U-f<dZddlZddlZddlZddlmZmZmZmZm Z m Z m Z m Z m Z ddlmZddlZddlmZmZmZmZddlmZddlmZGdd ZGd d ejZGd d ejZGddejZGddZedkree dSdS)zJSON Web Signature.N) AnyDict FrozenSetListMappingOptionalTupleTypecast)crypto)b64errors json_utiljwa)jwk)utilcXeZdZdZdZ ededefdZededefdZdS) MediaTypez MediaType field encoder/decoder.z application/valuereturncRd|vr"d|vrtjd|j|zS|S)zDecoder./;zUnexpected semi-colon)rDeserializationErrorPREFIXclsrs Y/home/cdr/domains/dharristours.com/map/certbot/lib/python3.11/site-packages/josepy/jws.pydecodezMediaType.decodes< e  e||12IJJJ:% % c~d|vr8||jsJ|t|jdS|S)zEncoder.rN) startswithrlenrs rencodezMediaType.encode)sI e  ##CJ// / / /SZ**+ + r N) __name__ __module__ __qualname____doc__r classmethodstrrr$r rrrs|** F233[33[r rc eZdZUdZejdejjdZ e eje d<ejddZ e e e d<ejdejjdZe eje d<ejddZe ee d<ejd dZe e e d <ejd dd Zeejd fe d <ejdejdZe e e d<ejdejdZe e e d<ejdejejdZe ee d<ejdejejdZe ee d<ejddd Z ee!d fe d<e"eej#fe d<de"eej#ffdZ$de!ddfdZ%de&jfdZ'e j(de!de!fdZ ej)dZej(dZdS) Headera6JOSE Header. .. warning:: This class supports **only** Registered Header Parameter Names (as defined in section 4.1 of the protocol). If you need Public Header Parameter Names (4.2) or Private Header Parameter Names (4.3), you must subclass and override :meth:`from_json` and :meth:`to_partial_json` appropriately. .. warning:: This class does not support any extensions through the "crit" (Critical) Header Parameter (4.1.11) and as a conforming implementation, :meth:`from_json` treats its occurrence as an error. Please subclass if you seek for a different behaviour. :ivar x5tS256: "x5t#S256" :ivar str typ: MIME Media Type, inc. :const:`MediaType.PREFIX`. :ivar str cty: Content-Type, inc. :const:`MediaType.PREFIX`. algT)decoder omitemptyjku)r0rkidx5ux5cr+r0default.x5tzx5t#S256x5tS256typ)encoderr/r0ctycrit_fieldsrcNfdjDS)z4Fields that would not be omitted in the JSON object.c~i|]9\}}|t|(|t|:Sr+)omitgetattr).0namefieldselfs r z&Header.not_omitted..bsU   e::gdD1122 '$%%   r )r=itemsrEs`r not_omittedzHeader.not_omitted`s<    #|1133    r otherct|t|s/tdt||}|}t ||rtd||t|di|S)NzHeader cannot be added to: {0}z+Addition of overlapping headers not definedr+) isinstancetype TypeErrorformatrIset intersectionupdate)rErJnot_omitted_selfnot_omitted_others r__add__zHeader.__add__hs%d,, R<CCDKKPPQQ Q++--!--//  - -.? @ @ KIJJ J 1222tDzz--,---r cF|jtjd|jS)zFind key based on header. .. todo:: Supports only "jwk" header parameter lookup. :returns: (Public) key found in the header. :rtype: .JWK :raises josepy.errors.Error: if key could not be found Nz No key found)rrErrorrHs rfind_keyzHeader.find_keyus# 8 ,~.. .xr unused_valuec*tjd)Nz("crit" is not supported, please subclass)rr)rYs rr<z Header.crits)*TUUUr cd|DS)Nczg|]8}tjtjtj|j9Sr+)base64 b64encoder dump_certificate FILETYPE_ASN1wrappedrBcerts r zHeader.x5c..sE     V4V5I4<XX Y Y   r r+rs rr4z Header.x5cs#      r c td|DS#tj$r}tj|d}~wwxYw)Nc 3K|]G}tjtjtjt j|VHdSN)rComparableX509r load_certificater`r] b64decoderbs r zHeader.x5c..sd#+F,@&BRSWBXBXYYr )tupler rWrr)rerrors rr4z Header.x5csk 5"   | 5 5 5-e44 4 5sA>AN)*r%r&r'r(rrDr JWASignature from_jsonr.r__annotations__r1bytesjwk_modJWKrr2r*r3r4r rridecode_b64joser7r8rr$rr9r;r<rrFieldrIrUjosepyrXr/r:r+r rr-r-3s;*'6io s'1T'''C#" #+9?5DAAAC%AAA!0 w{,"""C'+ )$???C#???*9?5DAAAC%AAA+:9?5DZ\+]+]+]Ct"C' (]]]*9?5):R^bcccC%ccc.yI4   GXe_ /y y'1AT   C)  /y y'1AT   C) ,IOFdBOOOD%S/OOO #y& '''' T#y"67     .S .X . . . . &*     \V3V3VVV\V  [  [  [ 5 5[ 5 5 5r r-ceZdZUdZeZeed<dZej dddZ e ed<ej ddeej Z eed<ej d ejej Zeed <e jd e d e fdZ e jd e d e fdZ ded dffd Zeded ee effdZede ded efdZddedeejd efdZedefdedejdej dede!ded dfdZ"d ee efffd Z#ede$e efd ee efffd Z%xZ&S) SignatureaJWS Signature. :ivar combined: Combined Header (protected and unprotected, :class:`Header`). :ivar unicode protected: JWS protected header (Jose Base-64 decoded). :ivar header: JWS Unprotected Header (:class:`Header`). :ivar str signature: The signature. combined)rz protectedTr5header)r0r6r/ signature)r/r:rrcPtj|dSNutf-8)rencode_b64joser$res rr{zSignature.protecteds!' W(=(=>>>r cPtj|dSr)rrurres rr{zSignature.protecteds!'..55g>>>r kwargsNc d|vr||}tjdi||jjJdS)Nrzr+)_with_combinedsuper__init__rzr.)rEr __class__s rrzSignature.__init__sU V # #((00F""6"""} ,,,,,r cd|vsJ|d|jdj}|d|jdj}|r||j|z}n|}||d<|S)Nrzr}r{)getr=r6 header_cls json_loads)rrr}r{rzs rrzSignature._with_combineds''''Hck(&;&CDDJJ{CK ,D,LMM   9 9) D DDHHH%z r payloadctj|ddztj|zS)Nr.)r r^r$)rr{rs r_msgzSignature._msgs4}Y--g6677$>wAWAWWWr keyc||jn|}|jjstjd|jj|j|j||j |S)zvVerify. :param bytes payload: Payload to verify. :param JWK key: Key used for verification. Nz Not signature algorithm defined.)rsigmsg) rzrXr.rwrWverifyrr~rr{)rErr actual_keys rrzSignature.verifys~>A[!7!7!9!9!9c }  C,ABB B} ''DN $.RY8Z8Z(   r r. include_jwkprotectc 0t||jsJ|}||d<|r||d<t||jjsJ||jjsJi}|D]} | |vr|| || <|r |jdi|} nd} |jdi|} | |j | | |} || | | S)aDSign. :param bytes payload: Payload to sign. :param JWK key: Key for signature. :param JWASignature alg: Signature algorithm to use to sign. :param bool include_jwk: If True, insert the JWK inside the signature headers. :param FrozenSet protect: List of headers to protect. r.rr|)r{r}r~r+) rLkty public_keyrPissubsetrr=pop json_dumpssignrr) rrrr.rrr header_paramsprotected_paramsr}r{r~s rrzSignature.signsM&#sw''''' " e  4#&>>#3#3M% =!!**3>+ABBBBB 677777 E EF&&+8+<+//11h++-- !x  r jobjct|}||}d|dvrt jd|S)Nr.rzzalg not present)rfields_from_jsonrrIrr)rrrfields_with_combinedrs rrzSignature.fields_from_jsonsc))$//"11&99 ,Z8DDFF F F-.?@@ @##r rh)'r%r&r'r(r-rrq __slots__rrDr{r*rpr}rurr~rrr:r/rrr)rrrrrwrtboolr frozensetrorrrrr __classcell__)rs@rryrysJI$Y_[D"MMMIsMMM$Y_D**,, @TFF'yY5y?WIu????????????--------  C DcN   [ XSX5XUXXX[X   e  (6:*>  $      !&Y[[ (L(L(LZ(L (L  (L  (L(L (L(L(L[(LTS#X $GCH$5$$sCx.$$$$$[$$$$$r ryc"eZdZUdZdZeed<eeed<eZ dde e j de fdZeded eddfd Zedefd Zdefd Zed eddfdZdde deeeffdZedeeefddfdZdS)JWSzgJSON Web Signature. :ivar str payload: JWS Payload. :ivar str signature: JWS Signatures. r signaturesrrNrrcHtfdjDS)Verify.c3NK|]}|jV dSrh)rr)rBrrrEs rrlzJWS.verify...s3LLS3::dlC00LLLLLLr )allr)rErs``rrz JWS.verify,s,LLLLLDOLLLLLLr rc B|||jjdd|i|fS)Sign.rrr+) signature_clsr)rrrs rrzJWS.sign0s9s70F0A0F0a0aw0aZ`0a0a/cddddr cPt|jdksJ|jdS)zPGet a singleton signature. :rtype: :class:`JWS.signature_cls` r)r#rrHs rr~z JWS.signature5s,4?##q((((q!!r cZt|jdksJd|jjvsJt j|jjddzt j|j zdzt j|jjzS)z7Compact serialization. :rtype: bytes rr.rr) r#rr~r}rIr r^r{r$rrHs r to_compactzJWS.to_compact?s 4?##q((((DN1==?????? M$.299'BB C C mDL)) * mDN455  6 r compactcX |d\}}}n"#t$rtjdwxYw|t j|dt j|}|t j||fS)zACompact deserialization. :param bytes compact: rzOCompact JWS serialization should comprise of exactly 3 dot-separated componentsr)r{r~r)split ValueErrorrrrr rkr)rrr{rr~rs r from_compactzJWS.from_compactRs ,3MM$,?,? )Iw    -d   mI..55g>>#-XaJbJb   s3=11sfEEEEs;Tflatc|jsJtj|j}|r>t |jdkr&|jd}||d<|S||jdS)Nrrrr)rrrrr#to_partial_json)rErrrets rrzJWS.to_partial_jsones}*4<88  C((A--/!$4466C$C NJ#"o r rcd|vrd|vrtjdd|vr\d|D}tj|dj|fStj|dtfd|dDS)Nr~rzFlat mixed with non-flatc&i|]\}}|dk ||S)rr+)rBrrs rrFz!JWS.from_json..xs(VVVzsESIEUEUUEUEUEUr rrc3LK|]}j|VdSrh)rrp)rBrrs rrlz JWS.from_json..s4 ` `c!2!>#3#3#:#:#<#<==CC 3sy~~/?/? @ @AA<   e uuuuu  8 8'''(-- 00;;==C HNN    C ++--...::#:&&&&sA BC+CCargc@tj|Srh)rrorprrs r _alg_typez CLI._alg_types))#...r c0|tjjvsJ|Srh)ryrr=rs r _header_typezCLI._header_typesi*22222 r cZ|tjjvsJtjj|Srh)rsrtTYPESrs r _kty_typez CLI._kty_types(gk'''''{ %%r c0|tjdd}tj}|dd|}|d}||j|dd tj d d |d d|j tj |ddd|j |d}||j|dd tj d d |d|jd ||}||S)z Parse arguments and sign/verify.Nrz --compact store_true)actionr)funcz-kz--keyrbT)rMrequiredz-az--alg)rMr6z-pz --protectr)rrMrFz--kty)rargvargparseArgumentParser add_argumentadd_subparsers add_parser set_defaultsrFileTyperrRS256rrr parse_argsr)rrparser subparsers parser_sign parser_verifyparseds rrunzCLI.runs} <8ABBrs"                        ............!!!!!!4h5h5h5h5h5Y +h5h5h5V}$}$}$}$}$ .}$}$}$@ccccc) (cccLO#O#O#O#O#O#O#O#d zDOOOOOr