g8.ddlmZddlZddlZddlmZddlmZmZddl m Z m Z m Z ddl m Z mZddlmZdd lmZmZmZmZmZmZmZmZmZdd lmZe rdd lmZmZdd lm Z Gd dZ!e!Z"e"jFZ#e"jHZ$e"jJZ%y)) annotationsN)timegm)IterableSequence)datetime timedeltatimezone) TYPE_CHECKINGAny)api_jws) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorInvalidJTIErrorInvalidSubjectErrorMissingRequiredClaimError)RemovedInPyjwt3Warning)AllowedPrivateKeysAllowedPublicKeys)PyJWKceZdZdddZeddZ d ddZ d ddZ d ddZddZ d ddZ d d d Z d!d Z dd"d Z d"d Z d#d Z d#dZ d#dZdd d$dZd%dZy)&PyJWTNc>|i}i|j||_yN)_get_default_optionsoptions)selfr s K/var/www/api/v1/venv_getwork_v1/lib/python3.12/site-packages/jwt/api_jwt.py__init__zPyJWT.__init__s& ?G'Q$*C*C*E'Q'Q c ddddddddgd S)NT) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss verify_sub verify_jtirequirer/r$r"rzPyJWT._get_default_options#s)!%  r$cBt|ts td|j}dD]A}t|j |t s#t ||j||<C|j|||}tj||||||S)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbf)headers json_encoder) sort_headers) isinstancedict TypeErrorcopygetrr utctimetuple_encode_payloadr encode) r!payloadkey algorithmr4r5r6 time_claim json_payloads r"r>z PyJWT.encode1s'4(,  ,,./J'++j18<&,WZ-@-M-M-O&P #0 ++ %, ~~     %   r$cPtj|d|jdS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsr>)r!r?r4r5s r"r=zPyJWT._encode_payloadWs)zz !  &/  r$c  | r6tjdt| jtdt |xsi}|j dd|$||dk7rtjdtd|ds~|j dd |j d d |j d d |j d d |j d d |j dd |j dd tj|||||} |j| } i|j|}|j| |||| | | | d<| S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelr&TzThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryrNr'Fr(r)r*r+r,r-)r@ algorithmsr detached_payload)audienceissuerleewaysubjectr?) warningswarntuplekeysrr8 setdefaultDeprecationWarningr decode_complete_decode_payloadr _validate_claims)r!jwtr@rPr verifyrQrRrSrUrTkwargsdecodedr?merged_optionss r"r\zPyJWT.decode_completeis{&  MM'',V[[]';&<>'  w}"%-t4  &G4F,G"G MMY,  )*   |U 3   |U 3   |U 3   |U 3   |U 3   |U 3   |U 3)) !-  &&w/4DLL4G4     % r$c tj|d}t |t s td|S#t$r}td||d}~wwxYw)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. r?zInvalid payload string: Nz-Invalid payload string: must be a json object)rIloads ValueErrorrr7r8)r!rbr?es r"r]zPyJWT._decode_payloadsa Ejj!34G'4(MN N  E 8<=1 D Es7 AAAc | r6tjdt| jtd|j ||||||||| |  } | dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rLrM)r`rQrRrUrSrTr?)rVrWrXrYrr\) r!r_r@rPr r`rQrRrUrSrTrarbs r"decodez PyJWT.decodesx&  MM'',V[[]';&<>'  &&    -'  y!!r$ct|tr|j}|!t|ttfs t d|j ||tjtjj}d|vr|dr|j|||d|vr|dr|j|||d|vr|dr|j||||d r|j|||d r$|j!|||j#d d  |dr|j%|||dr|j'|yy)Nz+audience must be a string, iterable or None)tzr2r)r3r(r1r'r+r* strict_audFstrictr,r-)r7r total_secondsstrrr9_validate_required_claimsrnowr utc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audr; _validate_sub _validate_jti)r!r?r rRrSrUrTrrs r"r^zPyJWT._validate_claimssC fi ())+F   8c8_(MIJ J &&w8llhll+557 G  5   wV 4 G  5   wV 4 G  5   wV 4 <   w / <   '++lE*J   <   w 0 <   w ' !r$cP|dD]}|j|t|y)Nr.)r;r)r!r?r claims r"rqzPyJWT._validate_required_claimss- Y'E{{5!)/66(r$cd|vryt|dts td| |jd|k7r tdyy)z Checks whether "sub" if in the payload is valid ot not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token subNzSubject must be a stringzInvalid subject)r7rprr;)r!r?rUs r"rzzPyJWT._validate_subsV   '%.#.%&@A A  {{5!W,)*;<<- r$cbd|vryt|jdts tdy)z Checks whether "jti" if in the payload is valid ot not This is an Optional claim :param payload(dict): The payload which needs to be validated jtiNzJWT ID must be a string)r7r;rpr)r!r?s r"r{zPyJWT._validate_jti2s3   '++e,c2!";< <3r$cz t|d}|||zkDr tdy#t$r tddwxYw)Nr2z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrfrr)r!r?rrrTr2s r"ruzPyJWT._validate_iat@sX  gen%C #, ()KL L  &;  $:cz t|d}|||zkDr tdy#t$r tddwxYw)Nr3z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rrfrr)r!r?rrrTr3s r"rvzPyJWT._validate_nbfOsW  Vgen%C #, ()KL L  VJKQU U Vrcz t|d}|||z kr tdy#t$r tddwxYw)Nr1z/Expiration Time claim (exp) must be an integer.zSignature has expired)rrfrr)r!r?rrrTr1s r"rwzPyJWT._validate_exp]sX  gen%C 3< '(?@ @ !  A  rFrmc|d|vs|dsytdd|vs|ds td|d|rGt|ts tdtts td|k7r tdyttrgtts tdt dDr tdt|tr|g}t fd|Dr td y) NaudzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc3>K|]}t|t ywr)r7rp).0cs r" z&PyJWT._validate_aud..s?!:a%%sc3&K|]}|v ywrr/)rraudience_claimss r"rz&PyJWT._validate_aud..s>Xcs/)XszAudience doesn't match)rrr7rplistanyall)r!r?rRrnrs @r"ryzPyJWT._validate_audms   G#75>''9: :  wu~,E2 2!%. h,*+FGGos3*+STT?**+LMM  os +./O/40&'FG G ?? ?&'FG G h $ zH >X> >&'?@ @ ?r$c|yd|vr tdt|tr|d|k7r tdy|d|vr tdy)NisszInvalid issuer)rr7rpr)r!r?rSs r"rxzPyJWT._validate_isssc >   +E2 2 fc "u~'()9::(u~V+()9::,r$r)r dict[str, Any] | NonereturnNone)rzdict[str, bool | list[str]])NNNT)r?dict[str, Any]r@z(AllowedPrivateKeys | PyJWK | str | bytesrA str | Noner4rr5type[json.JSONEncoder] | Noner6boolrrp)NN)r?rr4rr5rrbytes) NNNNNNNr)r_ str | bytesr@'AllowedPublicKeys | PyJWK | str | bytesrPSequence[str] | Noner rr` bool | NonerQ bytes | NonerRstr | Iterable[str] | NonerSstr | Sequence[str] | NonerUrrTfloat | timedeltarar rr)rbrrr )r_rr@rrPrr rr`rrQrrRrrUrrSrrTrrar rr )NNNr) r?rr rrUrrTrrr)r?rr rrr)r?rrr)r?rrrfloatrTrrr)r?rrRrrnrrr)r?rrSr rr)__name__ __module__ __qualname__r# staticmethodrr>r=r\r]rir^rqrzr{rurvrwryrxr/r$r"rrs)R     "!%)-6:!$ $ 6$  $ ' $ 4 $ $  $ R*.6: '4   *8:+/)-")-04-1"$%H H5H) H ' HH'H-H+HH"H"#H$ %HT&8:+/)-")-04"-1$%'" '"5'") '" ' '"'"''"-'"'"+'""'""#'"$ %'"Z"$%(((( ((  (("(( ((T77 7  7=& = M M M M  M M M M M  MAAA A  A* 0A0A-0A  0A  0Ad ;r$r)& __future__rrIrVcalendarrcollections.abcrrrrr typingr r rr exceptionsrrrrrrrrrrrPrrapi_jwkrr_jwt_global_objr>r\rir/r$r"rst" .22%   -AN;N;b '   !11   r$