PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB`  ?Yc@s_ddlZddlZddlmZddlmZmZddlmZddl m Z m Z ddl m Z idd6d d 6d d 6d d6dd6dd6dd6ZdefdYZdefdYZdefdYZdefdYZdefdYZdefd YZd!efd"YZd#efd$YZdS(%iN(t string_types(t json_decodet json_encode(tJWE(tJWKtJWKSet(tJWStIssuertisstSubjecttsubtAudiencetaudsExpiration Timetexps Not Beforetnbfs Issued AttiatsJWT IDtjtit JWTExpiredcBseZdZdddZRS(smJson Web Token is expired. This exception is raised when a token is expired accoring to its claims. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(Ns Token expireds {%s}(tNonetstrtsuperRt__init__(tselftmessaget exceptiontmsg((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRsN(t__name__t __module__t__doc__RR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRstJWTNotYetValidcBseZdZdddZRS(s~Json Web Token is not yet valid. This exception is raised when a token is not valid yet according to its claims. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(NsToken not yet valids {%s}(RRRRR(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR1sN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR*stJWTMissingClaimcBseZdZdddZRS(ssJson Web Token claim is invalid. This exception is raised when a claim does not match the expected value. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(NsInvalid Claim Values {%s}(RRRRR(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRBsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR<stJWTInvalidClaimValuecBseZdZdddZRS(ssJson Web Token claim is invalid. This exception is raised when a claim does not match the expected value. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(NsInvalid Claim Values {%s}(RRRRR(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRSsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRMstJWTInvalidClaimFormatcBseZdZdddZRS(sqJson Web Token claim format is invalid. This exception is raised when a claim is not in a valid format. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(NsInvalid Claim Formats {%s}(RRRR R(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRdsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR ^stJWTMissingKeyIDcBseZdZdddZRS(sJson Web Token is missing key id. This exception is raised when trying to decode a JWT with a key set that does not have a kid value in its header. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(NsMissing Key IDs {%s}(RRRR!R(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRvsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR!ost JWTMissingKeycBseZdZdddZRS(sJson Web Token is using a key not in the key set. This exception is raised if the key that was used is not available in the passed key set. cCsXd}|rt|}nd}|r>|dt|7}ntt|j|dS(Ns Missing Keys {%s}(RRRR"R(RRRR((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRsN(RRRRR(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR"stJWTcBs^eZdZddddddddZedZejdZedZejdZedZ e jdZ edZ e jd Z ed Z e jd Z d Z d Z dZdZdZdZdZdZdZdZdZdZdZddZedZRS(sFJSON Web token object This object represent a generic token. cCsd|_d|_d|_||_d|_d|_d|_d|_|rZ||_ n|dk rr||_n|dk r||_n|r||_ n|dk r|j ||ndS(sKCreates a JWT object. :param header: A dict or a JSON string with the JWT Header data. :param claims: A dict or a string withthe JWT Claims data. :param jwt: a 'raw' JWT token :param key: A (:class:`jwcrypto.jwk.JWK`) key to deserialize the token. A (:class:`jwcrypt.jwk.JWKSet`) can also be used. :param algs: An optional list of allowed algorithms :param default_claims: An optional dict with default values for registred claims. A None value for NumericDate type claims will cause generation according to system time. Only the values fro RFC 7519 - 4.1 are evaluated. :param check_claims: An optional dict of claims that must be present in the token, if the value is not None the claim must match exactly. Note: either the header,claims or jwt,key parameters should be provided as a deserialization operation (which occurs if the jwt is provided will wipe any header os claim provided by setting those obtained from the deserialization of the jwt token. Note: if check_claims is not provided the 'exp' and 'nbf' claims are checked if they are set on the token but not enforced if not set. Any other RFC 7519 registered claims are checked only for format conformance. i<iXN( Rt_headert_claimst_tokent_algst _reg_claimst _check_claimst_leewayt _validitytheadertclaimst deserialize(RR,R-tjwttkeytalgstdefault_claimst check_claims((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRs$               cCs%|jdkrtdn|jS(Ns'header' not set(R$RtKeyError(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR,scCs.t|tr!t||_n ||_dS(N(t isinstancetdictRR$(Rth((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR,scCs%|jdkrtdn|jS(Ns'claims' not set(R%RR4(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR-scCs;t|tr.|j|t||_n ||_dS(N(R5R6t_add_default_claimsRR%(Rtc((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR-s cCs|jS(N(R&(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyttokenscCsIt|ts-t|ts-t|tr9||_n tddS(Ns.Invalid token type, must be one of JWS,JWE,JWT(R5RRR#R&t TypeError(Rtt((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR:s- cCs|jS(N(R*(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytleewayscCst||_dS(N(tintR*(Rtl((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR=scCs|jS(N(R+(R((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytvalidityscCst||_dS(N(R>R+(Rtv((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR@scCsB||krdS|jj|d}|dk r>|||ttimeRERGR@RJ(RR-tnow((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR8scCs6||krdSt||ts2tdndS(Ns"Claim %s is not a StringOrURI type(R5RR (RRCR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_string_claim&s cCs||krdSt||trRtd|Dr{td|fq{n)t||ts{td|fndS(Ncss|]}t|t VqdS(N(R5R(t.0tclaim((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pys 0ss'Claim %s contains non StringOrURI typess"Claim %s is not a StringOrURI type(R5tlisttanyR R(RRCR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_array_or_string_claim,s cCsM||krdSyt||Wn$tk rHtd|fnXdS(NsClaim %s is not an integer(R>t ValueErrorR (RRCR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_integer_claim7s  cCs0|||kr,td|||fndS(Ns#Expired at %d, time: %d(leeway: %d)(R(RROtlimitR=((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt _check_exp@scCs0|||kr,td|||fndS(Ns#Valid from %d, time: %d(leeway: %d)(R(RRORUR=((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt _check_nbfEscCs|jd||jd||jd||jd||jd||jd||jd||jdkrd|kr|j|dtj|jnd|kr|j|dtj|jqndS(NRR R R RRR( RMRRRTR)RRVRKR*RW(RR-((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_default_claimsJs # cCs|jtkrdSy.t|j}t|ts@tnWn0tk rs|jdk rotdndSX|j ||jdkrdSx|jj D]\}}||krt d|fn|d kr|dk r|||krt d||||fqq|dkr|dk r|||krKqnt||t rw|||krwqqwnt d||||fqq|d kr|dk r|j|||d q|j||tj|jq|d krD|dk r!|j|||d q|j||tj|jq|dk r|||krt d ||||fqqWdS(Ns4Claims check requested but claims is not a json dictsClaim %s is missingRR Rs*Invalid '%s' value. Expected '%s' got '%s'R s)Invalid '%s' value. Expected '%s' in '%s'R iRs*Invalid '%s' value. Expected '%d' got '%d'(sissssubsjti(R)tFalseRR-R5R6RSRR RXtitemsRRRPRVRKR*RW(RR-RCtvalue((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyt_check_provided_claimsYsX          #  #cCs2t|j}|j|d|j||_dS(sSigns the payload. Creates a JWS token with the header as the JWS protected header and the claims as the payload. See (:class:`jwcrypto.jws.JWS`) for details on the exceptions that may be reaised. :param key: A (:class:`jwcrypto.jwk.JWK`) key. t protectedN(RR-t add_signatureR,R:(RR0R<((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytmake_signed_tokens cCs/t|j|j}|j|||_dS(s#Encrypts the payload. Creates a JWE token with the header as the JWE protected header and the claims as the plaintext. See (:class:`jwcrypto.jwe.JWE`) for details on the exceptions that may be reaised. :param key: A (:class:`jwcrypto.jwk.JWK`) key. N(RR-R,t add_recipientR:(RR0R<((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pytmake_encrypted_tokens  cCs|jd}|dkr*t|_n'|dkrEt|_n td|jrl|j|j_n|d kr|jj|d n t |t r|jj||nt |t r|jj|d d|jj krt dn|j|jj d}|s2td|jj dnt |jtrW|jj|qt |jtr||jj|qtdn td |d k r|jj |_|jjjd |_|jnd S( s`Deserialize a JWT token. NOTE: Destroys any current status and tries to import the raw token provided. :param jwt: a 'raw' JWT token. :param key: A (:class:`jwcrypto.jwk.JWK`) verification or decryption key, or a (:class:`jwcrypt.jwk.JWKSet`) that contains a key indexed by the 'kid' header. t.iisToken format unrecognizedtkidsNo key ID in JWT headersKey ID %s not in key setsUnknown Token TypesUnrecognized Key Typesutf-8N(tcountRR:RRSR't allowed_algsRR.R5RRt jose_headerR!tget_keyR"tdecrypttverifyt RuntimeErrorR,tpayloadtdecodeR-R\(RR/R0R9t token_key((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR.s<        cCs|jj|S(sSerializes the object into a JWS token. :param compact(boolean): must be True. Note: the compact parameter is provided for general compatibility with the serialize() functions of :class:`jwcrypto.jws.JWS` and :class:`jwcrypto.jwe.JWE` so that these objects can all be used interchangeably. However the only valid JWT representtion is the compact representation. (R:t serialize(Rtcompact((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyRns N(RRRRRtpropertyR,tsetterR-R:R=R@RERGRJR8RMRRRTRVRWRXR\R_RaR.tTrueRn(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyR#s8 4       ;   5(RKRHtsixRtjwcrypto.commonRRt jwcrypto.jweRt jwcrypto.jwkRRt jwcrypto.jwsRtJWTClaimsRegistryt ExceptionRRRRR R!R"tobjectR#(((s0/usr/lib/python2.7/site-packages/jwcrypto/jwt.pyts*