!> #4o"FGG %inn]C&H&HII yy+_iHIIIr*c~t||jkrtd t|}|dd\}}|dd\}}n"#t$r}t d|d}~wwxYwt|} || t| d} t|} |r || } t|} t| | d} | | | |\}}||| |r| St| )aExact JWS Compact Serialization, and validate with the given key. If key is not provided, the returned dict will contain the signature, and signing input values. Via `Section 7.1`_. :param s: text of JWS Compact Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.1`: https://tools.ietf.org/html/rfc7515#section-7.1 zSerialization is too long.r5rzNot enough segmentsNcompact)lenr r.rrsplitsplitr_extract_headerr7r_extract_payload_extract_signaturerr8verifyr)r%sr=decoderAsignature_segmentr?r@excr9r>r<rBrvr2s r(deserialize_compactz$JsonWebSignature.deserialize_compactQsY q66D+ + +9:: : > A/0xxa/@/@ ,M,1>1D1DT11M1M .  > > >344# = >$$566  ##I...y$// "?33  &fWooG&'899 z7I 6 644Z#NN 3   M9c : : I###sAA++ B 5BB ctfdt|tr1tj|}t |d<|Sfd|D}t |dS)aGenerate a JWS JSON Serialization. The JWS JSON Serialization represents digitally signed or MACed content as a JSON object, per `Section 7.2`_. :param header_obj: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: JWSObject Example ``header_obj`` of JWS JSON Serialization:: { "protected: {"alg": "HS256"}, "header": {"kid": "jose"} } Pass a dict to generate flattened JSON Serialization, pass a list of header dict to generate standard JSON Serialization. c | |j |j |\}}t |j}d| g}t| ||}t|t|d}|j |j|d<|S)Nr5)r9rBheader) r6_reject_unprotected_critrUr7r9r8rr:rr;r) r>_alg_keyr?rArBrQr=r<r@r%s r(_signz.JsonWebSignature.serialize_json.._signs  * *: 6 6 6  ) )**; < < <  ' ' (< = = =44Z#NNJD$ .z/C D D  II'8/&JKKM)$))M4*H*HIII((9::' 22B ,)08 Ir*r<cJg|]}tj| S)r from_dict).0hrYs r( z3JsonWebSignature.serialize_json..s.HHHeeI/2233HHHr*)r< signatures)r isinstancedictrr\r)r% header_objr<r=datar`rYr@s` `` @@r(serialize_jsonzJsonWebSignature.serialize_jsonws()11        * j$ ' ' 5,Z8899D(99DOKHHHHZHHH %o66jQQQr*ct|d}|d}|tdt|}t |}|r ||}d|vr?|||||\}}t ||d}|r|St|g} d} |dD]6} |||| |\}}| ||sd} 7t | |d }| r|St|) aExact JWS JSON Serialization, and validate with the given key. If key is not provided, it will return a dict without signature verification. Header will still be validated. Via `Section 7.2`_. :param obj: text of JWS JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: JWSObject :raise: BadSignatureError .. _`Section 7.2`: https://tools.ietf.org/html/rfc7515#section-7.2 r,r<NzMissing "payload" valuer`flatTFjson) rgetrrrJ_validate_json_jwsrrappend) r%objr=rNr@r<r>validrQheadersis_validrcs r(deserialize_jsonz!JsonWebSignature.deserialize_jsonsS#u%%''),,  "788 8"?33"?33  &fWooG s " " $ 7 7#s!! J:w77B  #B'' 'l+ ! !J $ 7 7*c!! J NN: & & & !  w 0 0  I###r*ct|ttfr||||Sd|vr||||S||||S)aGenerate a JWS Serialization. It will automatically generate a Compact or JSON Serialization depending on the given header. If a header is in a JSON header format, it will call :meth:`serialize_json`, otherwise it will call :meth:`serialize_compact`. :param header: A dict/list of header :param payload: A string/dict of payload :param key: Private key used to generate signature :return: byte/dict r9)ralisttuplererC)r%rUr<r=s r( serializezJsonWebSignature.serializesm ftUm , , =&&vw<< < & &&vw<< <%%fgs;;;r*c(t|tr||||St|}|dr,|dr||||S||||S)aDeserialize JWS Serialization, both compact and JSON format. It will automatically deserialize depending on the given JWS. :param s: text of JWS Compact/JSON Serialization :param key: key used to verify the signature :param decode: a function to decode payload data :return: dict :raise: BadSignatureError If key is not provided, it will still deserialize the serialization without verification. {})rarbrpr startswithendswithrR)r%rMr=rNs r( deserializezJsonWebSignature.deserializes a   9((C88 8 QKK <<   9!**T"2"2 9((C88 8''3777r*c@d|vrt|d}|j||jvrt||jvrt|j|}t |r |||}n| d|vr|d}||}||fS)Nrr)r r$r r/callable prepare_key)r%rUr<r=rr2s r(r8z'JsonWebSignature._prepare_algorithm_keys   ')) )Um   'Ct7G,G,G+-- - d. . .+-- -,S1 C== #fg&&CC [Uf__-C##C((#~r*c|jK|j}||j}|D]}||vrt |dSdSr")r#!REGISTERED_HEADER_PARAMETER_NAMEScopyunionr )r%rUnamesks r(r6z*JsonWebSignature._validate_private_headerssr  ,:??AAEKK 566E = =E>>9!<<<" - , = =r*c4|rd|vrtddSdS)uGReject 'crit' when found in the unprotected header (RFC 7515 §4.1.11).rNr )r%unprotected_headers r(rVz)JsonWebSignature._reject_unprotected_crit s3  :&,>">">1&99 9 : :">">r*cfd|vr|d}t|trtd|Dstd|j}|jr||j}|D]*}||vrt|||vrt|)dSdS)Nrc3@K|]}t|tVdSr")rastr)r]xs r( z:JsonWebSignature._validate_crit_headers..)s==='( 1c""======r*) rarrallr rrr#rr )r%rU crit_headersrrs r(r7z'JsonWebSignature._validate_crit_headers%s V  !&>LlD11 >==,8===:: >6f===:??AAE$ ; D$9::! A AE>>=a@@@f__=a@@@%   A Ar*c|d}|std|d}|stdt|}t|}|d}|r$t |t std||||t||} | | ||\} }d ||g} tt|} | | | |r| dfS| d fS) Nr9zMissing "protected" valuerBzMissing "signature" valuerUzInvalid "header" valuer5TF) rirrrIrarbrVr7rr8r:rKrL) r%r@r<rcr=r?rOr9rUr>r2rArBs r(rjz#JsonWebSignature._validate_json_jws6s]&NN;77  ;9:: :&NN;77  ;9:: :$%677#$566 ))  8*VT22 8677 7 %%f--- ##I...y&11 44Z#NN 3 #4o"FGG &x0A'B'BCC   M9c : : $t# #5  r*)NNr")__name__ __module__ __qualname__ frozensetrr int__annotations__r/r) classmethodr3rCrRrerprtrzr8r6rVr7rjr[r*r(rrsA(1  ))% %$$$&&&&<<[< JJJ:$$$$$$$$L1R1R1Rf0$0$0$0$d<<<$8888*$ = = =::: AAA"!!!!!r*rc,t|tSr")rr)header_segments r(rIrIUs .+ 6 66r*c.t|tdS)NrBrr)rOs r(rKrKYs ,k; G GGr*c.t|tdS)Nr<r)r@s r(rJrJ]s ?K C CCr*N)authlib.common.encodingrrrrauthlib.jose.errorsrrr r r r authlib.jose.utilrrrmodelsrrrrIrKrJr[r*r(rs222222,,,,,,......555555111111++++++CCCCCC??????555555999999)))))),,,,,,------!!!!!!!!D 777HHHDDDDDr*