o jhV@sdddlZddlZddlmZmZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZmZddlmZmZmZmZddlmZmZmZdd lmZdd lmZmZdd l m!Z!dd l"m#Z#d dl$m%Z%d dl&m'Z'm(Z(d dl)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0ddl1m2Z2ddl3m4Z4dZ5Gddde4Z6Gddde4Z7Gddde4Z8Gddde4Z9dS)N)InvalidSignature InvalidTag)default_backend)hasheshmac serialization)ecpaddingrsa)decode_dss_signatureencode_dss_signature)Cipheraead algorithmsmodes) InvalidUnwrapaes_key_unwrap aes_key_wrap)PKCS7)load_pem_private_keyload_pem_public_key) int_to_bytes)load_pem_x509_certificate) ALGORITHMS)JWEErrorJWKError)base64_to_longbase64url_decodebase64url_encode ensure_binary is_pem_format is_ssh_keylong_to_base64)get_random_bytes)Keyc@szeZdZejZejZejZefddZddZ ddZ ddZ d d Z d d Z d dZddZddZddZddZdS)CryptographyECKeyc Cs(|tjvr td|tj|jtj|jtj|ji ||_ ||_ ||_ t |ds-t |dr2||_dSt |dr>|d}t|trK|||_dSt|trU|d}t|trzz t|| }Wntyvt|d| d}YnwWnty}zt|d}~ww||_dStd|)N*hash_alg: %s is not a valid hash algorithm public_bytes private_bytesto_pemutf-8passwordbackendz%Unable to parse an ECKey from key: %s)rECrES256SHA256ES384SHA384ES512SHA512gethash_alg _algorithmcryptography_backendhasattr prepared_keyr+decode isinstancedict _process_jwkstrencodebytesr ValueErrorr Exceptionselfkey algorithmr:erKd/var/www/html/pro-man-master/venv/lib/python3.10/site-packages/jose/backends/cryptography_backend.py__init__&sF          zCryptographyECKey.__init__csddkstddtfdddDstdtd}td }tjtjtjd d }t|||}d vrZtd }t ||}| | S| | S) Nktyr0z0Incorrect key type. Expected: 'EC', Received: %sc3|]}|vVqdSNrK.0kjwk_dictrKrL Wz1CryptographyECKey._process_jwk..)xycrvz Mandatory parameters are missingrXrY)P-256P-384P-521rZd) r7rallrr SECP256R1 SECP384R1 SECP521R1EllipticCurvePublicNumbersEllipticCurvePrivateNumbers private_keyr: public_key)rGrUrXrYcurvepublicr^privaterKrTrLr@Ss$ zCryptographyECKey._process_jwkcCstt|jjdS)zDetermine the correct serialization length for an encoded signature component. This is the number of bytes required to encode the maximum key value. g @)intmathceilr<key_sizerGrKrKrL_sig_component_lengthlsz'CryptographyECKey._sig_component_lengthcCs(t|\}}|}t||t||S)z4Convert signature from DER encoding to RAW encoding.)r ror)rG der_signaturerscomponent_lengthrKrKrL _der_to_rawss zCryptographyECKey._der_to_rawcCs^|}t|td|krtd|d|}||d}t|d}t|d}t||S)z4Convert signature from RAW encoding to DER encoding.rzInvalid signatureNbig)rolenrjrD from_bytesr )rG raw_signaturersr_bytess_bytesrqrrrKrKrL _raw_to_derys     zCryptographyECKey._raw_to_dercCsV|jjd|jjjkrtd|jjjd|jjf|j|t |}| |S)Nz1this curve (%s) is too short for your digest (%d)) r8 digest_sizer<rgrm TypeErrornamesignrECDSArt)rGmsg signaturerKrKrLrs zCryptographyECKey.signcCs@z||}|j||t|WdStyYdSw)NTF)r{r<verifyrrr8rE)rGrsigrrKrKrLrs  zCryptographyECKey.verifycC t|jdSNr)r;r<rnrKrKrL is_public zCryptographyECKey.is_publiccC |r|S||j|jSrPr __class__r<rfr9rnrKrKrLrfzCryptographyECKey.public_keycCsF|r|jjtjjtjjd}|S|jjtjjtj j t d}|S)Nencodingformatrrencryption_algorithm) rr<r)rEncodingPEM PublicFormatSubjectPublicKeyInfor* PrivateFormatTraditionalOpenSSL NoEncryption)rGpemrKrKrLr+s zCryptographyECKey.to_pemcCs|s |j}n|j}dddd|jjj}|jjjdd}|jd|t|j |d d t|j |d d d }|sS|j j }t||d d |d <|S) Nr[r\r]) secp256r1 secp384r1 secp521r1r|r0)sizeASCII)algrNrZrXrYr^)rr<rfrgrrmr9r#public_numbersrXr=rYprivate_numbers private_value)rGrfrZrmdatarrKrKrLto_dicts(   zCryptographyECKey.to_dictN)__name__ __module__ __qualname__rr2r4r6rrMr@rortr{rrrrfr+rrKrKrKrLr'!s -   r'c@seZdZejZejZejZeZ e e e e dZ e e eedZefddZddZddZdd Zd d Zd d ZddZdddZddZddZddZdS)CryptographyRSAKeyNc CsV|tjvr td|tj|jtj|jtj|ji ||_ ||_ tj |j tj |j tj|ji ||_||_t|dr?t|dsDt|drI||_dSt|trV|||_dSt|tr`|d}t|trz/|drs||WdSz t|||_WWdStyt|d|d|_YWdSwty}zt|d}~wwtd|) Nr(r)rr*r,s-----BEGIN CERTIFICATE-----r-z'Unable to parse an RSA_JWK from key: %s)rRSArRS256r2RS384r4RS512r6r7r8r9RSA1_5RSA_OAEP RSA_OAEP_256r r:r;r<r>r?r@rArBrC startswith _process_certrrDrrErFrKrKrLrMsR           zCryptographyRSAKey.__init__c sBddkstddtdd}td}t||}dvr0||Std}gd}tfd d |Drttfd d |DsUtd td }td}td} td} td} nt |||\}}t ||} t ||} t ||} t |||| | | |} | |S)NrNrz1Incorrect key type. Expected: 'RSA', Received: %srJnr^)pqdpdqqic3rOrPrKrQrTrKrLrVrWz2CryptographyRSAKey._process_jwk..c3rOrPrKrQrTrKrLrVrWz2Precomputed private key parameters are incomplete.rrrrr)r7rrr RSAPublicNumbersrfr:anyr_rsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpRSAPrivateNumbersre) rGrUrJrrhr^ extra_paramsrrrrrrirKrTrLr@s.        zCryptographyRSAKey._process_jwkcCst||}||_dSrP)rr:rfr<)rGrHrKrKrLr,sz CryptographyRSAKey._process_certc Cs@z|j|t|}W|Sty}zt|d}~wwrP)r<rr PKCS1v15r8rEr)rGrrrJrKrKrLr0szCryptographyRSAKey.signcCsL|s tdz|j||t|WdSt y%YdSw)NzKAttempting to verify a message with a private key. This is not recommended.TF) rwarningswarnrfr<rr rr8r)rGrrrKrKrLr7s  zCryptographyRSAKey.verifycCrrrrnrKrKrLrArzCryptographyRSAKey.is_publiccCrrPrrnrKrKrLrfDrzCryptographyRSAKey.public_keyPKCS8cCs|r(|dkr tjj}n|dkrtjj}ntd||jjtjj |d}|S|dkr1tj j }n|dkr:tj j }ntd||jj tjj |tdS)NrPKCS1zInvalid format specified: %rrr)rrrrrrDr<r)rrrrrr*r)rG pem_formatfmtrrKrKrLr+Is       zCryptographyRSAKey.to_pemc Cs|s |j}n|j}|jdt|jdt|jdd}|sk| t|j j dt|j j dt|j j dt|j jdt|j jdt|j jdd|S)Nrr)rrNrrJ)r^rrrrr)rr<rfr9r#rrr=rJupdaterr^rrdmp1dmq1iqmp)rGrfrrKrKrLr_s&  zCryptographyRSAKey.to_dictc Cs8z |j||j}W|Sty}zt|d}~wwrP)r<encryptr rEr)rGkey_data wrapped_keyrJrKrKrLwrap_keyzszCryptographyRSAKey.wrap_keyc Cs8z |j||j}|WSty}zt|d}~wwrP)r<decryptr rEr)rGr unwrapped_keyrJrKrKrL unwrap_keyszCryptographyRSAKey.unwrap_key)r)rrrrr2r4r6r rrOAEPMGF1SHA1rrrrMr@rrrrrfr+rrrrKrKrKrLrs$ /)   rc@s(eZdZejejejejfZej ej ej ej fZ ejejejejejfZejfZejfZejej ejfZejejej ejejejejejejejejejejejej ejejejejejej ejejejejdej dejdiZejjdddZ ddZ!ddZ"dd d Z#dd d Z$d dZ%ddZ&dS)CryptographyAESKeyNr| )CBCGCMcCs|tjvr td||tjtjvrtd|||_|j|j|_ ||j vr7t |dkr7td|||j vrIt |dkrItd|||j vr[t |dkr[td|||jvrmt |d krmtd |||jvrt |d krtd |||_dS) Nz%s is not a valid AES algorithmz%s is not a supported algorithmzKey must be 128 bit for alg zKey must be 192 bit for alg zKey must be 256 bit for alg 0zKey must be 384 bit for alg @zKey must be 512 bit for alg )rAESr SUPPORTEDunion AES_PSEUDOr9MODESr7_modeKEY_128rvKEY_192KEY_256KEY_384KEY_512_keyrGrHrIrKrKrLrMs"    zCryptographyAESKey.__init__cCs|jdt|jd}|S)NoctrrNrS)r9rr)rGrrKrKrLrszCryptographyAESKey.to_dictc Cst|}zk|j|jjtjj}t|}||}|jdkrr?r@r<rArCrBr!r"rrKrKrLrMs       zCryptographyHMACKey.__init__cCsH|ddkstd|d|d}|d}t|}t|}|S)NrNrz1Incorrect key type. Expected: 'oct', Received: %srSr,)r7rrBrCr)rGrUrSrKrKrLr@'s  z CryptographyHMACKey._process_jwkcCs|jdt|jddS)Nrrr)r9rr<r=rnrKrKrLr2szCryptographyHMACKey.to_dictcCs4t|}tj|j|jtd}|||}|S)Nr)r rrr<rrrr)rGrhrrKrKrLr9s  zCryptographyHMACKey.signcCs^t|}t|}tj|j|jtd}||z ||d}W|Sty.d}Y|Sw)NrTF) r rrr<rrrrr)rGrrrverifiedrKrKrLr@s   zCryptographyHMACKey.verifyN)rrr__doc__rHS256rr2HS384r4HS512r6rrMr@rrrrKrKrKrLrs"  r):rkrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrrr)cryptography.hazmat.primitives.asymmetricrr r /cryptography.hazmat.primitives.asymmetric.utilsr r &cryptography.hazmat.primitives.ciphersr rrr&cryptography.hazmat.primitives.keywraprrr&cryptography.hazmat.primitives.paddingr,cryptography.hazmat.primitives.serializationrrcryptography.utilsrcryptography.x509r constantsr exceptionsrrutilsrrrr r!r"r#r%baser&_bindingr'rrrrKrKrKrLs2     $ +@}