o h9Ra7@sdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZddlZddlZddlmZddlmZddlmZddlmZddlmZdd lmZmZmZeeZ Gd d d ej!ej"d Z#e#j$Gd dde#Z%e#j$Gddde#Z&e#j$Gddde#Z'dS) JSON Web Key.N) DictOptionalSequenceTypeUnionCallableAnyTupleMapping)default_backend)hashes) serialization)ec)rsa)errors json_utilutilc @seZdZUdZdZiZeeedfe d<dZ e ee dfe d< e Zeee d< dd d d Zeeeeeeeeffe d <e e d <ejfdegejfdefddZejdddZe  ddedeedee de fddZe  ddedeedee ddfddZ dS)JWKrktyTYPES.cryptography_key_typesrequiredN),:T)indent separators sort_keys_thumbprint_json_dumps_paramskey hash_functionreturncsNtj|td}|tjfddDfij | S)zgCompute JWK Thumbprint. https://tools.ietf.org/html/rfc7638 :returns: bytes )backendcs i|] \}}|jvr||qSr)r).0kvselfr,/usr/lib/python3/dist-packages/josepy/jwk.py 7s z"JWK.thumbprint..) r Hashr updatejsondumpsto_jsonitemsrencodefinalize)r(r!digestrr'r) thumbprint,s zJWK.thumbprintcCst)ziGenerate JWK with public key. For symmetric cryptosystems, this would return ``self``. )NotImplementedErrorr'rrr) public_key<szJWK.public_keydatapasswordr#c Cs|durtn|}i}tjtjfD](}z ||||WStttjjfy9}z ||t |<WYd}~qd}~wwtj tj fD]&}z|||WSttjjfyf}z ||t |<WYd}~q@d}~wwt d|)NzUnable to deserialize key: {0})r rload_pem_private_keyload_der_private_key ValueError TypeError cryptography exceptionsUnsupportedAlgorithmstrload_pem_public_keyload_der_public_keyrErrorformat)clsr7r8r#r>loader_privateerror loader_publicrrr)_load_cryptography_keyEs2  zJWK._load_cryptography_keyc Csz ||||}Wntjy'}ztd|t|dWYd}~Sd}~ww|jtur>t||j s>td |j |j |j D]}t||j rR||dSqCtd |j )aLoad serialized key as JWK. :param str data: Public or private key serialized as PEM or DER. :param str password: Optional password. :param backend: A `.PEMSerializationBackend` and `.DERSerializationBackend` provider. :raises errors.Error: if unable to deserialize, or unsupported JWK algorithm :returns: JWK of an appropriate type. :rtype: `JWK` z,Loading symmetric key, asymmetric failed: %sr Nz"Unable to deserialize {0} into {1}zUnsupported algorithm: {0})rIrrCloggerdebugJWKOcttypNotImplemented isinstancerrD __class__rvalues)rEr7r8r#r rGjwk_clsrrr)load`s   zJWK.load)r"r)NN)!__name__ __module__ __qualname____doc__type_field_namerrr@r__annotations__rr r rOrrrrrintboolr SHA256r HashAlgorithmbytesr4abcabstractmethodr6 classmethodrIrTrrrr)rsJ (     r) metaclassc@sjeZdZUdZdZdZdejfZe e d<de e e ffddZ ed ee efddfd d Zdd d ZdS)rMzSymmetric JWK.octrJr%r r"cCsdt|jiS)Nr%)rencode_b64joser r'rrr)fields_to_partial_jsonszJWKOct.fields_to_partial_jsonjobjcCs|t|ddS)Nr%rJ)rdecode_b64joserErgrrr)fields_from_jsonszJWKOct.fields_from_jsoncCs|SNrr'rrr)r6szJWKOct.public_keyN)r"rM)rUrVrWrXrN __slots__rrYrr_rZrr@rfrbr r rjr6rrrr)rMs  rMcseZdZUdZdZejejfZdZ de j dfZ e jjed<deded d ffd d Zed ed efddZed ed efddZdddZedeeefd dfddZd eeeffddZZS)JWKRSAzRSA JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` wrapped in :class:`~josepy.util.ComparableRSAKey` RSArJenr argskwargsr"Nc@d|vrt|dtjst|d|d<tj|i|dSNr )rPrComparableRSAKeysuper__init__r(rqrrrQrr)rw  zJWKRSA.__init__r7cCs0t|d}t|d}t|jd|dS)zOEncode Base64urlUInt. :type data: long :rtype: unicode big byteorderlength)max bit_lengthmathceilrreto_bytesrEr7rrrr) _encode_paramszJWKRSA._encode_paramcCs>zt|}|s ttj|ddWStytw)Decode Base64urlUInt.r|r~)rrhrDeserializationErrorr[ from_bytesr;)rEr7binaryrrr) _decode_params  zJWKRSA._decode_paramcCst||jdS)NrJ)typer r6r'rrr)r6szJWKRSA.public_keyrgc sDfdddD\}}tj||d}dvr |tdSd}dvs?dvs?d vs?d vs?d vs?d vrstfd ddD\}}}} } } tdd| Drbtd| tfdd| D\}}}} } nt |||\}}t ||}t ||} t ||} t ||||| | |t} | dS)Nc3s|] }|VqdSrkrr$xrirr) sz*JWKRSA.fields_from_json..rpro)rorpdrJpqdpdqqiothc3s|]}|VqdSrk)getr)rgrr)rs  )rrrrrcss|] }|dur|VqdSrkr)r$paramrrr)rsz(Some private parameters are missing: {0}c3s|] }t|VqdSrk)rr@r)rErr)rs )rRSAPublicNumbersr6r rtuplerrCrDrsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpRSAPrivateNumbers private_key) rErgrpropublic_numbersrrrrrr all_paramsr rrir)rjs>      zJWKRSA.fields_from_jsonc s~tjjtjrj}|j|jd}nj}j }|j|j|j |j |j |j |j|jd}fdd|DS)Nr)rprorrrrrrcsi|] \}}||qSr)rr$r valuer'rr)r*sz1JWKRSA.fields_to_partial_json..)rPr _wrappedr RSAPublicKeyrrproprivate_numbersr6rrrdmp1dmq1iqmpr0)r(numbersparamsprivatepublicrr'r)rfs&   zJWKRSA.fields_to_partial_json)r"rm)rUrVrWrXrNrr RSAPrivateKeyrrlrrYrjosepyrrurZr rwrbr[r@rrr6r rjrrf __classcell__rrryr)rms      )rmc seZdZUdZdZdZejejfZ de j ddfZ e jjed<ded ed d ffd d Zededed efddZedededed efddZeded efddZeded ejfddZedejd efddZd eeeffddZed eeefd dfd!d"Zd%d#d$Z Z!S)&JWKECzEC JWK. :ivar key: :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` or :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` wrapped in :class:`~josepy.util.ComparableECKey` ECrJcrvryr rqrrr"Ncrsrt)rPrComparableECKeyrvrwrxryrr)rwrzzJWKEC.__init__r7rcCst|jd|dS)zlEncode Base64urlUInt. :type data: long :type key_size: long :rtype: unicode r|r})rrerrrrr)rszJWKEC._encode_paramname valid_lengthcCsXz t|}t||krtdj||t|dtj|ddWSty+tw)rziExpected parameter "{name}" to be {valid_lengths} bytes after base64-decoding; got {length} bytes instead)r valid_lengthsrr|r) rrhlenrrrDr[rr;)rEr7rrrrrr)r&s    zJWKEC._decode_param curve_namecCs,|dkrdS|dkr dS|dkrdSt)N secp256r1P-256 secp384r1P-384 secp521r1P-521)rSerializationError)rErrrr)_curve_name_to_crv5szJWKEC._curve_name_to_crvcCs8|dkrtS|dkrtS|dkrtSt)Nrrr)r SECP256R1 SECP384R1 SECP521R1rr)rErrrr) _crv_to_curve?szJWKEC._crv_to_curvecurvecCs>t|tjrdSt|tjrdSt|tjrdStd|)N 0BzUnexpected curve: )rPrrrrr;)rErrrr)expected_length_for_curveJs   zJWKEC.expected_length_for_curvecsi}tjjtjrjntjjtjr*j}j|j |d<nt dj |d<j |d<fdd|D}jj|d<|S)NrzRSupplied key is neither of type EllipticCurvePublicKey nor EllipticCurvePrivateKeyrrc s&i|]\}}||jqSr)rrrrrr(rr)r*as&z0JWKEC.fields_to_partial_json..r)rPr rrEllipticCurvePublicKeyrEllipticCurvePrivateKeyrr6 private_valuerrrrr0rrr)r(rrrrr)rfTs     zJWKEC.fields_to_partial_jsonrgcsd}|fdddD\}}tj|||d}dvr.|tdSdd}t||t}|dS)Nrc3s"|] }||VqdSrkr)r$rprEexpected_lengthrgrr)rjs z)JWKEC.fields_from_json..)rr)rrrrrJ) rrrEllipticCurvePublicNumbersr6r rEllipticCurvePrivateNumbersr)rErgrrrrrr rrr)rjes   zJWKEC.fields_from_jsoncCs8t|jdr |j}n |jt}t||dS)Nr6rJ)hasattrr r6rr r)r(r rrr)r6ws  zJWKEC.public_key)r"r)"rUrVrWrXrNrlrrrrrrYrrrrrZr rwrbr[r@rrr EllipticCurverrrrfr rjr6rrrryr)rs.     r)(rXr`r-loggingrtypingrrrrrrr r r cryptography.exceptionsr= josepy.utilrcryptography.hazmat.backendsr cryptography.hazmat.primitivesr r)cryptography.hazmat.primitives.asymmetricrrrrr getLoggerrUrKTypedJSONObjectWithFieldsABCMetarregisterrMrmrrrrr)s,,      jo