h dZddlZddlZddlZddlmZddlmZejZejZdZ dZ dZ ej e ZGddeZd Z dd lmZejZejZejZn#e$r dZdZeZYnwxYw dd lmZejZejZn#e$rdZdZYnwxYwereZeZn ereZeZneZeZdd Zd ZdZdZddZ dS)z)Crypto-related routines for oauth2client.N)_helpers)_pure_python_crypti,iQceZdZdZdS)AppIdentityErrorz!Error to indicate crypto failure.N)__name__ __module__ __qualname____doc__j/home/visionen/pythonvenv/lib/python3.11/site-packages/oauth2client-4.1.3-py3.11.egg/oauth2client/crypt.pyrr$s++++r rc td)Nz#pkcs12_key_as_pem requires OpenSSL.)NotImplementedError)argskwargss r _bad_pkcs12_key_as_pemr(s C D DDr )_openssl_crypt)_pycrypto_cryptcddd}|||d<tjtj|tjtj|g}d|}||}|tj|t t|d|S)aRMake a signed JWT. See http://self-issued.info/docs/draft-jones-json-web-token.html. Args: signer: crypt.Signer, Cryptographic signer. payload: dict, Dictionary of data to convert to JSON and then sign. key_id: string, (Optional) Key ID header. Returns: string, The JWT for the payload. JWTRS256)typalgNkid.) r_urlsafe_b64encode _json_encodejoinsignappendloggerdebugstr)signerpayloadkey_idheadersegments signing_input signatures r make_signed_jwtr+Js7 + +F u  #H$9&$A$ABB#H$9'$B$BCCHIIh''M M**I OOH/ ::;;; LLX 99X  r c|D]7}t|d}|||rdS8td)aVerifies signed content using a list of certificates. Args: message: string or bytes, The message to verify. signature: string or bytes, The signature on the message. certs: iterable, certificates in PEM format. Raises: AppIdentityError: If none of the certificates can verify the message against the signature. T) is_x509_certNzInvalid token signature)Verifier from_stringverifyr)messager*certspemverifiers r _verify_signaturer5is^''$'?? ??7I . .  FF  4 5 55r c|dS|d}|"td|||kr$td|||dS)aAChecks audience field from a JWT payload. Does nothing if the passed in ``audience`` is null. Args: payload_dict: dict, A dictionary containing a JWT payload. audience: string or NoneType, an audience to check for in the JWT payload. Raises: AppIdentityError: If there is no ``'aud'`` field in the payload dictionary but there is an ``audience`` to check. AppIdentityError: If the ``'aud'`` field in the payload dictionary does not match the ``audience``. NaudzNo aud field in token: {0}z Wrong recipient, {0} != {1}: {2})getrformat) payload_dictaudienceaudience_in_payloads r _check_audiencer=~s &**511" ( / / = =?? ?h&&AHH < 9 9:: :'&r cZttj}|d}|"td||d}|"td|||t zkr"td||t z }||kr$td||||t z}||kr$td|||dS) aVerifies the issued at and expiration from a JWT payload. Makes sure the current time (in UTC) falls between the issued at and expiration for the JWT (with some skew allowed for via ``CLOCK_SKEW_SECS``). Args: payload_dict: dict, A dictionary containing a JWT payload. Raises: AppIdentityError: If there is no ``'iat'`` field in the payload dictionary. AppIdentityError: If there is no ``'exp'`` field in the payload dictionary. AppIdentityError: If the JWT expiration is too far in the future (i.e. if the expiration would imply a token lifetime longer than what is allowed.) AppIdentityError: If the token appears to have been issued in the future (up to clock skew). AppIdentityError: If the token appears to have expired in the past (up to clock skew). iatNzNo iat field in token: {0}expzNo exp field in token: {0}z exp field too far in future: {0}z$Token used too early, {0} < {1}: {2}z#Token used too late, {0} > {1}: {2})inttimer8rr9MAX_TOKEN_LIFETIME_SECSCLOCK_SKEW_SECS)r:now issued_at expirationearliestlatests r _verify_time_rangerJsS0 dikk  C  ''I ( / / = =?? ?!!%((J ( / / = =?? ?S2222 . 5 5l C CEE E?*H X~~ELL < ) )** */ )F V||DKK  ' '(( (|r cXtj|}|ddkr"td||d\}}}|dz|z}tj|}tj|} tjtj |}n'#td|xYwt||| t|t|||S)aVerify a JWT against public certs. See http://self-issued.info/docs/draft-jones-json-web-token.html. Args: jwt: string, A JWT. certs: dict, Dictionary where values of public keys in PEM format. audience: string, The audience, 'aud', that this JWT should contain. If None then the JWT's 'aud' parameter is not verified. Returns: dict, The deserialized JSON payload in the JWT. Raises: AppIdentityError: if any checks are failed. rz&Wrong number of segments in token: {0}zCan't parse token: {0})r _to_bytescountrr9split_urlsafe_b64decodejsonloads _from_bytesr5valuesrJr=) jwtr2r;r'r%r*message_to_sign payload_bytesr:s r verify_signed_jwt_with_certsrXs$"  S ! !C yy! 4 ; ;C @ @BB B"%4FGYtmg-O+I66I/88MPz("6}"E"EFF P8?? NNOOOoy%,,..AAA|$$$L(+++ s &C$C%)N)!r rQloggingrB oauth2clientrr RsaSigner RsaVerifierrDAUTH_TOKEN_LIFETIME_SECSrC getLoggerrr! Exceptionrrr OpenSSLSignerOpenSSLVerifierpkcs12_key_as_pem ImportErrorrPyCryptoSignerPyCryptoVerifierSignerr.r+r5r=rJrXr r r rgs  0/  !!!!!!++++++  (  ,   8 $ $,,,,,y,,,EEE/++++++"0M$4O&8///OM./ ,,,,,,$3N&7NNN  FHH FHH FH>666*:::82(2(2(j++++++s$A-- A;:A;?B B B