U 'Q^.@sddlZddlZddlmZddlmZddlmZddlmZddlm Z ddlm Z dd lm Z dd l m Z dd l mZdd l mZdd l mZddl mZddlmZddlmZddlmZGdddeZGdddeZdS)N)datetime) number_types) _CompactJSON)json) base64_decode) base64_encode) want_bytes)BadData) BadHeader) BadPayload) BadSignature)SignatureExpired) Serializer) HMACAlgorithm) NoneAlgorithmc@seZdZdZeejeejeeje dZ dZ e Z dddZddd Zd d Zd d ZdddZddZdddZdddZdddZdS)JSONWebSignatureSerializerzrThis serializer implements JSON Web Signature (JWS) support. Only supports the JWS Compact Serialization. )ZHS256ZHS384HS512nonerNc Cs<tj|||||||d|dkr&|j}||_|||_dS)N) secret_keysalt serializerserializer_kwargssigner signer_kwargs)r__init__default_algorithmalgorithm_namemake_algorithm algorithm)selfrrrrrrrr!:/tmp/pip-install-bd4o36v9/itsdangerous/itsdangerous/jws.pyr&s  z#JSONWebSignatureSerializer.__init__Fc Cst|}d|krtd|dd\}}z t|}Wn.tk rb}ztd|dW5d}~XYnXz t|}Wn.tk r}ztd|dW5d}~XYnXztj||td} Wn.t k r}ztd|dW5d}~XYnXt | t std | d tj|||d}|r|| fS|S) N.zNo "." found in valuerz:Could not base64 decode the header because of an exception)original_errorz;Could not base64 decode the payload because of an exception)rz5Could not unserialize header because it was malformedz#Header payload is not a JSON object)header) r r splitr Exceptionr r load_payloadrr isinstancedict) r payloadr return_headerbase64d_headerbase64d_payloadZ json_headereZ json_payloadr%r!r!r"r(>s>    z'JSONWebSignatureSerializer.load_payloadcCs8t|jj|f|j}t|jj|f|j}|d|S)Nr#)rrdumpsr)r r%objr-r.r!r!r" dump_payload_sz'JSONWebSignatureSerializer.dump_payloadcCs.z |j|WStk r(tdYnXdS)NzAlgorithm not supported)jws_algorithmsKeyErrorNotImplementedError)r rr!r!r"rhs z)JSONWebSignatureSerializer.make_algorithmcCsB|dkr|j}|dkrdnd}|dkr,|j}|j|j|d||dS)Nr.)rsepkey_derivationr)rrrr)r rrr8r!r!r" make_signernsz&JSONWebSignatureSerializer.make_signercCs|r |ni}|j|d<|S)Nalg)copyr)r header_fieldsr%r!r!r" make_header|s z&JSONWebSignatureSerializer.make_headercCs*||}|||j}||||S)zLike :meth:`.Serializer.dumps` but creates a JSON Web Signature. It also allows for specifying additional fields to be included in the JWS header. )r=r9rsignr2)r r1rr<r%rr!r!r"r0s z JSONWebSignatureSerializer.dumpscCsT|j|||jt|dd\}}|d|jkrDtd||d|rP||fS|S)z{Reverse of :meth:`dumps`. If requested via ``return_header`` it will return a tuple of payload and header. Tr,r:zAlgorithm mismatch)r%r+)r(r9rZunsignr getrr )r srr,r+r%r!r!r"loadss z JSONWebSignatureSerializer.loadscCsd|i}|||||S)Nr,)Z_loads_unsafe_impl)r rArr,kwargsr!r!r" loads_unsafesz'JSONWebSignatureSerializer.loads_unsafe)NNNNNN)NF)NN)NN)NF)NF)__name__ __module__ __qualname____doc__rhashlibsha256sha384sha512rr3rrZdefault_serializerrr(r2rr9r=r0rBrDr!r!r!r"rs.  !   rc@s@eZdZdZdZdddZddZdd d Zd d Zd dZ dS)TimedJSONWebSignatureSerializeraWorks like the regular :class:`JSONWebSignatureSerializer` but also records the time of the signing and can be used to expire signatures. JWS currently does not specify this behavior but it mentions a possible extension like this in the spec. Expiry date is encoded into the header similar to what's specified in `draft-ietf-oauth -json-web-token `_. iNcKs(tj||f||dkr|j}||_dSN)rrDEFAULT_EXPIRES_IN expires_in)r rrPrCr!r!r"rsz(TimedJSONWebSignatureSerializer.__init__cCs2t||}|}||j}||d<||d<|S)Niatexp)rr=nowrP)r r<r%rQrRr!r!r"r=s   z+TimedJSONWebSignatureSerializer.make_headerFcCstj|||dd\}}d|kr*td|dtd|d}zt|d|d<Wntk rb|YnX|ddkrt||d|krtd|||d |r||fS|S) NTr?rRzMissing expiry date)r+zExpiry date is not an IntDaterzSignature expired)r+Z date_signed) rrBr r int ValueErrorrSrget_issue_date)r rArr,r+r%Zint_date_errorr!r!r"rBs0     z%TimedJSONWebSignatureSerializer.loadscCs&|d}t|tr"tt|SdS)NrQ)r@r)rrutcfromtimestamprT)r r%rvr!r!r"rVs  z.TimedJSONWebSignatureSerializer.get_issue_datecCs ttSrN)rTtime)r r!r!r"rSsz#TimedJSONWebSignatureSerializer.now)N)NF) rErFrGrHrOrr=rBrVrSr!r!r!r"rMs   rM)rIrYr_compatr_jsonrrencodingrrr excr r r r rrrrrrrrMr!r!r!r"s&