nr)rbrarrrrrrcsi|]\}}||qSr)rvr!rvaluer$rr&r'r(z1JWKRSA.fields_to_partial_json..)rEr_wrappedr RSAPublicKeyrrbraprivate_numbersr2rrrZdmp1Zdmq1Ziqmpr,)r%Znumbersparamsprivatepublicrr$r&rXs"   zJWKRSA.fields_to_partial_json)rIrJrKrLrCrrZ RSAPrivateKeyrr_rrMrjosepyrrgrNrrirTrOr9rvr|r2rr]rrX __classcell__rrrkr&r`s      0r`cseZdZUdZdZdZejejfZ de j ddfZ e jjed<eedd fd d Zeeeed d dZeeeeedddZeeedddZeeejdddZeejedddZeeefdddZeeeefdddd Zddd!d"Z Z!S)#JWKECzEC JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` wrapped in :class:`~josepy.util.ComparableECKey` ZECr?crvryrNrccs@d|vr*t|dtjs*t|d|d<tj|i|dSrf)rErComparableECKeyrhrirjrkrr&ri+szJWKEC.__init__)r3rprcCst|jd|dS)zlEncode Base64urlUInt. :type data: long :type key_size: long :rtype: unicode rmrn)rrWrtrurrr&rv0szJWKEC._encode_param)r3name valid_lengthrc CshzHt|}t||kr:td|d|dt|dtj|ddWStybtYn0dS)rwzExpected parameter "z" to be z" bytes after base64-decoding; got z bytes insteadrmrxN)rr[lenrryrOrzr5)r<r3rrr{rrr&r|9s   zJWKEC._decode_param) curve_namercCs0|dkr dS|dkrdS|dkr$dStdS)NZ secp256r1P-256Z secp384r1P-384Z secp521r1P-521)rSerializationError)r<rrrr&_curve_name_to_crvGszJWKEC._curve_name_to_crv)rrcCs<|dkrtS|dkr tS|dkr0tStdS)Nrrr)r SECP256R1 SECP384R1 SECP521R1rry)r<rrrr& _crv_to_curveQszJWKEC._crv_to_curve)curvercCsBt|tjrdSt|tjr dSt|tjr0dStd|dS)N 0BzUnexpected curve: )rErrrrr5)r<rrrr&expected_length_for_curve\s   zJWKEC.expected_length_for_curver0csi}tjjtjr jn>tjjtjrTj}j|j |d<n t dj |d<j |d<fdd|D}jj|d<|S)NrzRSupplied key is neither of type EllipticCurvePublicKey nor EllipticCurvePrivateKeyrrc s&i|]\}}||jqSr)rvrrrrr%rr&r'usz0JWKEC.fields_to_partial_json..r)rErrrEllipticCurvePublicKeyrEllipticCurvePrivateKeyrr2Z private_valuerrrrr,rrr)r%rrrrr&rXfs"      zJWKEC.fields_to_partial_jsonrYcsd}|fdddD\}}tj|||d}dvr\|tdSdd}t||t}|dS)Nrc3s |]}||VqdSr^r~)r!rbr<Zexpected_lengthrZrr&rr(z)JWKEC.fields_from_json..)rr)rrrrr?) rrrZEllipticCurvePublicNumbersr2r r|ZEllipticCurvePrivateNumbersr)r<rZrrrrrrrrr&r]|s zJWKEC.fields_from_jsoncCs8t|jdr|j}n|jt}t||dS)Nr2r?)hasattrrr2rr r})r%rrrr&r2s  zJWKEC.public_key)"rIrJrKrLrCr_rrrrrrMrrrrrNrrirTrOr9rvr|rZ EllipticCurverrrrXrr]r2rrrrkr&rs*       r)(rLrRr*Zloggingrstypingrrrrrrr r r Zcryptography.exceptionsr7Zcryptography.hazmat.backendsr Zcryptography.hazmat.primitivesr rZ)cryptography.hazmat.primitives.asymmetricrrZ josepy.utilrrrrZ getLoggerrIr@ZTypedJSONObjectWithFieldsABCMetarregisterrBr`rrrrr&s&,   qt