U #iX@sdddlZddlZddlmZmZddlmZddlmZddl m Z m Z m Z ddl mZmZmZddlmZmZddlmZmZmZmZdd lmZmZmZdd lmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%ddl&m'Z'ddl(m)Z)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0ddl1m2Z2da3ddZ4Gddde2Z5Gddde2Z6Gddde2Z7Gddde2Z8dS)N)InvalidSignature InvalidTag)default_backend)Binding)hasheshmac serialization)ecpaddingrsa)decode_dss_signatureencode_dss_signature)Cipheraead algorithmsmodes) InvalidUnwrapaes_key_unwrap aes_key_wrap)PKCS7)load_pem_private_keyload_pem_public_key) int_to_bytes)load_pem_x509_certificate) ALGORITHMS)JWEErrorJWKError)base64_to_longbase64url_decodebase64url_encode ensure_binarylong_to_base64)KeycCsDtdkrtatjd|}tj||tj||dd}|S)aK Get random bytes Currently, Cryptography returns OS random bytes. If you want OpenSSL generated random bytes, you'll have to switch the RAND engine after initializing the OpenSSL backend Args: num_bytes (int): Number of random bytes to generate and return Returns: bytes: Random bytes Nzchar[])_bindingrffinewlib RAND_bytesbuffer)Z num_bytesbufZ rand_bytesr,j/var/www/html/me.goteku.com/backend/venv/lib/python3.8/site-packages/jose/backends/cryptography_backend.pyget_random_bytess r.c@szeZdZejZejZejZefddZddZ ddZ ddZ d d Z d d Z d dZddZddZddZddZdS)CryptographyECKeyc Cs<|tjkrtd|tj|jtj|jtj|ji ||_ ||_ ||_ t |dsZt |drd||_dSt |dr||d}t|tr|||_dSt|tr|d}t|tr,z>zt|| }Wn&tk rt|d| d}YnXWn,tk r }z t|W5d}~XYnX||_dStd|dS)N*hash_alg: %s is not a valid hash algorithm public_bytes private_bytesto_pemutf-8passwordbackendz%Unable to parse an ECKey from key: %s)rECrZES256SHA256ZES384SHA384ZES512SHA512gethash_alg _algorithmcryptography_backendhasattr prepared_keyr3decode isinstancedict _process_jwkstrencodebytesr ValueErrorr Exceptionselfkey algorithmr?er,r,r-__init__5sD        zCryptographyECKey.__init__csddks tddtfdddDs>tdtd}td }tjtjtjd d }t|||}d krtd }t ||}| | S| | SdS) Nktyr8z0Incorrect key type. Expected: 'EC', Received: %sc3s|]}|kVqdSNr,.0kjwk_dictr,r- fsz1CryptographyECKey._process_jwk..)xycrvz Mandatory parameters are missingrYrZ)P-256P-384P-521r[d) r<rallrr Z SECP256R1Z SECP384R1Z SECP521R1ZEllipticCurvePublicNumbersZEllipticCurvePrivateNumbers private_keyr? public_key)rLrWrYrZcurvepublicr_privater,rVr-rEbs$ zCryptographyECKey._process_jwkcCstt|jjdS)zDetermine the correct serialization length for an encoded signature component. This is the number of bytes required to encode the maximum key value. g @)intmathceilrAkey_sizerLr,r,r-_sig_component_length{sz'CryptographyECKey._sig_component_lengthcCs(t|\}}|}t||t||S)z4Convert signature from DER encoding to RAW encoding.)r rkr)rLZ der_signaturerscomponent_lengthr,r,r- _der_to_raws zCryptographyECKey._der_to_rawcCs^|}t|td|kr$td|d|}||d}t|d}t|d}t||S)z4Convert signature from RAW encoding to DER encoding.rzInvalid signatureNbig)rklenrfrI from_bytesr )rLZ raw_signaturernZr_bytesZs_bytesrlrmr,r,r- _raw_to_ders    zCryptographyECKey._raw_to_dercCsV|jjd|jjjkr4td|jjjd|jjf|j|t |}| |S)Nz1this curve (%s) is too short for your digest (%d)) r= digest_sizerArcri TypeErrornamesignr ECDSAro)rLmsg signaturer,r,r-rxszCryptographyECKey.signcCsFz*||}|j||t|WdStk r@YdSXdS)NTF)rsrAverifyr ryr=rJ)rLrzsigr{r,r,r-r|s  zCryptographyECKey.verifycCs t|jdSNr1r@rArjr,r,r- is_publicszCryptographyECKey.is_publiccCs |r |S||j|jSrRr __class__rArbr>rjr,r,r-rbszCryptographyECKey.public_keycCsF|r$|jjtjjtjjd}|S|jjtjjtj j t d}|S)NencodingformatrrZencryption_algorithm) rrAr1rEncodingPEM PublicFormatSubjectPublicKeyInfor2 PrivateFormatTraditionalOpenSSL NoEncryption)rLpemr,r,r-r3szCryptographyECKey.to_pemcCs|s|j}n|j}dddd|jjj}|jjjdd}|jd|t|j |d d t|j |d d d }|s|j j }t||d d |d <|S) Nr\r]r^)Z secp256r1Z secp384r1Z secp521r1rtr8)sizeASCII)algrQr[rYrZr_)rrArbrcrwrir>r"public_numbersrYrBrZprivate_numbers private_value)rLrbr[ridatarr,r,r-to_dicts(   zCryptographyECKey.to_dictN)__name__ __module__ __qualname__rr9r:r;rrPrErkrorsrxr|rrbr3rr,r,r,r-r/0s -   r/c@seZdZejZejZejZeZ e e e e dZ e e eedZefddZddZddZdd Zd d Zd d ZddZdddZddZddZddZdS)CryptographyRSAKeyNc Csb|tjkrtd|tj|jtj|jtj|ji ||_ ||_ tj |j tj |j tj|ji ||_||_t|drt|dr||_dSt|tr|||_dSt|tr|d}t|trRz^|dr||WdSzt|||_Wn*tk rt|d|d|_YnXWn,tk rL}z t|W5d}~XYnXdStd|dS)Nr0r1rr4-----BEGIN CERTIFICATE-----r5z'Unable to parse an RSA_JWK from key: %s)rRSArZRS256r9ZRS384r:ZRS512r;r<r=r>RSA1_5RSA_OAEP RSA_OAEP_256r r?r@rArCrDrErFrGrH startswith _process_certrrIrrJrKr,r,r-rPsV         zCryptographyRSAKey.__init__c sLddks tddtdd}td}t||}dkr`||Std}dd d d d g}tfd d|Drtfdd|Dstdtd}td }td } td } td } n6t |||\}}t ||} t ||} t ||} t |||| | | |} | |SdS)NrQrz1Incorrect key type. Expected: 'RSA', Received: %srOnr_pqdpdqqic3s|]}|kVqdSrRr,rSrVr,r-rX"sz2CryptographyRSAKey._process_jwk..c3s|]}|kVqdSrRr,rSrVr,r-rX$sz2Precomputed private key parameters are incomplete.)r<rrr ZRSAPublicNumbersrbr?anyr`Zrsa_recover_prime_factorsZ rsa_crt_dmp1Z rsa_crt_dmq1Z rsa_crt_iqmpZRSAPrivateNumbersra) rLrWrOrrdr_Z extra_paramsrrrrrrer,rVr-rEs.        zCryptographyRSAKey._process_jwkcCst||}||_dSrR)rr?rbrA)rLrMr,r,r-r;sz CryptographyRSAKey._process_certc CsLz|j|t|}Wn*tk rF}z t|W5d}~XYnX|SrR)rArxr PKCS1v15r=rJr)rLrzr{rOr,r,r-rx?s zCryptographyRSAKey.signcCsR|stdz$|j||t|WdSt k rLYdSXdS)NzKAttempting to verify a message with a private key. This is not recommended.TF) rwarningswarnrbrAr|r rr=r)rLrzr}r,r,r-r|Fs zCryptographyRSAKey.verifycCs t|jdSr~rrjr,r,r-rPszCryptographyRSAKey.is_publiccCs |r |S||j|jSrRrrjr,r,r-rbSszCryptographyRSAKey.public_keyPKCS8cCs|rP|dkrtjj}n|dkr,tjj}n td||jjtjj |d}|S|dkrbtj j }n|dkrttj j }n td||jj tjj |tdS)NrPKCS1zInvalid format specified: %rrr)rrrrrrIrAr1rrrrrr2r)rLZ pem_formatfmtrr,r,r-r3Xs$      zCryptographyRSAKey.to_pemc Cs|s|j}n|j}|jdt|jdt|jdd}|s| t|j j dt|j j dt|j j dt|j jdt|j jdt|j jdd|S)Nrr)rrQrrO)r_rrrrr)rrArbr>r"rrrBrOupdaterr_rrZdmp1Zdmq1Ziqmp)rLrbrr,r,r-rns&  zCryptographyRSAKey.to_dictc CsDz|j||j}Wn*tk r>}z t|W5d}~XYnX|SrR)rAencryptr rJr)rLkey_data wrapped_keyrOr,r,r-wrap_keys zCryptographyRSAKey.wrap_keyc CsFz|j||j}|WStk r@}z t|W5d}~XYnXdSrR)rAdecryptr rJr)rLrZ unwrapped_keyrOr,r,r- unwrap_keys zCryptographyRSAKey.unwrap_key)r)rrrrr9r:r;r rrZOAEPZMGF1SHA1rrrrPrErrxr|rrbr3rrrr,r,r,r-rs" /)  rc@seZdZejejejejfZej ej ej ej fZ ejejejejejfZejfZejfZejej ejfZejejej ejejejejejejejejejejejej ejejejejejej ejejejejdej dejdiZddZddZdddZddd Z d d Z!d d Z"dS)CryptographyAESKeyNcCs|tjkrtd||tjtjkr4td|||_|j|j|_ ||j krpt |dkrptd|n||j krt |dkrtd|nt||j krt |dkrtd|nN||jkrt |d krtd |n(||jkr t |d kr td |||_dS) Nz%s is not a valid AES algorithmz%s is not a supported algorithmzKey must be 128 bit for alg zKey must be 192 bit for alg zKey must be 256 bit for alg 0zKey must be 384 bit for alg @zKey must be 512 bit for alg )rAESrZ SUPPORTEDunionZ AES_PSEUDOr>MODESr<_modeKEY_128rqKEY_192KEY_256KEY_384KEY_512_key)rLrMrNr,r,r-rPs"   zCryptographyAESKey.__init__cCs|jdt|jd}|S)NoctrrQrU)r>r r)rLrr,r,r-rszCryptographyAESKey.to_dictc Cst|}zttjjd}||}|jdkrjt|j }| |||}|dt |d}|dd}n\t t|j |t d}|} ttjj} | |} | | 7} | | | }d}|||fWStk r} z t| W5d} ~ XYnXdS)NrtGCMrir7)r!r.rr block_sizerrwrAESGCMrrrqrr encryptorrpadderrfinalizerJr) rL plain_textaadivmodeciphercipher_text_and_tag cipher_textZauth_tagrrZ padded_datarOr,r,r-rs&      zCryptographyAESKey.encryptc Cst|}zt|}||}|jdkr||dkr6tdt|j}||}z||||}Wqtk rxt dYqXn\t t |j|t d}|} | |} | | 7} tt j j} | | }|| 7}|WStk r} z t | W5d} ~ XYnXdS)Nrztag cannot be NonezInvalid JWE Auth Tagr)r!rrwrIrrrrrrrrrr decryptorrrrrunpadderrJ) rLrrrtagrrrrrZpadded_plain_textrrOr,r,r-rs.       zCryptographyAESKey.decryptcCst|}t|j|t}|SrR)r!rrr)rLrrr,r,r-rszCryptographyAESKey.wrap_keyc CsLt|}zt|j|t}Wn*tk rF}z t|W5d}~XYnX|SrR)r!rrrrr)rLrrcauser,r,r-r s zCryptographyAESKey.unwrap_key)N)NNN)#rrrrZA128GCMZ A128GCMKWZA128KWZA128CBCrZA192GCMZ A192GCMKWZA192KWZA192CBCrZA256GCMZ A256GCMKWZA256KWZ A128CBC_HS256ZA256CBCrZ A192CBC_HS384rZ A256CBC_HS512rZ AES_KW_ALGSrrZCBCrrPrrrrrr,r,r,r-rs`  rc@sZeZdZdZejeeje ej e iZ ddZ ddZddZdd Zd d Zd S) CryptographyHMACKeyzf Performs signing and verification operations using HMAC and the specified hash function. cs|tjkrtd|||_|j||_ttrD| |_ dStt s`tt s`tdtt rt dddddg}tfdd |Drtd |_ dS) Nr0z+Expecting a string- or bytes-formatted key.r4s-----BEGIN PUBLIC KEY-----s-----BEGIN RSA PUBLIC KEY-----rsssh-rsac3s|]}|kVqdSrRr,)rTZ string_valuerMr,r-rX2sz/CryptographyHMACKey.__init__..zdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rHMACrr>ALG_MAPr< _hash_algrCrDrErArFrHrGr)rLrMrNZinvalid_stringsr,rr-rPs*      zCryptographyHMACKey.__init__cCsH|ddks td|d|d}|d}t|}t|}|S)NrQrz1Incorrect key type. Expected: 'oct', Received: %srUr4)r<rrGrHr)rLrWrUr,r,r-rE:s  z CryptographyHMACKey._process_jwkcCs|jdt|jddS)Nrrr)r>r rArBrjr,r,r-rEszCryptographyHMACKey.to_dictcCs4t|}tj|j|jtd}|||}|S)Nr)r!rrrArrrr)rLrzhr{r,r,r-rxLs  zCryptographyHMACKey.signcCs`t|}t|}tj|j|jtd}||z||d}Wntk rZd}YnX|S)NrTF) r!rrrArrrr|r)rLrzr}rZverifiedr,r,r-r|Ss   zCryptographyHMACKey.verifyN)rrr__doc__rZHS256rr9ZHS384r:ZHS512r;rrPrErrxr|r,r,r,r-rs" r)9rgrZcryptography.exceptionsrrZcryptography.hazmat.backendsrZ,cryptography.hazmat.bindings.openssl.bindingrZcryptography.hazmat.primitivesrrrZ)cryptography.hazmat.primitives.asymmetricr r r Z/cryptography.hazmat.primitives.asymmetric.utilsr r Z&cryptography.hazmat.primitives.ciphersrrrrZ&cryptography.hazmat.primitives.keywraprrrZ&cryptography.hazmat.primitives.paddingrZ,cryptography.hazmat.primitives.serializationrrZcryptography.utilsrZcryptography.x509r constantsr exceptionsrrutilsrrr r!r"baser$r%r.r/rrrr,r,r,r-s2       +@z