`i}V\UddlmZddlZddlZddlZddlmZddlmZm Z m Z ddl m Z m Z m Z ddlmZmZmZmZddlmZmZdd lmZmZmZmZmZmZmZmZmZdd lm Z ese!ej"d d rddl#Z#e#j$d krddlm%Z%nddl&m%Z%ddl'm(Z(ddl)m*Z*ddl+m,Z,m-Z-m.Z.e(r+ddl'm/Z/m0Z0ee/e*e1e2fZ3de4d<ee0e*e1e2fZ5de4d<n ee*e1e2fZ3de4d<ee*e1e2fZ5de4d<GddZ6e6Z7ee7_8e7j9Z9e7j:Z:e7j;Z;dS)) annotationsN)timegm) ContainerIterableSequence)datetime timedeltatimezone) TYPE_CHECKINGAnyUnioncast)PyJWS_jws_global_obj) DecodeErrorExpiredSignatureErrorImmatureSignatureErrorInvalidAudienceErrorInvalidIssuedAtErrorInvalidIssuerErrorInvalidJTIErrorInvalidSubjectErrorMissingRequiredClaimError)RemovedInPyjwt3Warning SPHINX_BUILD) ) TypeAlias) has_crypto)PyJWK) FullOptionsOptions SigOptions)AllowedPrivateKeysAllowedPublicKeysr AllowedPrivateKeyTypesAllowedPublicKeyTypesceZdZdIdJdZedKdZdLd ZdIdMd Z dNdOdZ dPdQdZ dRdSd2Z dTd4Z dRdUd6Z dVdWd9Z dXd<Z dIdYd=ZdZd>Zd[dAZd[dBZd[dCZdDdEd\dGZd]dHZdS)^PyJWTNoptionsOptions | NonereturnNonec|||_||||_t||_dS)N)r,)_get_default_optionsr,_merge_optionsr_get_sig_options_jwsselfr,s _/home/jaya/work/projects/VOICE-AGENT/VIET/agent-env/lib/python3.11/site-packages/jwt/api_jwt.py__init__zPyJWT.__init__1sX !0022  ..w77DL$"7"7"9"9::: r#c ddddddddgddd S)NTF) verify_signature verify_exp verify_nbf verify_iat verify_aud verify_iss verify_sub verify_jtirequire strict_audenforce_minimum_key_lengthrFr9r7r1zPyJWT._get_default_options9s4!%*/   r9r%cT|jd|jdddS)Nr;rEF)r;rEr,get)r6s r7r3zPyJWT._get_sig_optionsIs6 $ -? @*.,*:*:,e++   r9c||jS|dds|dd|d<|dd|d<|dd|d<|dd|d<|dd|d<|d d|d <|d d|d <i|j|S) Nr;Tr<Fr=r>r?r@rArBrHr5s r7r2zPyJWT._merge_optionsQs ?< {{-t44 E$+KK e$D$DGL !$+KK e$D$DGL !$+KK e$D$DGL !$+KK e$D$DGL !$+KK e$D$DGL !$+KK e$D$DGL !$+KK e$D$DGL !*$,*'**r9HS256Tpayloaddict[str, Any]keyr( algorithm str | Noneheadersdict[str, Any] | None json_encodertype[json.JSONEncoder] | None sort_headersboolstrct|tstd|}dD]T}t||t r*t ||||<Ud|vr*t|dtstd| |||}|j ||||||S)aEncode the ``payload`` as JSON Web Token. :param payload: JWT claims, e.g. ``dict(iss=..., aud=..., sub=...)`` :type payload: dict[str, typing.Any] :param key: a key suitable for the chosen algorithm: * for **asymmetric algorithms**: PEM-formatted private key, a multiline string * for **symmetric algorithms**: plain string, sufficiently long for security :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPrivateKeys` :param algorithm: algorithm to sign the token with, e.g. ``"ES256"``. If ``headers`` includes ``alg``, it will be preferred to this parameter. If ``key`` is a :class:`PyJWK` object, by default the key algorithm will be used. :type algorithm: str or None :param headers: additional JWT header fields, e.g. ``dict(kid="my-key-id")``. :type headers: dict[str, typing.Any] or None :param json_encoder: custom JSON encoder for ``payload`` and ``headers`` :type json_encoder: json.JSONEncoder or None :rtype: str :returns: a JSON Web Token :raises TypeError: if ``payload`` is not a ``dict`` zGExpecting a dict object, as JWT only supports JSON objects as payloads.)expiatnbfisszIssuer (iss) must be a string.)rQrS)rU) isinstancedict TypeErrorcopyrIrr utctimetuplerW_encode_payloadr4encode) r6rLrNrOrQrSrU time_claim json_payloads r7rcz PyJWT.encode`sD'4(( ,  ,,../ Q QJ'++j118<< Q&,WZ-@-M-M-O-O&P&P # G  Jwu~s$C$C <== =++ %,  y     %     r9bytescVtj|d|dS)z Encode a given payload to the bytes to be signed. This method is intended to be overridden by subclasses that need to encode the payload in a different way, e.g. compress the payload. ),:) separatorsclszutf-8)jsondumpsrc)r6rLrQrSs r7rbzPyJWT._encode_payloads3z !    &//  r9rrjwt str | bytesr) algorithmsSequence[str] | Noneverify bool | Nonedetached_payload bytes | Noneaudiencestr | Iterable[str] | Noneissuerstr | Container[str] | Nonesubjectleewayfloat | timedeltakwargsr c  | r>tjdt| td|d} n|dd} |"|| krtjdt d||} d| i}|j ||||| }| |}| || ||| | ||d <|S) u$Identical to ``jwt.decode`` except for return value which is a dictionary containing the token header (JOSE Header), the token payload (JWT Payload), and token signature (JWT Signature) on the keys "header", "payload", and "signature" respectively. :param jwt: the token to be decoded :type jwt: str or bytes :param key: the key suitable for the allowed algorithm :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPublicKeys` :param algorithms: allowed algorithms, e.g. ``["ES256"]`` .. warning:: Do **not** compute the ``algorithms`` parameter based on the ``alg`` from the token itself, or on any other data that an attacker may be able to influence, as that might expose you to various vulnerabilities (see `RFC 8725 §2.1 `_). Instead, either hard-code a fixed value for ``algorithms``, or configure it in the same place you configure the ``key``. Make sure not to mix symmetric and asymmetric algorithms that interpret the ``key`` in different ways (e.g. HS\* and RS\*). :type algorithms: typing.Sequence[str] or None :param jwt.types.Options options: extended decoding and validation options Refer to :py:class:`jwt.types.Options` for more information. :param audience: optional, the value for ``verify_aud`` check :type audience: str or typing.Iterable[str] or None :param issuer: optional, the value for ``verify_iss`` check :type issuer: str or typing.Container[str] or None :param leeway: a time margin in seconds for the expiration check :type leeway: float or datetime.timedelta :rtype: dict[str, typing.Any] :returns: Decoded JWT with the JOSE Header on the key ``header``, the JWS Payload on the key ``payload``, and the JWS Signature on the key ``signature``. zypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs:  stacklevelNTr;zThe `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)categoryr)rNrpr,rt)rvrxr{rzrL) warningswarntuplekeysrrIDeprecationWarningr2r4decode_complete_decode_payload_validate_claims)r6rnrNrpr,rrrtrvrxrzr{r}r;merged_options sig_optionsdecodedrLs r7rzPyJWT.decode_completesUr   M>',V[[]]';';>>'      ?#  &{{+=tDD   &,<"<"< MY,     ,,W55  0# )++ !- ,  &&w//       % r9rc tj|d}n%#t$r}td||d}~wwxYwt |t std|S)a Decode the payload from a JWS dictionary (payload, signature, header). This method is intended to be overridden by subclasses that need to decode the payload in a different way, e.g. decompress compressed payloads. rLzInvalid payload string: Nz-Invalid payload string: must be a json object)rlloads ValueErrorrr]r^)r6rrLes r7rzPyJWT._decode_payload"s E&*j1C&D&DGG E E E<<<==1 D E'4(( OMNN Ns ?:?'AllowedPublicKeys | PyJWK | str | bytesc | r>tjdt| td|||||||||| |  } t tttf| dS)uVerify the ``jwt`` token signature and return the token claims. :param jwt: the token to be decoded :type jwt: str or bytes :param key: the key suitable for the allowed algorithm :type key: str or bytes or PyJWK or :py:class:`jwt.algorithms.AllowedPublicKeys` :param algorithms: allowed algorithms, e.g. ``["ES256"]`` If ``key`` is a :class:`PyJWK` object, allowed algorithms will default to the key algorithm. .. warning:: Do **not** compute the ``algorithms`` parameter based on the ``alg`` from the token itself, or on any other data that an attacker may be able to influence, as that might expose you to various vulnerabilities (see `RFC 8725 §2.1 `_). Instead, either hard-code a fixed value for ``algorithms``, or configure it in the same place you configure the ``key``. Make sure not to mix symmetric and asymmetric algorithms that interpret the ``key`` in different ways (e.g. HS\* and RS\*). :type algorithms: typing.Sequence[str] or None :param jwt.types.Options options: extended decoding and validation options Refer to :py:class:`jwt.types.Options` for more information. :param audience: optional, the value for ``verify_aud`` check :type audience: str or typing.Iterable[str] or None :param subject: optional, the value for ``verify_sub`` check :type subject: str or None :param issuer: optional, the value for ``verify_iss`` check :type issuer: str or typing.Container[str] or None :param leeway: a time margin in seconds for the expiration check :type leeway: float or datetime.timedelta :rtype: dict[str, typing.Any] :returns: the JWT claims zppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: rr)rrrtrvrzrxr{rL) rrrrrrrr^rWr ) r6rnrNrpr,rrrtrvrzrxr{r}rs r7decodez PyJWT.decode2sr   M>',V[[]]';';>>'     &&    -'   DcNGI$6777r9Iterable[str] | str | NoneContainer[str] | str | Nonec<t|tr|}|+t|ttfst d|||dtjtj  }d|vr|dr| |||d|vr|dr| |||d|vr|d r|||||d r||||d r,||||d d |dr||||dr||dSdS)Nz+audience must be a string, iterable or NonerC)tzrZr>r[r=rYr<r@r?rDFstrictrArB)r]r total_secondsrWrr__validate_required_claimsrnowr utc timestamp _validate_iat _validate_nbf _validate_exp _validate_iss _validate_audrI _validate_sub _validate_jti)r6rLr,rvrxrzr{rs r7rzPyJWT._validate_claimss fi ( ( ,))++F   8c8_(M(M IJJ J &&w 0BCCClhl+++5577 G   5    wV 4 4 4 G   5    wV 4 4 4 G   5    wV 4 4 4 <  0   w / / / <     '++lE*J*J     <  1   w 0 0 0 <  (   w ' ' ' ' ' ( (r9claims Iterable[str]cX|D]&}||t|'dSN)rIr)r6rLrclaims r7rzPyJWT._validate_required_claimssB  7 7E{{5!!)/666* 7 7r9cd|vrdSt|dtstd|(|d|krtddSdS)z Checks whether "sub" if in the payload is valid or not. This is an Optional claim :param payload(dict): The payload which needs to be validated :param subject(str): The subject of the token subNzSubject must be a stringzInvalid subject)r]rWrrI)r6rLrzs r7rzPyJWT._validate_subst    F'%.#.. B%&@AA A  {{5!!W,,)*;<<<  ,,r9cd|vrdSt|dtstddS)z Checks whether "jti" if in the payload is valid or not This is an Optional claim :param payload(dict): The payload which needs to be validated jtiNzJWT ID must be a string)r]rIrWr)r6rLs r7rzPyJWT._validate_jtisK    F'++e,,c22 =!";<< < = =r9rfloatc t|d}n#t$rtddwxYw|||zkrtddS)NrZz)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))intrrr)r6rLrr{rZs r7rzPyJWT._validate_iatsu  gen%%CC   &;   #,  ()KLL L 3c t|d}n#t$rtddwxYw|||zkrtddS)Nr[z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))rrrr)r6rLrr{r[s r7rzPyJWT._validate_nbfst  Vgen%%CC V V VJKKQU U V #,  ()KLL L rc t|d}n#t$rtddwxYw|||z krtddS)NrYz/Expiration Time claim (exp) must be an integer.zSignature has expired)rrrr)r6rLrr{rYs r7rzPyJWT._validate_expsu  gen%%CC   A   3< '(?@@ @ ! rFrrc|d|vs|dsdStdd|vs|dstd|d|r_t|tstdttstd|krtddSttrgttstdt dDrtdt|tr|g}t fd|Drtd dS) NaudzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc3BK|]}t|t VdSr)r]rW).0cs r7 z&PyJWT._validate_aud..-s/??!:a%%%??????r9c3 K|]}|vV dSrrF)rraudience_claimss r7rz&PyJWT._validate_aud..3s(>>cs/)>>>>>>r9zAudience doesn't match)rrr]rWlistanyall)r6rLrvrrs @r7rzPyJWT._validate_auds  G##75>#''9:: :   wu~ ,E22 2!%.  h,, H*+FGGGos33 U*+STTT?***+LMMM F os + + 0./O/400 H&'FGG G ????? ? ? H&'FGG G h $ $ " zH >>>>X>>> > > A&'?@@ @ A Ar9cH|dSd|vrtd|d}t|tstdt|tr||krtddS ||vrtddS#t$rtddwxYw)Nr\z%Payload Issuer (iss) must be a stringzInvalid issuerz.Issuer param must be "str" or "Container[str]")rr]rWrr_)r6rLrxr\s r7rzPyJWT._validate_iss6s > F   +E22 2en#s## N$%LMM M fc " " f}}()9:::} f$$,-=>>>%$   (D s 1BB!r)r,r-r.r/)r.r#)r.r%)r,r-r.r#)rKNNT)rLrMrNr(rOrPrQrRrSrTrUrVr.rW)NN)rLrMrQrRrSrTr.rf) rNNNNNNNr)rnrorNr)rprqr,r-rrrsrtrurvrwrxryrzrPr{r|r}r r.rM)rrMr.rM)rnrorNrrprqr,r-rrrsrtrurvrwrzrPrxryr{r|r}r r.rM)NNNr)rLrMr,r#rvrrxrrzrPr{r|r.r/)rLrMrrr.r/)rLrMrzrPr.r/)rLrMr.r/)rLrMrrr{rr.r/)rLrMrvrwrrVr.r/)rLrMrxrr.r/)__name__ __module__ __qualname__r8 staticmethodr1r3r2rcrbrrrrrrrrrrrrrFr9r7r+r+0sM;;;;;    \       + + + + +&!()-6:!@ @ @ @ @ J*.6: *&(+/"&")-04.2"$%lllll\&8:+/"&")-04".2$%M8M8M8M8M8f04.2"$%((((((((((T7777>B=====* = = = = M M M M M M M MAAAA* 0A0A0A0A0A0Adr9r+)< __future__rrlosrcalendarrcollections.abcrrrrr r typingr r r rapi_jwsrr exceptionsrrrrrrrrrrrVgetenvsys version_infor typing_extensionsrpr!api_jwkr"typesr#r$r%r&r'rWrfr(__annotations__r)r+_jwt_global_objr4rcrrrFr9r7rs""""""" 99999999992222222222222222222222++++++++                      -,,,,,DDD>26677DJJJ 7""$$$$$$$ 0/////&&&&&&7777777777DEEEEEEEE,12DeSRW2W,XXXXX+01BE3PU1U+VVVVVV,1%e2C,DDDDD+0U1B+CCCCC]]]]]]]]@%''&  !1  r9