o ?HhX@sdddlZddlZddlmZmZddlmZddlmZddl m Z m Z m Z ddl mZmZmZddlmZmZddlmZmZmZmZdd lmZmZmZdd lmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%ddl&m'Z'ddl(m)Z)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/m0Z0ddl1m2Z2da3ddZ4Gddde2Z5Gddde2Z6Gddde2Z7Gddde2Z8dS)N)InvalidSignature InvalidTag)default_backend)Binding)hasheshmac serialization)ecpaddingrsa)decode_dss_signatureencode_dss_signature)Cipheraead algorithmsmodes) InvalidUnwrapaes_key_unwrap aes_key_wrap)PKCS7)load_pem_private_keyload_pem_public_key) int_to_bytes)load_pem_x509_certificate) ALGORITHMS)JWEErrorJWKError)base64_to_longbase64url_decodebase64url_encode ensure_binarylong_to_base64)KeycCsDtdurtatjd|}tj||tj||dd}|S)aK Get random bytes Currently, Cryptography returns OS random bytes. If you want OpenSSL generated random bytes, you'll have to switch the RAND engine after initializing the OpenSSL backend Args: num_bytes (int): Number of random bytes to generate and return Returns: bytes: Random bytes Nzchar[])_bindingrffinewlib RAND_bytesbuffer) num_bytesbuf rand_bytesr.b/home/air/sanwanet/gpt-api/venv/lib/python3.10/site-packages/jose/backends/cryptography_backend.pyget_random_bytess r0c@szeZdZejZejZejZefddZddZ ddZ ddZ d d Z d d Z d dZddZddZddZddZdS)CryptographyECKeyc Cs(|tjvr td|tj|jtj|jtj|ji ||_ ||_ ||_ t |ds-t |dr2||_dSt |dr>|d}t|trK|||_dSt|trU|d}t|trzz t|| }Wntyvt|d| d}YnwWnty}zt|d}~ww||_dStd|)N*hash_alg: %s is not a valid hash algorithm public_bytes private_bytesto_pemutf-8passwordbackendz%Unable to parse an ECKey from key: %s)rECrES256SHA256ES384SHA384ES512SHA512gethash_alg _algorithmcryptography_backendhasattr prepared_keyr5decode isinstancedict _process_jwkstrencodebytesr ValueErrorr Exceptionselfkey algorithmrDer.r.r/__init__5sF          zCryptographyECKey.__init__csddkstddtfdddDstdtd}td }tjtjtjd d }t|||}d vrZtd }t ||}| | S| | S) Nktyr:z0Incorrect key type. Expected: 'EC', Received: %sc3|]}|vVqdSNr..0kjwk_dictr.r/ fz1CryptographyECKey._process_jwk..)xycrvz Mandatory parameters are missingr`ra)P-256P-384P-521rbd) rArallrr SECP256R1 SECP384R1 SECP521R1EllipticCurvePublicNumbersEllipticCurvePrivateNumbers private_keyrD public_key)rQr]r`racurvepublicrfprivater.r\r/rJbs$ zCryptographyECKey._process_jwkcCstt|jjdS)zDetermine the correct serialization length for an encoded signature component. This is the number of bytes required to encode the maximum key value. g @)intmathceilrFkey_sizerQr.r.r/_sig_component_length{sz'CryptographyECKey._sig_component_lengthcCs(t|\}}|}t||t||S)z4Convert signature from DER encoding to RAW encoding.)r rwr)rQ der_signaturerscomponent_lengthr.r.r/ _der_to_raws zCryptographyECKey._der_to_rawcCs^|}t|td|krtd|d|}||d}t|d}t|d}t||S)z4Convert signature from RAW encoding to DER encoding.rzInvalid signatureNbig)rwlenrrrN from_bytesr )rQ raw_signaturer{r_bytess_bytesryrzr.r.r/ _raw_to_ders     zCryptographyECKey._raw_to_dercCsV|jjd|jjjkrtd|jjjd|jjf|j|t |}| |S)Nz1this curve (%s) is too short for your digest (%d)) rB digest_sizerFroru TypeErrornamesignr ECDSAr|)rQmsg signaturer.r.r/rs zCryptographyECKey.signcCs@z||}|j||t|WdStyYdSw)NTF)rrFverifyr rrBrO)rQrsigrr.r.r/rs  zCryptographyECKey.verifycC t|jdSNr3rErFrvr.r.r/ is_public zCryptographyECKey.is_publiccC |r|S||j|jSrXr __class__rFrnrCrvr.r.r/rnzCryptographyECKey.public_keycCsF|r|jjtjjtjjd}|S|jjtjjtj j t d}|S)Nencodingformatrrencryption_algorithm) rrFr3rEncodingPEM PublicFormatSubjectPublicKeyInfor4 PrivateFormatTraditionalOpenSSL NoEncryption)rQpemr.r.r/r5s zCryptographyECKey.to_pemcCs|s |j}n|j}dddd|jjj}|jjjdd}|jd|t|j |d d t|j |d d d }|sS|j j }t||d d |d <|S) Nrcrdre) secp256r1 secp384r1 secp521r1rr:)sizeASCII)algrVrbr`rarf)rrFrnrorrurCr"public_numbersr`rGraprivate_numbers private_value)rQrnrbrudatarr.r.r/to_dicts(   zCryptographyECKey.to_dictN)__name__ __module__ __qualname__rr<r>r@rrUrJrwr|rrrrrnr5rr.r.r.r/r10s -   r1c@seZdZejZejZejZeZ e e e e dZ e e eedZefddZddZddZdd Zd d Zd d ZddZdddZddZddZddZdS)CryptographyRSAKeyNc CsL|tjvr td|tj|jtj|jtj|ji ||_ ||_ tj |j tj |j tj|ji ||_||_t|drDt|drD||_dSt|trQ|||_dSt|tr[|d}t|trz/|drn||WdSz t|||_WWdStyt|d|d|_YWdSwty}zt|d}~wwtd|)Nr2r3rr6-----BEGIN CERTIFICATE-----r7z'Unable to parse an RSA_JWK from key: %s)rRSArRS256r<RS384r>RS512r@rArBrCRSA1_5RSA_OAEP RSA_OAEP_256r rDrErFrHrIrJrKrLrM startswith _process_certrrNrrOrPr.r.r/rUsR           zCryptographyRSAKey.__init__c sBddkstddtdd}td}t||}dvr0||Std}gd}tfd d |Drttfd d |DsUtd td }td}td} td} td} nt |||\}}t ||} t ||} t ||} t |||| | | |} | |S)NrVrz1Incorrect key type. Expected: 'RSA', Received: %srTnrf)pqdpdqqic3rWrXr.rYr\r.r/r^"r_z2CryptographyRSAKey._process_jwk..c3rWrXr.rYr\r.r/r^$r_z2Precomputed private key parameters are incomplete.rrrrr)rArrr RSAPublicNumbersrnrDanyrgrsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpRSAPrivateNumbersrm) rQr]rTrrprf extra_paramsrrrrrrqr.r\r/rJs.        zCryptographyRSAKey._process_jwkcCst||}||_dSrX)rrDrnrF)rQrRr.r.r/r;sz CryptographyRSAKey._process_certc Cs@z|j|t|}W|Sty}zt|d}~wwrX)rFrr PKCS1v15rBrOr)rQrrrTr.r.r/r?szCryptographyRSAKey.signcCsL|s tdz|j||t|WdSt y%YdSw)NzKAttempting to verify a message with a private key. This is not recommended.TF) rwarningswarnrnrFrr rrBr)rQrrr.r.r/rFs  zCryptographyRSAKey.verifycCrrrrvr.r.r/rPrzCryptographyRSAKey.is_publiccCrrXrrvr.r.r/rnSrzCryptographyRSAKey.public_keyPKCS8cCs|r(|dkr tjj}n|dkrtjj}ntd||jjtjj |d}|S|dkr1tj j }n|dkr:tj j }ntd||jj tjj |tdS)NrPKCS1zInvalid format specified: %rrr)rrrrrrNrFr3rrrrrr4r)rQ pem_formatfmtrr.r.r/r5Xs       zCryptographyRSAKey.to_pemc Cs|s |j}n|j}|jdt|jdt|jdd}|sk| t|j j dt|j j dt|j j dt|j jdt|j jdt|j jdd|S)Nrr)rrVrrT)rfrrrrr)rrFrnrCr"rrrGrTupdaterrfrrdmp1dmq1iqmp)rQrnrr.r.r/rns&  zCryptographyRSAKey.to_dictc Cs8z |j||j}W|Sty}zt|d}~wwrX)rFencryptr rOr)rQkey_data wrapped_keyrTr.r.r/wrap_keyszCryptographyRSAKey.wrap_keyc Cs8z |j||j}|WSty}zt|d}~wwrX)rFdecryptr rOr)rQr unwrapped_keyrTr.r.r/ unwrap_keyszCryptographyRSAKey.unwrap_key)r)rrrrr<r>r@r rrOAEPMGF1SHA1rrrrUrJrrrrrnr5rrrr.r.r.r/rs$ /)   rc@seZdZejejejejfZej ej ej ej fZ ejejejejejfZejfZejfZejej ejfZejejej ejejejejejejejejejejejej ejejejejejej ejejejejdej dejdiZddZddZdddZddd Z d d Z!d d Z"dS)CryptographyAESKeyNcCs|tjvr td||tjtjvrtd|||_|j|j|_ ||j vr7t |dkr7td|||j vrIt |dkrItd|||j vr[t |dkr[td|||jvrmt |d krmtd |||jvrt |d krtd |||_dS) Nz%s is not a valid AES algorithmz%s is not a supported algorithmzKey must be 128 bit for alg zKey must be 192 bit for alg zKey must be 256 bit for alg 0zKey must be 384 bit for alg @zKey must be 512 bit for alg )rAESr SUPPORTEDunion AES_PSEUDOrCMODESrA_modeKEY_128r~KEY_192KEY_256KEY_384KEY_512_key)rQrRrSr.r.r/rUs"    zCryptographyAESKey.__init__cCs|jdt|jd}|S)NoctrrVr[)rCr r)rQrr.r.r/rszCryptographyAESKey.to_dictc Cst|}zdttjjd}||}|jdkr5t|j }| |||}|dt |d}|dd}n.t t|j |t d}|} ttjj} | |} | | 7} | | | }d}|||fWStyx} zt| d} ~ ww)NrGCMrir9)r!r0rr block_sizerrrAESGCMrrr~rr encryptorrpadderrfinalizerOr) rQ plain_textaadivmodeciphercipher_text_and_tag cipher_textauth_tagrr padded_datarTr.r.r/rs*      zCryptographyAESKey.encryptc Cst|}zht|}||}|jdkr<|durtdt|j}||}z ||||}W|WSty;t dwt t |j|t d}|} | |} | | 7} tt j j} | | }|| 7}|WSty|} zt | d} ~ ww)Nrztag cannot be NonezInvalid JWE Auth Tagr)r!rrrNrrrrrrrrrr decryptorrrrrunpadderrO) rQrrrtagrrrrrpadded_plain_textrrTr.r.r/rs6        zCryptographyAESKey.decryptcCst|}t|j|t}|SrX)r!rrr)rQrrr.r.r/rszCryptographyAESKey.wrap_keyc Cs@t|}z t|j|t}W|Sty}zt|d}~wwrX)r!rrrrr)rQrrcauser.r.r/r szCryptographyAESKey.unwrap_keyrX)NNN)#rrrrA128GCM A128GCMKWA128KWA128CBCrA192GCM A192GCMKWA192KWA192CBCrA256GCM A256GCMKWA256KW A128CBC_HS256A256CBCr A192CBC_HS384r A256CBC_HS512r AES_KW_ALGSrrCBCrrUrrrrrr.r.r.r/rsD   rc@sZeZdZdZejeeje ej e iZ ddZ ddZddZdd Zd d Zd S) CryptographyHMACKeyzf Performs signing and verification operations using HMAC and the specified hash function. cs|tjvr td|||_|j||_ttr"| |_ dStt s0tt s0tdtt r: dgd}tfdd|DrMtd|_ dS)Nr2z+Expecting a string- or bytes-formatted key.r6)s-----BEGIN PUBLIC KEY-----s-----BEGIN RSA PUBLIC KEY-----rsssh-rsac3rWrXr.)rZ string_valuerRr.r/r^2r_z/CryptographyHMACKey.__init__..zdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rHMACrrCALG_MAPrA _hash_algrHrIrJrFrKrMrLr)rQrRrSinvalid_stringsr.rr/rUs"       zCryptographyHMACKey.__init__cCsH|ddkstd|d|d}|d}t|}t|}|S)NrVrz1Incorrect key type. Expected: 'oct', Received: %sr[r6)rArrLrMr)rQr]r[r.r.r/rJ:s  z CryptographyHMACKey._process_jwkcCs|jdt|jddS)Nrrr)rCr rFrGrvr.r.r/rEszCryptographyHMACKey.to_dictcCs4t|}tj|j|jtd}|||}|S)Nr)r!rrrFr!rrr)rQrhrr.r.r/rLs  zCryptographyHMACKey.signcCs^t|}t|}tj|j|jtd}||z ||d}W|Sty.d}Y|Sw)NrTF) r!rrrFr!rrrr)rQrrr#verifiedr.r.r/rSs   zCryptographyHMACKey.verifyN)rrr__doc__rHS256rr<HS384r>HS512r@r rUrJrrrr.r.r.r/rs"  r)9rsrcryptography.exceptionsrrcryptography.hazmat.backendsr,cryptography.hazmat.bindings.openssl.bindingrcryptography.hazmat.primitivesrrr)cryptography.hazmat.primitives.asymmetricr r r /cryptography.hazmat.primitives.asymmetric.utilsr r &cryptography.hazmat.primitives.ciphersrrrr&cryptography.hazmat.primitives.keywraprrr&cryptography.hazmat.primitives.paddingr,cryptography.hazmat.primitives.serializationrrcryptography.utilsrcryptography.x509r constantsr exceptionsrrutilsrrr r!r"baser$r%r0r1rrrr.r.r.r/s4       +@z