`ibUddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z m Z mZmZmZmZddlmZddlmZmZddlmZmZmZmZmZmZmZmZm Z  dd l!m"Z"m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4ddl5m6Z6m7Z7ddl8m9Z9m:Z:ddl;mZ>m?Z?m@Z@mAZAmBZBmCZCddlDmEZEmFZFmGZGmHZHmIZImJZJmKZKefZLe1e3fZMe9e:e6e7fZNeLeMzeNzZOee3e:e7fZQe seRejSddrddlTZTeTjUdkrddl mVZVnddlWmVZVddlXmYZYmZZZeefZ[de\d<ee1e3fZ]de\d<ee9e:e6e7fZ^de\d<ee[e]e^fZ_de\d<eee3e:e7fZade\d<dZbn #ec$rdZbYnwxYwhd Zdd2d#ZeGd$d%eZfGd&d'efZgGd(d)efZhebr:Gd*d+efZiGd,d-efZjGd.d/eiZkGd0d1efZldSdS)3) annotationsN)ABCabstractmethod) TYPE_CHECKINGAnyClassVarLiteralNoReturnUnioncastoverloadInvalidKeyError) HashlibHashJWKDict) base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uint is_pem_format is_ssh_keyraw_to_der_signatureto_base64url_uint)InvalidSignatureUnsupportedAlgorithm)default_backend)hashes)padding) ECDSA SECP256K1 SECP256R1 SECP384R1 SECP521R1 EllipticCurveEllipticCurvePrivateKeyEllipticCurvePrivateNumbersEllipticCurvePublicKeyEllipticCurvePublicNumbers)Ed448PrivateKeyEd448PublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_key SPHINX_BUILD) ) TypeAlias)PrivateKeyTypesPublicKeyTypesrBAllowedRSAKeys AllowedECKeysAllowedOKPKeys AllowedKeysAllowedPrivateKeysAllowedPublicKeysTF> ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kreturndict[str, Algorithm]cXtttjttjttjd}t rI|ttjttjttjttjtttjtttjtttjtttjtttjttjttjtd |S)zE Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rSrTrUrKrVrLrNrMrPrQrRrO) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmr#r"r$r%RSAPSSAlgorithm OKPAlgorithm)default_algorithmss b/home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/jwt/algorithms.pyget_default_algorithmsrks( }344}344}344 00 !!%l&9::%l&9::%l&9::$[%7CC%k&8)DD$[%7CC$[%7CC$& ))?@@()?@@()?@@%     & cHeZdZUdZdZded<d$dZd%d Zed&dZ ed'dZ ed(dZ e e ed)dZe e e d*d+dZe ed*d,dZe ed-d!Zd.d#ZdS)/ AlgorithmzH The interface for an algorithm used to sign and verify tokens. Nz$tuple[type[AllowedKeys], ...] | None_crypto_key_typesbytestrbytesrWct|dd}|ttrt|trzt |t jr`t j|t}| |t| St|| S)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrc isinstancetype issubclassr HashAlgorithmHashrrdrqfinalizedigest)selfrprsr}s rjcompute_hash_digestzAlgorithm.compute_hash_digests4T22  % %  58T** 58V%9:: 5 [_5F5FGGGF MM' " " "**++ +'**113344 4rlkey PublicKeyTypes | PrivateKeyTypesNonectr|jtdt||jsAd|jD}|jj}|jj}t d|d|d|dS)acCheck that the key belongs to the right cryptographic family. Note that this method only works when ``cryptography`` is installed. :param key: Potentially a cryptography key :type key: :py:data:`PublicKeyTypes ` | :py:data:`PrivateKeyTypes ` :raises ValueError: if ``cryptography`` is not installed, or this method is called by a non-cryptography algorithm :raises InvalidKeyError: if the key doesn't match the expected key classes NzhThis method requires the cryptography library, and should only be used by cryptography-based algorithms.c3$K|] }|jV dSN)__name__).0clss rj z2Algorithm.check_crypto_key_type..s$LLcS\LLLLLLrlzExpected one of z, got: z. Invalid Key type for )rcro ValueErrorrw __class__rr)r~r valid_classes actual_class self_classs rjcheck_crypto_key_typezAlgorithm.check_crypto_key_types T3;z #t566 LLT5KLLLM=1L0J!j=jjjj^hjj    rlrcdS)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nr~rs rj prepare_keyzAlgorithm.prepare_keyrlmsgcdS)zn Returns a digital signature for the specified message using the specified key value. Nrr~rrs rjsignzAlgorithm.signrrlsigboolcdS)zz Verifies that the specified digital signature is valid for the specified message and key values. Nrr~rrrs rjverifyzAlgorithm.verifyrrlkey_objas_dict Literal[True]rcdSrrrrs rjto_jwkzAlgorithm.to_jwk s BErlFLiteral[False]strcdSrrrs rjrzAlgorithm.to_jwks crl JWKDict | strcdS)z3 Serializes a given key into a JWK Nrrs rjrzAlgorithm.to_jwkrrljwk str | JWKDictcdS)zJ Deserializes a given key from JWK back into a key object Nrrs rjfrom_jwkzAlgorithm.from_jwkrrl str | NonecdS)z Return a warning message if the key is below the minimum recommended length for this algorithm, or None if adequate. Nrrs rjcheck_key_lengthzAlgorithm.check_key_length#s trl)rprqrWrq)rrrWr)rrrWr)rrqrrrWrq)rrqrrrrqrWr)rrrrrWrF)rrrrrWr)rrrrrWr)rrrWr)rrrWr)r __module__ __qualname____doc__ro__annotations__rrrrrrr staticmethodrrrrrlrjrnrns ?CBBBB5555,.   ^    ^    ^ DDD^\XE 05^\X    ^\    ^\ rlrnc\eZdZdZddZdd Zdd ZedddZeddZ dS)r^zZ Placeholder for use when no signing or verification operations are required. rrrWrc8|dkrd}|td|S)Nr?z*When alg = "none", key value must be None.rrs rjrzNoneAlgorithm.prepare_key1s) "99C ?!"NOO O rlrrqcdS)Nrlrrs rjrzNoneAlgorithm.sign:ssrlrrcdS)NFrrs rjrzNoneAlgorithm.verify=surlFrrrr ctrrvrs rjrzNoneAlgorithm.to_jwk@!###rlrrctrrrs rjrzNoneAlgorithm.from_jwkDrrlN)rrrWr)rrqrrrWrq)rrqrrrrqrWrr)rrrrrWr )rrrWr ) rrrrrrrrrrrrlrjr^r^+s $$$$\$$$$\$$$rlr^ceZdZUdZejZded<ejZ ded<ej Z ded<d%d Z d&dZ eed'dZeed(d)dZed(d*dZed+dZd,dZd-d!Zd.d#Zd$S)/r_zf Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]r`rarbrsrrWrc||_dSrrsr~rss rj__init__zHMACAlgorithm.__init__Ss   rlr str | bytesrqc~t|}t|st|rtd|S)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrr)r~r key_bytess rjrzHMACAlgorithm.prepare_keyVsM$$  # # z)'<'< !9  rlrrrrcdSrrrs rjrzHMACAlgorithm.to_jwkasILrlFrrcdSrrrs rjrzHMACAlgorithm.to_jwkesNQcrlrrctt|dd}|r|Stj|S)Noct)kkty)rrdecodejsondumps)rrrs rjrzHMACAlgorithm.to_jwkisO"+g"6"677>>@@    #J:c?? "rlrrcN t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt dt|dS)NKey is not valid JSONrrzNot an HMAC keyr) rwrrloadsdictrrgetr)robjs rjrzHMACAlgorithm.from_jwkus E#s## !#z#C&& !   E E E!"9:: D E 775>>U " "!"344 4C))) A A A'rc|j}t||krBdt|d|d|jdSdS)NzThe HMAC key is z> bytes long, which is below the minimum recommended length of z bytes for z. See RFC 7518 Section 3.2.)rs digest_sizelennameupper)r~r min_lengths rjrzHMACAlgorithm.check_key_lengths|]]__0 s88j -3s88--5?--==??'--//---  trlrc\tj|||jSr)hmacnewrsr}rs rjrzHMACAlgorithm.signs$xS$-0077999rlrcTtj||||Sr)rcompare_digestrrs rjrzHMACAlgorithm.verifys#"3 #s(;(;<<>*7955<<>>*7955<<>>+GL99@@BB+GL99@@BB+GL99@@BB  (++ E!0022! (z*7955<<>>*7955<<>> &&CDDD ' z#&rlrrc > t|trtj| nt|tr| nt n#t $rt ddwxYw ddkrt ddd vrd vrd vrd vrt d gd } fd |D}t|}|rt|st d dtt dt d}|rtt dt d t dt dt dt d|}nst d}t|j||j\}}t|||t!||t#||t%|||}|Sd vrLd vrHtt dt dSt d)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrcg|]}|vSrr)rproprs rj z)RSAAlgorithm.from_jwk..sCCCtts{CCCrlz@RSA key must include all parameters if any are present besides drrrrr)rrrrrr rr)rwrrrrrrranyallr2rr0r6rrr3r4r5rr) r other_props props_foundany_props_foundrr rrrrs @rjrzRSAAlgorithm.from_jwks Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~&&%&677TAczzcSjjSCZZC<<)O;:: CCCC{CCC "%k"2"2" 3{+;+; )Z "2'C11'C11"" #/-c#h77-c#h77-c#h770T;;0T;;0T;;'5GG,CH55A4&(!^-=DAq0)!Q//)!Q//)!Q//'5G**,,,s ''C11'C11*,, &&CDDDs A A A(rrqr/cz||tj|}|Sr)rr PKCS1v15rsr~rr signatures rjrzRSAAlgorithm.signHs."xxW-=-?-?QQI rlr1rc |||tj|dS#t$rYdSwxYw)NTF)rr rrsrrs rjrzRSAAlgorithm.verifyLsW  3W%5%7%7IIIt#   uu s;? A  A N)rsrrWr)rrErWr)rrrWrE)rrErrrWrr)rrErrrWr)rrErrrWr)rrrWrErrqrr/rWrqrrqrr1rrqrWr)rrrrrr`rrarbALLOWED_RSA_KEY_TYPESrorrrrr rrrrrrrlrjreresh  8>}DDDD7=}DDDD7=}DDDD1'+ ++++ % % % %        <  SSS  S  XXXX  X $ '$ '$ '$ ' $ 'L E EE EE E E EN          rlreceZdZUdZejZded<ejZded<ejZded<e Z d(d)d Z d*dZ d+dZ d,dZd-dZeed.dZeed/d0d"Zed/d1d$Zed2d'ZdS)3rfzr Performs signing and verification operations using ECDSA and the specified hash function rr`rarbNrsrexpected_curvetype[EllipticCurve] | NonerWrc"||_||_dSr)rsr)r~rsrs rjrzECAlgorithm.__init___s %DM"0D   rlrrFc|jdSt|j|js*td|jjd|jjddS)z9Validate that the key's curve matches the expected curve.NzThe key's curve 'z%' does not match the expected curve 'z' for this algorithm)rrwcurverrrs rj_validate_curvezECAlgorithm._validate_curvegsv"*ci)<== %M MM"16MMM  rlAllowedECKeys | str | bytesc~t||jr|||St|ttfst dt |} |drt|}nt|}| |tt|}|||S#t$rUt|d}| |tt|}|||cYSwxYw)Nrs ecdsa-sha2-r)rwror#rqrrrrr=r<rr r)rr;r')r~rrr ec_public_keyrec_private_keys rjrzECAlgorithm.prepare_keyrsL#t566 $$S))) cE3<00 B @AAA#C((I  &''77@1DY1O1OJJ!4Y!?!?J**:666 $%;Z H H $$]333$$ & & &29tLLL **;777!%&={!K!K$$^444%%%%  &s(A4CAD<;D<rrqr'c||t|}t||jSr)rr!rsrr")r~rrder_sigs rjrzECAlgorithm.signs7hhsE$--//$:$:;;G';; ;rlrrc< t||j}n#t$rYdSwxYw t|tr|n|}|||t|dS#t$rYdSwxYw)NFT) rr"rrwr'rrr!rsr)r~rrrr)rs rjrzECAlgorithm.verifys .sCI>>   uu  "#'>??CNN$$$ !!'3dmmoo0F0FGGGt#   uu s &&A!B BBrrrrcdSrrrs rjrzECAlgorithm.to_jwksORsrlFrrcdSrrrs rjrzECAlgorithm.to_jwksTWTWrlrct|tr'|}n9t|tr|}nt dt|jtrd}nnt|jtrd}nQt|jtrd}n4t|jtrd}nt d|jd|t|j |jj t|j|jj d }t|trGt|j|jj |d <|r|St%j|S) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rwr'rrr)rr"r#r$r%r"rr6rrr7r private_valuerr)rrrr5rs rjrzECAlgorithm.to_jwks'#:;; E!(!3!3!5!5!D!D!F!FG%;<< E!(!7!7!9!9%&CDDD'-33 IGM955 IGM955 IGM955 I!%&G &G&GHHH&"$&}5&((&"$&}5&(( # #C'#:;; ,++--;&}5&((C  ' z#&rlrrc t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt ddd|vsd|vrt ddt|d}t|d}|d}|dkrJt|t|cxkrd krnnt}nt d d|d krIt|t|cxkrd krnnt}nt d d|dkrIt|t|cxkrdkrnnt}npt dd|dkrHt|t|cxkrd krnnt}n!t dt d|tt|dt|d|}d|vr|St|d}t|t|krt dt||t%t|d|S)Nrrr3zNot an Elliptic curve keyr6r7r5r. z)Coords should be 32 bytes for curve P-256r/0z)Coords should be 48 bytes for curve P-384r0Bz)Coords should be 66 bytes for curve P-521r1z-Coords should be 32 bytes for curve secp256k1r2big) byteorder)r6r7r"rz!D should be {} bytes for curve {})rwrrrrrrrrrr#r$r%r"r*int from_bytesrr(r)rrr6r7r" curve_objrrs rjrzECAlgorithm.from_jwksg Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~%%%&ABBL#~~C%&ABBL ..A ..AGGENNEq66SVV))))r))))) ) II)C '!!q66SVV))))r))))) ) II)C '!!q66SVV))))r))))) ) II)C +%%q66SVV))))r))))) ) II)G&&?&?&?@@@7..e.44..e.44N #~~%00222 ..A1vvQ%7Q/qE22Nkmm rr)rsrrrrWr)rrFrWr)rr$rWrF)rrqrr'rWrq)rrqrrFrrqrWr)rrFrrrWrr)rrFrrrWr)rrFrrrWr)rrrWrF)rrrrrr`rrarbALLOWED_EC_KEY_TYPESrorr#rrrr rrrrrlrjrfrfSs^  8>}DDDD7=}DDDD7=}DDDD0 :> 1 1 1 1 1     & & & &> < < < <     "  RRR  R  WWWW  W ) ') ') ') ' ) 'V G G G  G G G rlrfc"eZdZdZd dZdd Zd S)rgzA Performs a signature using RSASSA-PSS with MGF1 rrqrr/rWc ||tjtj||j|}|S)Nmgf salt_length)rr PSSMGF1rsrrs rjrzRSAPSSAlgorithm.sign*sd"xx  T]]__55 $  ;    I rlr1rrc  |||tjtj||j|dS#t $rYdSwxYw)NrETF)rr rHrIrsrrrs rjrzRSAPSSAlgorithm.verify5s  K#L99$(MMOO$?MMOOt#   uu sA9A== B  B Nrr)rrrrrrrrlrjrgrg%sF            rlrgceZdZdZeZd!dZd"d Zd#dZd$dZ e e d%dZ e e d&d'dZ e d&d(dZ e d)dZ d S)*rhz Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. kwargsrrWrc dSrr)r~rLs rjrzOKPAlgorithm.__init__Ms DrlrAllowedOKPKeys | str | bytesrGct|ttfs|||St|tr|dn|}t|tr|dn|}d|vrt |}nCd|vrt|d}n-|dddkrt|}ntd||td |S) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-rrG) rwrrqrrencoder<r;r=rr )r~rkey_strr loaded_keys rjrzOKPAlgorithm.prepare_keyPscC<00 **3/// -7U-C-CLcjj)))G/9#s/C/CL 7+++I#g--0;; %001)dKKK 1''0;; %&CDDD  & &z 2 2 2(*55 5rlrr#Ed25519PrivateKey | Ed448PrivateKeyrqct|tr|dn|}||}|S)aS Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes rP)rwrrRr)r~rr msg_bytesrs rjrzOKPAlgorithm.signfs@0:#s/C/CL 7+++I"xx 22I rlrrcj t|tr|dn|}t|tr|dn|}t|ttfr|n|}|||dS#t$rYdSwxYw)a Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rPTF)rwrrRr-r+rrr)r~rrrrW sig_bytesrs rjrzOKPAlgorithm.verifyts 3=c33G3GPCJJw///S 3=c33G3GPCJJw///S "#(9?'KLLCNN$$$ !!)Y777t#   uu sB B$$ B21B2rrrcdSrrrrs rjrzOKPAlgorithm.to_jwksLOCrlFrrcdSrrr[s rjrzOKPAlgorithm.to_jwksQTQTrlrct|ttfr|tjt j}t|trdnd}tt| d|d}|r|Stj |St|ttfr|tjtjt!}|tjt j}t|trdnd}tt| tt| d|d}|r|Stj |St%d) N)encodingformatEd25519Ed448OKP)r6rr5)r^r_encryption_algorithm)r6rrr5r)rwr.r, public_bytesr7Rawr:rrrrrr-r+ private_bytesr9r8rr)rrr6r5rrs rjrzOKPAlgorithm.to_jwks# 0.ABB +$$%\'+%$.c3C#D#DQii'*+a..99@@BB  +J:c??*# 1?CDD +%%%\(,)5& NN$$11%\'+2 $.c3D#E#ERii7)+a..99@@BB)+a..99@@BB  +J:c??*!"?@@ @rlrrc> t|trtj|}nt|tr|}nt n#t $rt ddwxYw|ddkrt d|d}|dkr|dkrt d|d |vrt d t|d } d |vr.|dkrtj |Stj |St|d }|dkrtj |Stj |S#t $r}t d |d}~wwxYw) NrrrbzNot an Octet Key Pairr5r`rar2r6zOKP should have "x" parameterrzInvalid key parameter)rwrrrrrrrrr.from_public_bytesr,r-from_private_bytesr+)rrr"r6rerrs rjrzOKPAlgorithm.from_jwks Ic3''%*S//CCT**%CC$$ I I I%&=>>DH Iwwu~~&&%&=>>>GGENNE !!ew&6&6%&?&?&?@@@#~~%&EFFF ..A Hc>> ))/A!DDD);A>>>$SWWS\\22I%%,?BBB&9!<<< H H H%&=>>CG Hs6A A A';E=E=-;E=)E== FFFN)rLrrWr)rrNrWrG)rrrrUrWrq)rrrrGrrrWr)rrGrrrWrr)rrGrrrWr)rrGrrrWr)rrrWrG)rrrrALLOWED_OKP_KEY_TYPESrorrrrr rrrrrlrjrhrhDs   2     6 6 6 6,        4  OOO  O  TTTT  T , A, A, A, A , A\  H H H  H H Hrlrh)rWrX)m __future__rrrrosabcrrtypingrrrr r r r r exceptionsrtypesrrutilsrrrrrrrrrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricr ,cryptography.hazmat.primitives.asymmetric.ecr!r"r#r$r%r&r'r(r)r*/cryptography.hazmat.primitives.asymmetric.ed448r+r,1cryptography.hazmat.primitives.asymmetric.ed25519r-r.-cryptography.hazmat.primitives.asymmetric.rsar/r0r1r2r3r4r5r6,cryptography.hazmat.primitives.serializationr7r8r9r:r;r<r=rrBrkALLOWED_KEY_TYPESALLOWED_PRIVATE_KEY_TYPESALLOWED_PUBLIC_KEY_TYPESrgetenvsys version_inforBtyping_extensions/cryptography.hazmat.primitives.asymmetric.typesrCrDrErrFrGrHrIrJrcModuleNotFoundErrorrequires_cryptographyrkrnr^r_rerfrgrhrrlrjrs""""""" ########                    ('''''''''''''                      iNNNNNNNN<<<<<<555555AAAAAA                                            +L935KL   447LL  !    YRY~r::;;   w & & ( ( ( ( ( ( ( 4 3 3 3 3 3        %*-*E$FFFFF#( #%; ;$     %* /. P%     "'~}n'T!U UUUU(- 24E V)     (- 02BN R(     JJJJJ    DiiiiiiiiX$$$$$I$$$bHbHbHbHbHybHbHbHbHbHY N HN HsD-FFF