o

we^1�@
s�dd
lm
Z

ddlZddlZddlmZ
ddlmZ
ddlmZm	Z	m
Z

ddlmZm
Z

ddlmZ
dd	lmZmZmZmZmZmZmZ
dd
lmZ
erTddlmZmZ
Gdd
�d
�Ze�ZejZejZej Z dS)�)
�annotationsN)
�timegm)
�Iterable)�datetime�	timedelta�timezone)�
TYPE_CHECKING�Any�
)
�api_jws)�DecodeError�ExpiredSignatureError�ImmatureSignatureError�InvalidAudienceError�InvalidIssuedAtError�InvalidIssuerError�MissingRequiredClaimError)
�RemovedInPyjwt3Warning)�AllowedPrivateKeys�AllowedPublicKeysc@
s�eZ
dZdJdKdd�ZedLd	d
��
Z		
	
	dMdNdd�Z	
	
dOdPdd�Z		
	
	
	
	
	
	dQdRd0d1�ZdSd3d4�Z			
	
	
	
	
	
	dQdTd5d6�Z
	
	
	dUdVd7d8�ZdWd9d:�ZdXd=d>�Z
dXd?d@�ZdXdAdB�ZdCdD�
dYdFdG�ZdZdHdI�Zd
S)[�PyJWTN�options�dict[str, Any] | None�return�NonecC
s"|
duri}
i|���
|
�
|_
dS�
N)�_get_default_optionsr)�selfr�r�D/home/arjun/projects/env/lib/python3.10/site-packages/jwt/api_jwt.py�__init__s


zPyJWT.__init__�dict[str, bool | list[str]]cC
sd
d
d
d
d
d
gd�S)NT)�verify_signature�
verify_exp�
verify_nbf�
verify_iat�
verify_aud�
verify_iss�requirerrrrrr s





�zPyJWT._get_default_options�HS256T�payload�dict[str, Any]�key� AllowedPrivateKeys | str | bytes�	algorithm�
str | None�headers�json_encoder�type[json.JSONEncoder] | None�sort_headers�bool�strc	C
snt|
t
�s	td
�
�
|
��}
dD]}t|
�|�
t�r#t|
|���
|
|<q|j|
||d�}t	j
||||||d�S)NzGExpecting a dict object, as JWT only supports JSON objects as payloads.)�exp�iat�nbf)r0r1)
r3)�
isinstance�dict�	TypeError�copy�getrr�utctimetuple�_encode_payloadr�encode)	rr*r,r.r0r1r3�
time_claim�json_payloadrrrr@,s,



�

�


�





�zPyJWT.encode�bytescC
stj
|
d
|d��d�
S)z�
        Encode a given payload to the bytes to be signed.

        This method is intended to be overridden by subclasses that need to
        encode the payload in a different way, e.g. compress the payload.
        )�
,�
:)�
separators�clszutf-8)�json�dumpsr@)rr*r0r1rrrr?Rs


��zPyJWT._encode_payload�r
�jwt�str | bytes�AllowedPublicKeys | str | bytes�
algorithms�list[str] | None�verify�bool | None�detached_payload�bytes | None�audience�str | Iterable[str] | None�issuer�leeway�float | timedelta�kwargsr	c
K
s�|
rt�
d
t|
���
��t�
t|pi�
}|�dd�
|du
r,||dkr,tj
dtd�
|dsN|�dd�
|�dd�
|�d	d�
|�d
d�
|�dd�
|drX|sXtd�
�
t	j
|
||||d
�}|�|�
}i|j�
|�
}
|j
||
|||	d�
||d<|S)Nzypassing additional kwargs to decode_complete() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: r"Tz�The `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. The equivalent is setting `verify_signature` to False in the `options` dictionary. This invocation has a mismatch between the kwarg and the option entry.)
�categoryr#Fr$r%r&r'z\It is required that you pass in a value for the "algorithms" argument when calling decode().)r,rNrrR)rTrVrWr*)�warnings�warn�tuple�keysrr:�
setdefault�DeprecationWarningrr�decode_complete�_decode_payloadr�_validate_claims)rrKr,rNrrPrRrTrVrWrY�decodedr*�merged_optionsrrrradsL


��


�






�




�



�
zPyJWT.decode_completerdc
C
sPz	t�
|
d
�
}Wnty
}
ztd|���
�
d}~w
wt|t�s&td�
�
|S)a


        Decode the payload from a JWS dictionary (payload, signature, header).

        This method is intended to be overridden by subclasses that need to
        decode the payload in a different way, e.g. decompress compressed
        payloads.
        r*zInvalid payload string: Nz-Invalid payload string: must be a json object)rH�loads�
ValueErrorrr9r:)rrdr*�
errrrb�s


��


zPyJWT._decode_payloadc
K
sB|
rt�
d
t|
���
��t�
|j|
||||||||	d�	}|dS)Nzppassing additional kwargs to decode() is deprecated and will be removed in pyjwt version 3. Unsupported kwargs: )rPrRrTrVrWr*)r[r\r]r^rra)rrKr,rNrrPrRrTrVrWrYrdrrr�decode�s&


��








�zPyJWT.decodecC
s�t|t
�r	|��}|du
rt|ttf�std
�
�
|�|
|�
tjt	j
d�
��}d|
vr6|dr6|�|
||�
d|
vrE|drE|�
|
||�
d|
vrT|drT|�|
||�
|d	r^|�|
|�
|d
rp|j|
||�dd�d
�
dSdS)Nz+audience must be a string, iterable or None)
�tzr7r%r8r$r6r#r'r&�
strict_audF�
�strict)r9r�
total_secondsr5rr;�_validate_required_claimsr�nowr�utc�	timestamp�
_validate_iat�
_validate_nbf�
_validate_exp�
_validate_iss�
_validate_audr=)rr*rrTrVrWrprrrrc�s&









��zPyJWT._validate_claimscC
s(|d
D]
}|
�|�
durt
|�
�
qdS)Nr()r=r)rr*r�claimrrrro
s


��zPyJWT._validate_required_claimsrp�floatcC
�@zt|
d
�
}Wnt
y


td�
�
w|||krtd�
�
dS)Nr7z)Issued At claim (iat) must be an integer.z The token is not yet valid (iat))�intrgrr)rr*rprWr7rrrrs
s


�
�zPyJWT._validate_iatcC
rz)Nr8z*Not Before claim (nbf) must be an integer.z The token is not yet valid (nbf))r{rgrr)rr*rprWr8rrrrt
�


�
�zPyJWT._validate_nbfcC
s@zt|
d
�
}Wnt
y


td�
�
w|||k
rtd�
�
dS)Nr6z/Expiration Time claim (exp) must be an integer.zSignature has expired)r{rgrr
)rr*rprWr6rrrru&
r|zPyJWT._validate_expFrlrmc

s�|durd
|
v
s|
d
sdStd�
�
d
|
v
s|
d
st
d
�
�
|
d
�|r@t|t�s-td�
�
t�t�s6td�
�
|�kr>td�
�
dSt�t�rH�g
�t�t�sQtd�
�
tdd��D�
�
r^td�
�
t|t�rf|g
}t�f
d	d�|D�
�
rutd
�
�
dS)N�audzInvalid audiencezInvalid audience (strict)z&Invalid claim format in token (strict)zAudience doesn't match (strict)zInvalid claim format in tokenc
s
s�|]	}
t|
t
�V
qdSr)r9r5)�.0�
crrr�	<genexpr>]
s�z&PyJWT._validate_aud.<locals>.<genexpr>c
3
s�|]}
|
�v
V
qdSrr)r~r}�
�audience_claimsrrr�c
s�zAudience doesn't match)rrr9r5�list�any�all)rr*rTrmrr�rrw4
s4
















�zPyJWT._validate_audcC
s4|durdSd
|
v
rtd
�
�
|
d
|krt
d�
�
dS)N�isszInvalid issuer)rr)rr*rVrrrrvf
s



�zPyJWT._validate_issr)rrrr)rr!)r)NNT)r*r+r,r-r.r/r0rr1r2r3r4rr5)NN)r*r+r0rr1r2rrC)rJNNNNNNr
)rKrLr,rMrNrOrrrPrQrRrSrTrUrVr/rWrXrYr	rr+)rdr+rr	)rKrLr,rMrNrOrrrPrQrRrSrTrUrVr/rWrXrYr	rr	)NNr
)r*r+rr+rWrXrr)r*r+rr+rr)r*r+rpryrWryrr)r*r+rTrUrmr4rr)r*r+rVr	rr)�__name__�
__module__�__qualname__r �staticmethodrr@r?rarbrircrorsrtrurwrvrrrrrsT




�)
�



�
E



�*

�
#
	

�2r)!�
__future__rrHr[�calendarr�collections.abcrrrr�typingrr	rJr�
exceptionsrr
rrrrrrrNrrr�_jwt_global_objr@rarirrrr�<module>
s&




$
	
Y