ó î?€Yc@s_ddlZddlZddlmZddlmZmZddlmZddl m Z m Z ddl m Z idd6d d 6d d 6d d6dd6dd6dd6Zdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd„ƒYZdefd „ƒYZd!efd"„ƒYZd#efd$„ƒYZdS(%iÿÿÿÿN(t string_types(t json_decodet json_encode(tJWE(tJWKtJWKSet(tJWStIssuertisstSubjecttsubtAudiencetaudsExpiration Timetexps Not Beforetnbfs Issued AttiatsJWT IDtjtit JWTExpiredcBseZdZddd„ZRS(smJson Web Token is expired. This exception is raised when a token is expired accoring to its claims. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(Ns Token expireds {%s}(tNonetstrtsuperRt__init__(tselftmessaget exceptiontmsg((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRsN(t__name__t __module__t__doc__RR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRstJWTNotYetValidcBseZdZddd„ZRS(s~Json Web Token is not yet valid. This exception is raised when a token is not valid yet according to its claims. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(NsToken not yet valids {%s}(RRRRR(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR1sN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR*stJWTMissingClaimcBseZdZddd„ZRS(ssJson Web Token claim is invalid. This exception is raised when a claim does not match the expected value. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(NsInvalid Claim Values {%s}(RRRRR(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRBsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR<stJWTInvalidClaimValuecBseZdZddd„ZRS(ssJson Web Token claim is invalid. This exception is raised when a claim does not match the expected value. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(NsInvalid Claim Values {%s}(RRRRR(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRSsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRMstJWTInvalidClaimFormatcBseZdZddd„ZRS(sqJson Web Token claim format is invalid. This exception is raised when a claim is not in a valid format. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(NsInvalid Claim Formats {%s}(RRRR R(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRdsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR ^stJWTMissingKeyIDcBseZdZddd„ZRS(s¡Json Web Token is missing key id. This exception is raised when trying to decode a JWT with a key set that does not have a kid value in its header. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(NsMissing Key IDs {%s}(RRRR!R(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRvsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR!ost JWTMissingKeycBseZdZddd„ZRS(s™Json Web Token is using a key not in the key set. This exception is raised if the key that was used is not available in the passed key set. cCsXd}|rt|ƒ}nd}|r>|dt|ƒ7}ntt|ƒj|ƒdS(Ns Missing Keys {%s}(RRRR"R(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRˆsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR"stJWTcBs^eZdZdddddddd„Zed„ƒZejd„ƒZed„ƒZejd„ƒZed„ƒZ e jd„ƒZ ed„ƒZ e jd „ƒZ ed „ƒZ e jd „ƒZ d „Z d „Z d„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zdd„Zed„ZRS(sFJSON Web token object This object represent a generic token. cCs¿d|_d|_d|_||_d|_d|_d|_d|_|rZ||_ n|dk rr||_n|dk rŠ||_n|rœ||_ n|dk r»|j ||ƒndS(sKCreates a JWT object. :param header: A dict or a JSON string with the JWT Header data. :param claims: A dict or a string withthe JWT Claims data. :param jwt: a 'raw' JWT token :param key: A (:class:`jwcrypto.jwk.JWK`) key to deserialize the token. A (:class:`jwcrypt.jwk.JWKSet`) can also be used. :param algs: An optional list of allowed algorithms :param default_claims: An optional dict with default values for registred claims. A None value for NumericDate type claims will cause generation according to system time. Only the values fro RFC 7519 - 4.1 are evaluated. :param check_claims: An optional dict of claims that must be present in the token, if the value is not None the claim must match exactly. Note: either the header,claims or jwt,key parameters should be provided as a deserialization operation (which occurs if the jwt is provided will wipe any header os claim provided by setting those obtained from the deserialization of the jwt token. Note: if check_claims is not provided the 'exp' and 'nbf' claims are checked if they are set on the token but not enforced if not set. Any other RFC 7519 registered claims are checked only for format conformance. i<iXN( Rt_headert_claimst_tokent_algst _reg_claimst _check_claimst_leewayt _validitytheadertclaimst deserialize(RR,R-tjwttkeytalgstdefault_claimst check_claims((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR™s$               cCs%|jdkrtdƒ‚n|jS(Ns'header' not set(R$RtKeyError(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR,ÎscCs.t|tƒr!t|ƒ|_n ||_dS(N(t isinstancetdictRR$(Rth((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR,ÔscCs%|jdkrtdƒ‚n|jS(Ns'claims' not set(R%RR4(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR-ÛscCs;t|tƒr.|j|ƒt|ƒ|_n ||_dS(N(R5R6t_add_default_claimsRR%(Rtc((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR-ás cCs|jS(N(R&(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyttokenéscCsIt|tƒs-t|tƒs-t|tƒr9||_n tdƒ‚dS(Ns.Invalid token type, must be one of JWS,JWE,JWT(R5RRR#R&t TypeError(Rtt((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR:ís- cCs|jS(N(R*(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytleewayôscCst|ƒ|_dS(N(tintR*(Rtl((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR=øscCs|jS(N(R+(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytvalidityüscCst|ƒ|_dS(N(R>R+(Rtv((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR@scCsB||krdS|jj|dƒ}|dk r>|||ttimeRERGR@RJ(RR-tnow((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR8scCs6||krdSt||tƒs2tdƒ‚ndS(Ns"Claim %s is not a StringOrURI type(R5RR (RRCR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_string_claim&s cCs||krdSt||tƒrRtd„|Dƒƒr{td|fƒ‚q{n)t||tƒs{td|fƒ‚ndS(Ncss|]}t|tƒ VqdS(N(R5R(t.0tclaim((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pys 0ss'Claim %s contains non StringOrURI typess"Claim %s is not a StringOrURI type(R5tlisttanyR R(RRCR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_array_or_string_claim,s cCsM||krdSyt||ƒWn$tk rHtd|fƒ‚nXdS(NsClaim %s is not an integer(R>t ValueErrorR (RRCR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_integer_claim7s  cCs0|||kr,td|||fƒ‚ndS(Ns#Expired at %d, time: %d(leeway: %d)(R(RROtlimitR=((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt _check_exp@scCs0|||kr,td|||fƒ‚ndS(Ns#Valid from %d, time: %d(leeway: %d)(R(RRORUR=((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt _check_nbfEscCsä|jd|ƒ|jd|ƒ|jd|ƒ|jd|ƒ|jd|ƒ|jd|ƒ|jd|ƒ|jdkràd|kr®|j|dtjƒ|jƒnd|krà|j|dtjƒ|jƒqàndS(NRR R R RRR( RMRRRTR)RRVRKR*RW(RR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_default_claimsJs # cCsˆ|jtkrdSy.t|jƒ}t|tƒs@tƒ‚nWn0tk rs|jdk rotdƒ‚ndSX|j |ƒ|jdkr”dSxí|jj ƒD]Ü\}}||krÒt d|fƒ‚n|d kr|dk r€|||kr€t d||||fƒ‚q€q¤|dkrš|dk r€|||krKq¤nt||t ƒrw|||krwq¤qwnt d||||fƒ‚q€q¤|d krï|dk rÌ|j|||d ƒq€|j||tjƒ|jƒq¤|d krD|dk r!|j|||d ƒq€|j||tjƒ|jƒq¤|dk r¤|||kr¤t d ||||fƒ‚q¤q¤WdS(Ns4Claims check requested but claims is not a json dictsClaim %s is missingRR Rs*Invalid '%s' value. Expected '%s' got '%s'R s)Invalid '%s' value. Expected '%s' in '%s'R iRs*Invalid '%s' value. Expected '%d' got '%d'(sissssubsjti(R)tFalseRR-R5R6RSRR RXtitemsRRRPRVRKR*RW(RR-RCtvalue((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_provided_claimsYsX          #  #cCs2t|jƒ}|j|d|jƒ||_dS(sSigns the payload. Creates a JWS token with the header as the JWS protected header and the claims as the payload. See (:class:`jwcrypto.jws.JWS`) for details on the exceptions that may be reaised. :param key: A (:class:`jwcrypto.jwk.JWK`) key. t protectedN(RR-t add_signatureR,R:(RR0R<((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytmake_signed_token”s cCs/t|j|jƒ}|j|ƒ||_dS(s#Encrypts the payload. Creates a JWE token with the header as the JWE protected header and the claims as the plaintext. See (:class:`jwcrypto.jwe.JWE`) for details on the exceptions that may be reaised. :param key: A (:class:`jwcrypto.jwk.JWK`) key. N(RR-R,t add_recipientR:(RR0R<((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytmake_encrypted_token¢s  cCsÛ|jdƒ}|dkr*tƒ|_n'|dkrEtƒ|_n tdƒ‚|jrl|j|j_n|d krŽ|jj|d ƒn t |t ƒr³|jj||ƒnät |t ƒr‹|jj|d ƒd|jj kröt dƒ‚n|j|jj dƒ}|s2td|jj dƒ‚nt |jtƒrW|jj|ƒq—t |jtƒr||jj|ƒq—tdƒ‚n td ƒ‚|d k r×|jj |_|jjjd ƒ|_|jƒnd S( s`Deserialize a JWT token. NOTE: Destroys any current status and tries to import the raw token provided. :param jwt: a 'raw' JWT token. :param key: A (:class:`jwcrypto.jwk.JWK`) verification or decryption key, or a (:class:`jwcrypt.jwk.JWKSet`) that contains a key indexed by the 'kid' header. t.iisToken format unrecognizedtkidsNo key ID in JWT headersKey ID %s not in key setsUnknown Token TypesUnrecognized Key Typesutf-8N(tcountRR:RRSR't allowed_algsRR.R5RRt jose_headerR!tget_keyR"tdecrypttverifyt RuntimeErrorR,tpayloadtdecodeR-R\(RR/R0R9t token_key((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR.°s<        cCs|jj|ƒS(s¤Serializes the object into a JWS token. :param compact(boolean): must be True. Note: the compact parameter is provided for general compatibility with the serialize() functions of :class:`jwcrypto.jws.JWS` and :class:`jwcrypto.jwe.JWE` so that these objects can all be used interchangeably. However the only valid JWT representtion is the compact representation. (R:t serialize(Rtcompact((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRnås N(RRRRRtpropertyR,tsetterR-R:R=R@RERGRJR8RMRRRTRVRWRXR\R_RaR.tTrueRn(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR#“s8 4       ;   5(RKRHtsixRtjwcrypto.commonRRt jwcrypto.jweRt jwcrypto.jwkRRt jwcrypto.jwsRtJWTClaimsRegistryt ExceptionRRRRR R!R"tobjectR#(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyts*