|
Server : LiteSpeed System : Linux server51.dnsbootclub.com 4.18.0-553.62.1.lve.el8.x86_64 #1 SMP Mon Jul 21 17:50:35 UTC 2025 x86_64 User : nandedex ( 1060) PHP Version : 8.1.33 Disable Function : NONE Directory : /opt/cppython/lib/python3.8/site-packages/oauth2client/__pycache__/ |
U
����O��g� ����������������������@���sB��d�Z�ddlZddlZddlZddlmZ�ddlmZ�ejZejZdZ dZ
dZ
e�
e
�ZG�dd��de�Zd d
��Zz"dd
lmZ�ejZejZejZW�n �ek
r����dZdZeZY�nX�z
dd
lmZ�ejZejZW�n
�ek
r����dZdZY�nX�er�eZeZne�r
eZeZneZeZdd
d�Z
dd��Z
dd��Z
dd��Z ddd�Z dS�)z)Crypto-related routines for oauth2client.�����N)�_helpers)�_pure_python_crypti,��i�Q�c�������������������@���s���e�Zd�ZdZdS�)�AppIdentityErrorz!Error to indicate crypto failure.N)�__name__�
__module__�
__qualname__�__doc__��r ���r ����?/opt/cppython/lib/python3.8/site-packages/oauth2client/crypt.pyr���$���s���r���c������������������O���s
���t�d��d�S�)Nz#pkcs12_key_as_pem requires OpenSSL.)�NotImplementedError)�args�kwargsr ���r ���r
����_bad_pkcs12_key_as_pem(���s����r���)�_openssl_crypt)�_pycrypto_cryptc�����������������C���sv���ddd�}|dk r||d<�t��t��|��t��t��|��g}d�|�}|��|�}|�t��|���t�t|���d�|�S�)aR��Make a signed JWT.
See http://self-issued.info/docs/draft-jones-json-web-token.html.
Args:
signer: crypt.Signer, Cryptographic signer.
payload: dict, Dictionary of data to convert to JSON and then sign.
key_id: string, (Optional) Key ID header.
Returns:
string, The JWT for the payload.
ZJWTZRS256)�typ�algN�kid����.) r���Z_urlsafe_b64encodeZ
_json_encode�join�sign�append�logger�debug�str)Zsigner�payloadZkey_id�header�segmentsZ
signing_input� signaturer ���r ���r
����make_signed_jwtJ���s����
�
r ���c�����������������C���s6���|D�]$}t�j|dd�}|�|�|�r�dS�qtd��dS�)a���Verifies signed content using a list of certificates.
Args:
message: string or bytes, The message to verify.
signature: string or bytes, The signature on the message.
certs: iterable, certificates in PEM format.
Raises:
AppIdentityError: If none of the certificates can verify the message
against the signature.
T)Z
is_x509_certNzInvalid token signature)�VerifierZ
from_string�verifyr���)�messager
����certs�pemZverifierr ���r ���r
����_verify_signaturei���s
����
r%���c�����������������C���sJ���|dkr
dS�|���d�}|dkr,td�|����||krFtd�|||����dS�)aA��Checks audience field from a JWT payload.
Does nothing if the passed in ``audience`` is null.
Args:
payload_dict: dict, A dictionary containing a JWT payload.
audience: string or NoneType, an audience to check for in
the JWT payload.
Raises:
AppIdentityError: If there is no ``'aud'`` field in the payload
dictionary but there is an ``audience`` to check.
AppIdentityError: If the ``'aud'`` field in the payload dictionary
does not match the ``audience``.
NZaudzNo aud field in token: {0}z Wrong recipient, {0} != {1}: {2})�getr����format)�
payload_dict�audienceZaudience_in_payloadr ���r ���r
����_check_audience~���s����
����r*���c�����������������C���s����t�t����}|��d�}|dkr,td�|����|��d�}|dkrLtd�|����||t�krftd�|����|t�}||k�r�td�|||����|t�}||kr�td�|||����dS�) a���Verifies the issued at and expiration from a JWT payload.
Makes sure the current time (in UTC) falls between the issued at and
expiration for the JWT (with some skew allowed for via
``CLOCK_SKEW_SECS``).
Args:
payload_dict: dict, A dictionary containing a JWT payload.
Raises:
AppIdentityError: If there is no ``'iat'`` field in the payload
dictionary.
AppIdentityError: If there is no ``'exp'`` field in the payload
dictionary.
AppIdentityError: If the JWT expiration is too far in the future (i.e.
if the expiration would imply a token lifetime
longer than what is allowed.)
AppIdentityError: If the token appears to have been issued in the
future (up to clock skew).
AppIdentityError: If the token appears to have expired in the past
(up to clock skew).
ZiatNzNo iat field in token: {0}�expzNo exp field in token: {0}z exp field too far in future: {0}z$Token used too early, {0} < {1}: {2}z#Token used too late, {0} > {1}: {2})�int�timer&���r���r'����MAX_TOKEN_LIFETIME_SECS�CLOCK_SKEW_SECS)r(����nowZ issued_atZ
expirationZearliestZlatestr ���r ���r
����_verify_time_range����s:����
�
�
�������r1���c����������� ������C���s����t��|��}�|��d�dkr&td�|����|��d�\}}}|d�|�}t��|�}t��|�}zt�t�� |��}W�n���td�|���Y�nX�t
|||�
����t
|��t
||��|S�)a���Verify a JWT against public certs.
See http://self-issued.info/docs/draft-jones-json-web-token.html.
Args:
jwt: string, A JWT.
certs: dict, Dictionary where values of public keys in PEM format.
audience: string, The audience, 'aud', that this JWT should contain. If
None then the JWT's 'aud' parameter is not verified.
Returns:
dict, The deserialized JSON payload in the JWT.
Raises:
AppIdentityError: if any checks are failed.
r�������z&Wrong number of segments in token: {0}zCan't parse token: {0})r���� _to_bytes�countr���r'����splitZ_urlsafe_b64decode�json�loadsZ
_from_bytesr%����valuesr1���r*���) Zjwtr#���r)���r
���r���r
���Zmessage_to_signZ
payload_bytesr(���r ���r ���r
����
verify_signed_jwt_with_certs����s"����
�
r9���)N)N)!r���r6����loggingr-���Z
oauth2clientr���r���Z RsaSignerZ
RsaVerifierr/���ZAUTH_TOKEN_LIFETIME_SECSr.���� getLoggerr���r���� Exceptionr���r���r���Z
OpenSSLSignerZOpenSSLVerifierZpkcs12_key_as_pem�
ImportErrorr���ZPyCryptoSignerZPyCryptoVerifierZSignerr ���r ���r%���r*���r1���r9���r ���r ���r ���r
����<module>���sT���
5