_.@s8ddlZddlZddlmZddlmZddlmZddlmZddlm Z ddlm Z dd lm Z dd l m Z dd l mZdd l mZdd l mZddl mZddlmZddlmZddlmZGdddeZGdddeZdS)N)datetime) number_types) _CompactJSON)json) base64_decode) base64_encode) want_bytes)BadData) BadHeader) BadPayload) BadSignature)SignatureExpired) Serializer) HMACAlgorithm) NoneAlgorithmc@seZdZdZdeejdeejdeejde iZ dZ e Z ddddddddZdd d d Zd d ZddZddddZddZddddZdd ddZdd ddZdS)JSONWebSignatureSerializerzrThis serializer implements JSON Web Signature (JWS) support. Only supports the JWS Compact Serialization. ZHS256ZHS384ZHS512noneNcCsetj|d|d|d|d|d|d||dkrF|j}||_|j||_dS)N secret_keysalt serializerserializer_kwargssigner signer_kwargs)r__init__default_algorithmalgorithm_namemake_algorithm algorithm)selfrrrrrrrr 8/tmp/pip-build-5gj8f0j9/itsdangerous/itsdangerous/jws.pyr&s    z#JSONWebSignatureSerializer.__init__Fc /Csst|}d|kr$td|jdd\}}yt|}Wn7tk r}ztdd|WYdd}~XnXyt|}Wn7tk r}ztdd|WYdd}~XnXytj||dt} Wn7t k r%}ztdd|WYdd}~XnXt | t sGtd d | tj||d|}|ro|| fS|S) N.zNo "." found in valuerz:Could not base64 decode the header because of an exceptionoriginal_errorz;Could not base64 decode the payload because of an exceptionrz5Could not unserialize header because it was malformedz#Header payload is not a JSON objectheader) r r splitr Exceptionr r load_payloadrr isinstancedict) rpayloadr return_headerbase64d_headerbase64d_payloadZ json_headereZ json_payloadr$r r r!r'>s8    z'JSONWebSignatureSerializer.load_payloadcCsHt|jj||j}t|jj||j}|d|S)Nr")rrdumpsr)rr$objr,r-r r r! dump_payload_s z'JSONWebSignatureSerializer.dump_payloadc Cs4y|j|SWntk r/tdYnXdS)NzAlgorithm not supported)jws_algorithmsKeyErrorNotImplementedError)rrr r r!rhs z)JSONWebSignatureSerializer.make_algorithmc Csj|dkr|j}|dkr'dnd}|dkrB|j}|j|jd|ddd|d|S)Nrrsep.key_derivationr)rrrr)rrrr7r r r! make_signerns     z&JSONWebSignatureSerializer.make_signercCs)|r|jni}|j|d<|S)Nalg)copyr)r header_fieldsr$r r r! make_header|s z&JSONWebSignatureSerializer.make_headercCs=|j|}|j||j}|j|j||S)zLike :meth:`.Serializer.dumps` but creates a JSON Web Signature. It also allows for specifying additional fields to be included in the JWS header. )r<r8rsignr1)rr0rr;r$rr r r!r/sz JSONWebSignatureSerializer.dumpscCs}|j|j||jjt|dd\}}|jd|jkritdd|d||ry||fS|S)z{Reverse of :meth:`dumps`. If requested via ``return_header`` it will return a tuple of payload and header. r+Tr9zAlgorithm mismatchr$r*)r'r8rZunsignr getrr )rsrr+r*r$r r r!loadss$ z JSONWebSignatureSerializer.loadscCs"d|i}|j||||S)Nr+)Z_loads_unsafe_impl)rr?rr+kwargsr r r! loads_unsafes z'JSONWebSignatureSerializer.loads_unsafe)__name__ __module__ __qualname____doc__rhashlibsha256sha384sha512rr2rrZdefault_serializerrr'r1rr8r<r/r@rBr r r r!rs* !   rc@saeZdZdZdZdddZddZddd d Zd d Zd dZ dS)TimedJSONWebSignatureSerializeraWorks like the regular :class:`JSONWebSignatureSerializer` but also records the time of the signing and can be used to expire signatures. JWS currently does not specify this behavior but it mentions a possible extension like this in the spec. Expiry date is encoded into the header similar to what's specified in `draft-ietf-oauth -json-web-token `_. iNcKs5tj||||dkr(|j}||_dS)N)rrDEFAULT_EXPIRES_IN expires_in)rrrMrAr r r!rs  z(TimedJSONWebSignatureSerializer.__init__cCsCtj||}|j}||j}||d<||d<|S)Niatexp)rr<nowrM)rr;r$rNrOr r r!r<s     z+TimedJSONWebSignatureSerializer.make_headerFcCstj|||dd\}}d|kr?tdd|tdd|}yt|d|dr(rrutcfromtimestamprQ)rr$rvr r r!rSsz.TimedJSONWebSignatureSerializer.get_issue_datecCsttjS)N)rQtime)rr r r!rPsz#TimedJSONWebSignatureSerializer.now) rCrDrErFrLrr<r@rSrPr r r r!rKs   rK)rGrVr_compatr_jsonrrencodingrrr excr r r r rrrrrrrrKr r r r!s$