HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: //usr/lib/python3.6/site-packages/jwcrypto/__pycache__/jwe.cpython-36.opt-1.pyc
3

��Nf�L�@s�ddlZddlmZddlmZddlmZmZddlmZmZddl	m
Z
d4Zd5d6d7d8d9d:d;d<d=d>d?d@dAd�
Zdddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/gZ
Gd0d1�d1e�ZejZejZejZejZGd2d3�d3e�ZdS)B�N)�common)�JWException)�base64url_decode�base64url_encode)�json_decode�json_encode)�JWA�i�	AlgorithmT�Encryption Algorithm�Compression Algorithm�JWK Set URLF�JSON Web Key�Key ID�	X.509 URL�X.509 Certificate Chain�"X.509 Certificate SHA-1 Thumbprint�$X.509 Certificate SHA-256 Thumbprint�Type�Content Type�Critical)
�alg�enc�zipZjkuZjwkZkidZx5uZx5cZx5tzx5t#S256�typZcty�critZRSA1_5zRSA-OAEPzRSA-OAEP-256ZA128KWZA192KWZA256KW�dirzECDH-ESzECDH-ES+A128KWzECDH-ES+A192KWzECDH-ES+A256KWZ	A128GCMKWZ	A192GCMKWZ	A256GCMKWzPBES2-HS256+A128KWzPBES2-HS384+A192KWzPBES2-HS512+A256KWz
A128CBC-HS256z
A192CBC-HS384z
A256CBC-HS512ZA128GCMZA192GCMZA256GCMcs"eZdZdZd�fdd�	Z�ZS)�InvalidJWEDatazvInvalid JWE Object.

    This exception is raised when the JWE Object is invalid and/or
    improperly formatted.
    Ncs:d}|r|}nd}|r&|dt|�7}tt|�j|�dS)Nz!Unknown Data Verification Failurez {%s})�str�superr�__init__)�self�messageZ	exception�msg)�	__class__��/usr/lib/python3.6/jwe.pyr 6szInvalidJWEData.__init__)NN)�__name__�
__module__�__qualname__�__doc__r �
__classcell__r%r%)r$r&r/src@s�eZdZdZd%dd�Zdd�Zdd�Zed	d
��Zej	dd
��Zdd
�Z
d&dd�Zdd�Zdd�Z
d'dd�Zd(dd�Zdd�Zdd�Zdd�Zd)dd �Zed!d"��Zed#d$��ZdS)*�JWEzGJSON Web Encryption object

    This object represent a JWE token.
    NcCs�d|_t�|_d|_|dk	r:t|t�r.||_n|jd�|_d|_d|_|rT||jd<|r~t|t�rlt	|�}nt
|�||jd<|r�t|t�r�t	|�}nt
|�||jd<|r�||_|r�|j||d�n|r�t
d��dS)a�Creates a JWE token.

        :param plaintext(bytes): An arbitrary plaintext to be encrypted.
        :param protected: A JSON string with the protected header.
        :param unprotected: A JSON string with the shared unprotected header.
        :param aad(bytes): Arbitrary additional authenticated data
        :param algs: An optional list of allowed algorithms
        :param recipient: An optional, default recipient key
        :param header: An optional header for the default recipient
        Nzutf-8�aad�	protected�unprotected)�headerz-Header is allowed only with default recipient)�
_allowed_algs�dict�objects�	plaintext�
isinstance�bytes�encode�cek�
decryptlogrr�allowed_algs�
add_recipient�
ValueError)r!r4r.r/r-�algsZ	recipientr0r%r%r&r Ns6







zJWE.__init__cCs$|jpt}||krtd��tj|�S)NzAlgorithm not allowed)r1�default_allowed_algs�InvalidJWEOperationrZkeymgmt_alg)r!�name�allowedr%r%r&�_jwa_keymgmtzs
zJWE._jwa_keymgmtcCs$|jpt}||krtd��tj|�S)NzAlgorithm not allowed)r1r>r?rZencryption_alg)r!r@rAr%r%r&�_jwa_enc�s
zJWE._jwa_enccCs|jr|jStSdS)z�Allowed algorithms.

        The list of allowed algorithms.
        Can be changed by setting a list of algorithm names.
        N)r1r>)r!r%r%r&r:�szJWE.allowed_algscCst|t�std��||_dS)NzAllowed Algs must be a list)r5�list�	TypeErrorr1)r!r=r%r%r&r:�s
cCs8x(t|j��D]}||krtd|��qW|j|�|S)NzDuplicate header: "%s")rD�keysr�update)r!Zh1Zh2�kr%r%r&�_merge_headers�s

zJWE._merge_headerscCsjt�}d|jkr*t|jd�}|j||�}d|jkrNt|jd�}|j||�}|rft|�}|j||�}|S)Nr.r/)r2r3rrI)r!r0�jh�phZuhZrhr%r%r&�_get_jose_header�s

zJWE._get_jose_headercCsT|jdd�}|dkrtd��|j|�}|jdd�}|dkrBtd��|j|�}||fS)NrzMissing "alg" from headersrzMissing "enc" from headers)�getrrBrC)r!rJZalgnamerZencnamerr%r%r&�_get_alg_enc_from_headers�s

zJWE._get_alg_enc_from_headersc
Cs�t|jjdd��}d|jkr2|dt|jd�7}|jd�}|jdd�}|dkrftj|j�dd�}n|dkrv|j}ntd
��|j|j	||�\}}}	||jd<||jd<|	|jd
<dS)Nr.�r-�.zutf-8r�DEF��zUnknown compression�iv�
ciphertext�tag���)
rr3rMr7�zlib�compressr4r<Zencryptr8)
r!rrrJr-rY�datarTrUrVr%r%r&�_encrypt�s



zJWE._encryptcCs�|jdkrtd��t|jt�s&td��t|t�r8t|�}|j|�}|j|�\}}t�}|rb||d<|j||j	|j
|�}|d|_
d|kr�|d|d<d|kr�t|jdd��}|j
||d�}	t|	�|d<d	|jkr�|j|||�d
|jkr�|jd
j|�n�d|jk�sd|jk�r�t�|jd
<t�}
d|jk�rB|jjd�|
d<d|jk�r^|jjd�|
d<|jd
j|
�|jd
j|�n|jj|�dS)aEncrypt the plaintext with the given key.

        :param key: A JWK key or password of appropriate type for the 'alg'
         provided in the JOSE Headers.
        :param header: A JSON string representing the per-recipient header.

        :raises ValueError: if the plaintext is missing or not of type bytes.
        :raises ValueError: if the compression type is unknown.
        :raises InvalidJWAAlgorithm: if the 'alg' provided in the JOSE
         headers is missing or unknown, or otherwise not implemented.
        NzMissing plaintextzPlaintext must be 'bytes'r0r8Zek�
encrypted_keyz{}rU�
recipients)r4r<r5r6r2rrLrNZwrap�
wrap_key_sizer8rrMrIr3r[�appendrD�poprG)r!�keyr0rJrr�rec�wrapped�hZnh�nr%r%r&r;�sB





zJWE.add_recipientFc
Cs�d|jkrtd��|�rjx"dD]}||jkrtd|��qWd|jkrPtd��n0t|jd�}x dD]}||krdtd
|��qdWd|jkr�t|jd�dkr�td
��|jdd}n|j}d|k�r"t|d�}t|jd�}|j||�}t|�|jd<|j�}|j|�\}	}
|j|	|
|�|d=dj	t
|jd�t
|jdd��t
|jd�t
|jd�t
|jd�g�S|j}t
|d�t
|d�t
|jd�d�}
d|k�r�t
|d�|
d<d|k�r�t|d�|
d<d|k�r�t
|d�|
d<d|k�rVt�|
d<x�|dD]N}t
�}d|k�r&t
|d�|d<d|k�r@t|d�|d<|
dj|��qWn4d|k�rpt
|d�|
d<d|k�r�t|d�|
d<t|
�SdS)a�Serializes the object into a JWE token.

        :param compact(boolean): if True generates the compact
         representation, otherwise generates a standard JSON format.

        :raises InvalidJWEOperation: if the object cannot serialized
         with the compact representation and `compact` is True.
        :raises InvalidJWEOperation: if no recipients have been added
         to the object.
        rUzNo available ciphertextr-r/z8Can't use compact encoding when the '%s' parameteris setr.z3Can't use compat encoding without protected headersrrz?Can't use compat encoding, '%s' must be in the protected headerr]�zInvalid number of recipientsrr0rPr\rOrTrV)rUrTrVN)r-r/)rr)r3r?r�lenrIrrLrNr[�joinrrMrDr2r_)
r!ZcompactZinvalidrKZrequiredrbrdZnphrJrr�obj�er%r%r&�	serializesx

















z
JWE.serializecCs@x:|D]2}|tkr td|��qt|dstd|��qWdS)NzUnknown critical header: "%s"rfz!Unsupported critical header: "%s")�JWEHeaderRegistryr)r!rrHr%r%r&�_check_critWs
zJWE._check_critc
Cs<|j|jdd��}|j|jdt���|j|jdd��}|j|jdd��}t|jjdd��}d|jkr||dt|jd�7}|j||j	|jd	d
�|�}|j
||jd�|jd|jd
|jd�}|jj
d�||_|jdd�}	|	dk�rt|�tk�r
tddt�d���tj|tj�|_n|	dk�r0||_ntd��dS)Nr0rrrr.rOr-rPr\�zutf-8rTrUrVZSuccessrrQz+Compressed data exceeds maximum allowedsizez (�)zUnknown compression)rLrMrmr2rBrCrr3Zunwrapr^�decryptr7r9r_r8rg�default_max_compressed_sizerrXZ
decompressZ	MAX_WBITSr4r<)
r!raZpperJrrr-r8rZrYr%r%r&�_decryptas2



zJWE._decryptcCs�d|jkrtd��t�|_d|jkr�x�|jdD]L}y|j||�Wq0tk
rz}z|jjdt|��WYdd}~Xq0Xq0WnJy|j||j�Wn6tk
r�}z|jjdt|��WYdd}~XnX|js�t	dt|j���dS)a�Decrypt a JWE token.

        :param key: The (:class:`jwcrypto.jwk.JWK`) decryption key.
        :param key: A (:class:`jwcrypto.jwk.JWK`) decryption key or a password
         string (optional).

        :raises InvalidJWEOperation: if the key is not a JWK object.
        :raises InvalidJWEData: if the ciphertext can't be decrypted or
         the object is otherwise malformed.
        rUzNo available ciphertextr]zFailed: [%s]Nz%No recipient matched the provided key)
r3r?rDr9rr�	Exceptionr_�reprr4r)r!rarbrjr%r%r&rp�s 

,&zJWE.decryptc
CsFt�|_d|_d|_t�}�y�y0t|�}t|d�|d<t|d�|d<t|d�|d<d|kr|t|d�}|jd�|d<d|kr�t|d�|d<d|kr�t|d�|d<d	|k�rt�|d	<x�|d	D]J}t�}d
|kr�t|d
�|d
<d|k�rt|d�|d<|d	j	|�q�Wn4d
|k�r4t|d
�|d
<d|k�rNt|d�|d<Wn�t
k
�r�|jd�}t|�d
k�r�t
��t|d�}|jd�|d<t|d�}	|	dk�r�t|d�|d
<t|d�|d<t|d�|d<t|d�|d<YnX||_Wn2tk
�r0}zt
dt|���WYdd}~XnX|�rB|j|�dS)aKDeserialize a JWE token.

        NOTE: Destroys any current status and tries to import the raw
        JWE provided.

        :param raw_jwe: a 'raw' JWE token (JSON Encoded or Compact
         notation) string.
        :param key: A (:class:`jwcrypto.jwk.JWK`) decryption key or a password
         string (optional).
         If a key is provided a decryption step will be attempted after
         the object is successfully deserialized.

        :raises InvalidJWEData: if the raw object is an invaid JWE token.
        :raises InvalidJWEOperation: if the decryption fails.
        NrTrUrVr.zutf-8r/r-r]r\r0rP�rrfrnrR�rSzInvalid format)r2r3r4r8rr�decoderrDr_r<�splitrgrrsrtrp)
r!Zraw_jwera�oZdjwe�prbrj�cZekeyr%r%r&�deserialize�s^







 zJWE.deserializecCs|jstd��|jS)NzPlaintext not available)r4r?)r!r%r%r&�payload�szJWE.payloadcCs |j�}t|�dkrtd��|S)NrzJOSE Header not available)rLrgr?)r!rJr%r%r&�jose_header�szJWE.jose_header)NNNNNNN)N)N)F)N)r'r(r)r*r rBrC�propertyr:�setterrIrLrNr[r;rkrmrrrpr|r}r~r%r%r%r&r,Hs&
+



7
U
$ 
Ir,i)r
T)rT)rT)r
F)rF)rT)rF)rF)rF)rF)rT)rT)rT)rXZjwcryptorZjwcrypto.commonrrrrrZjwcrypto.jwarrqrlr>rZInvalidCEKeyLengthZInvalidJWEKeyLengthZInvalidJWEKeyTyper?�objectr,r%r%r%r&�<module>sD