i%SSKJr SSKrSSKrSSKrSSKrSSKrSSKJrJ r SSK J r J r J r JrJrJrJrJrJr SSKJr SSKJrJr SSKJrJrJrJrJrJrJ r J!r!J"r" SS K#J$r$J%r% SS K&J'r' SS K(J)r) SS K*J+r+ SS K,J-r-J.r.J/r/J0r0J1r1J2r2J3r3J4r4J5r5J6r6 SSK7J8r8J9r9 SSK:J;r;Jr>J?r?J@r@JArAJBrBJCrCJDrDJErE SSKFJGrGJHrHJIrIJJrJJKrKJLrLJMrM \RS:aSSK JOrO OSSKPJOrO \\>\@4rQS\RS'\\3\54rSS\RS'\\;\<\8\94rTS\RS'\\Q\S\T4rUS\RS'\\>\3\;\84rVS\RS'\\@\5\<\94rWS\RS'\ (d\X"\R"SS55(aSSKZJ[r[J\r\ Sr]1S"kr`S2S#jra"S$S%\5rb"S&S'\b5rc"S(S)\b5rd\](a-"S*S+\b5re"S,S-\b5rf"S.S/\e5rg"S0S1\b5rhgg!\^a. \RS:aSS K J_r_ OSS KPJ_r_ \_rQ\_rS\_rT\_rU\_rV\_rWS!r]Nf=f)3) annotationsN)ABCabstractmethod) TYPE_CHECKINGAnyClassVarLiteralNoReturnUnioncastget_argsoverloadInvalidKeyError) HashlibHashJWKDict) base64url_decodebase64url_encodeder_to_raw_signature force_bytesfrom_base64url_uint is_pem_format is_ssh_keyraw_to_der_signatureto_base64url_uint)InvalidSignatureUnsupportedAlgorithm)default_backend)hashes)padding) ECDSA SECP256K1 SECP256R1 SECP384R1 SECP521R1 EllipticCurveEllipticCurvePrivateKeyEllipticCurvePrivateNumbersEllipticCurvePublicKeyEllipticCurvePublicNumbers)Ed448PrivateKeyEd448PublicKey)Ed25519PrivateKeyEd25519PublicKey) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmprsa_recover_prime_factors)Encoding NoEncryption PrivateFormat PublicFormatload_pem_private_keyload_pem_public_keyload_ssh_public_key) ) TypeAliasrAAllowedRSAKeys AllowedECKeysAllowedOKPKeys AllowedKeysAllowedPrivateKeysAllowedPublicKeys SPHINX_BUILD)PrivateKeyTypesPublicKeyTypesT)r? )NeverF> ES256ES384ES512ES521EdDSAPS256PS384PS512RS256RS384RS512ES256Kc>[5[[R5[[R5[[R5S.n[ (Ga<UR [[R5[[R5[[R5[[R[5[[R[5[[R[5[[R[5[[R[5[[R5[[R5[[R5[5S. 5 U$)z= Returns the algorithms that are implemented by the library. )noneHS256HS384HS512) rVrWrXrNrYrOrQrPrSrTrUrR) NoneAlgorithm HMACAlgorithmSHA256SHA384SHA512 has_cryptoupdate RSAAlgorithm ECAlgorithmr$r#r%r&RSAPSSAlgorithm OKPAlgorithm)default_algorithmss Y/home/maestro/MAESTRO/maestro-backend/venv/lib/python3.13/site-packages/jwt/algorithms.pyget_default_algorithmsrls  }334}334}334 0z!!%l&9&9:%l&9&9:%l&9&9:$[%7%7C%k&8&8)D$[%7%7C$[%7%7C$&& ))?)?@()?)?@()?)?@%  & c"\rSrSr%SrSrS\S'SSjrSSjr\ SSj5r \ SS j5r \ SS j5r \ \\ SS j555r\ \\ SSS jj555r\\ SSS jj55r\\ SSj55rSSjrSrg) Algorithmz@ The interface for an algorithm used to sign and verify tokens. Nz$tuple[type[AllowedKeys], ...] | None_crypto_key_typesc[USS5nUc[e[(a[U[5(ak[ U[ R5(aL[ R"U"5[5S9nURU5 [UR55$[U"U5R55$)z Compute a hash digest using the specified algorithm's hash algorithm. If there is no hash algorithm, raises a NotImplementedError. hash_algN)backend)getattrNotImplementedErrorrd isinstancetype issubclassr HashAlgorithmHashrrebytesfinalizedigest)selfbytestrrsr~s rkcompute_hash_digestAlgorithm.compute_hash_digests4T2  % % J8T**8V%9%9::[[_5FGF MM' "*+ +'*1134 4rmc$[(a URc [S5e[XR5(dSSUR5nURR nURR n[ SUSUSU35eg)a3Check that the key belongs to the right cryptographic family. Note that this method only works when ``cryptography`` is installed. :param key: Potentially a cryptography key :type key: :py:data:`PublicKeyTypes ` | :py:data:`PrivateKeyTypes ` :raises ValueError: if ``cryptography`` is not installed, or this method is called by a non-cryptography algorithm :raises InvalidKeyError: if the key doesn't match the expected key classes NzhThis method requires the cryptography library, and should only be used by cryptography-based algorithms.c38# UHoRv M g7fN)__name__).0clss rk 2Algorithm.check_crypto_key_type..sL5Kc\\5KszExpected one of z, got: z. Invalid Key type for )rdrq ValueErrorrw __class__rr)rkey valid_classes actual_class self_classs rkcheck_crypto_key_typeAlgorithm.check_crypto_key_typeszT33;z #5566LT5K5KLM==11L00J!"=/F]^h]ij  7rmcg)z Performs necessary validation and conversions on the key and returns the key value in the proper format for sign() and verify(). Nrrs rk prepare_keyAlgorithm.prepare_keyrmcg)zV Returns a digital signature for the specified message using the specified key value. Nrrmsgrs rksignAlgorithm.signrrmcg)zb Verifies that the specified digital signature is valid for the specified message and key values. Nrrrrsigs rkverifyAlgorithm.verifyrrmcgrrkey_objas_dicts rkto_jwkAlgorithm.to_jwks BErmcgrrrs rkrrs rmcg)z# Serializes a given key into a JWK Nrrs rkrrrrmcg)z: Deserializes a given key from JWK back into a key object Nrjwks rkfrom_jwkAlgorithm.from_jwk rrmcg)zv Return a warning message if the key is below the minimum recommended length for this algorithm, or None if adequate. Nrrs rkcheck_key_lengthAlgorithm.check_key_lengths rmr)rr|returnr|)rz PublicKeyTypes | PrivateKeyTypesrNone)rrrr)rr|rrrr|)rr|rrrr|rbool)rrr Literal[True]rrF)rrrLiteral[False]rstr)rrrrr JWKDict | str)r str | JWKDictrr)rrr str | None)r __module__ __qualname____firstlineno____doc__rq__annotations__rrrrrrr staticmethodrrr__static_attributes__rrmrkroros ?C;B5,.      DE 05-     rmrocb\rSrSrSrS SjrS SjrS Sjr\S SSjj5r \SSj5r Sr g )r_izN Placeholder for use when no signing or verification operations are required. c2US:XaSnUb [S5eU$)NrIz*When alg = "none", key value must be None.rrs rkrNoneAlgorithm.prepare_key s$ "9C ?!"NO O rmcg)Nrmrrs rkrNoneAlgorithm.sign)srmcg)NFrrs rkrNoneAlgorithm.verify,srmc[5errvrs rkrNoneAlgorithm.to_jwk/ !##rmc[5errrs rkrNoneAlgorithm.from_jwk3rrmrN)rrrr)rr|rrrr|)rr|rrrr|rrr)rrrrrr )rrrr ) rrrrrrrrrrrrrrmrkr_r_s> $$$$rmr_c\rSrSr%Sr\R rS\S'\Rr S\S'\Rr S\S'SSjr SSjr\\SS j55r\\SSS jj55r\SSS jj5r\SS j5rSS jrSSjrSSjrSrg)r`i8zZ Performs signing and verification operations using HMAC and the specified hash function. zClassVar[HashlibHash]rarbrccXlgrrsrrss rk__init__HMACAlgorithm.__init__Bs rmcr[U5n[U5(d[U5(a [S5eU$)NzdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rrrr)rr key_bytess rkrHMACAlgorithm.prepare_keyEs;$  # #z)'<'<!9  rmcgrrrs rkrHMACAlgorithm.to_jwkPsILrmcgrrrs rkrrTsNQrmc[[U55R5SS.nU(aU$[R"U5$)Noct)kkty)rrdecodejsondumps)rrrs rkrrXs<"+g"67>>@  J::c? "rmc([U[5(a[R"U5nO[U[5(aUnO[ eURS5S:wa [ S5e[US5$![ a [ S5Sef=f)NKey is not valid JSONrrzNot an HMAC keyr) rwrrloadsdictrrgetr)robjs rkrHMACAlgorithm.from_jwkds E#s###zz#C&&   775>U "!"34 4C))  E!"9: D Es+A:A:A::BcUR5Rn[U5U:a;S[U5SUSUR5RR 5S3$g)NzThe HMAC key is z> bytes long, which is below the minimum recommended length of z bytes for z. See RFC 7518 Section 3.2.)rs digest_sizelennameupper)rr min_lengths rkrHMACAlgorithm.check_key_lengthuse]]_00 s8j "3s8*-55?L ==?''--/01,-  rmc`[R"X!UR5R5$r)hmacnewrsr~rs rkrHMACAlgorithm.signs xx$--07799rmcL[R"X0RX55$r)rcompare_digestrrs rkrHMACAlgorithm.verifys""3 #(;<rr2r<r0rr=rr)rrr public_key private_keys rkrRSAAlgorithm.prepare_keys#5566NC00cE3<00 @AA#C(I '' 331DY1OJ..z: j993G!D4K..{; {;;  !4Y!?J..z: j99"$89 )B   s+AC *C D$+DD$D  D$cgrrrs rkrRSAAlgorithm.to_jwksPSrmcgrrrs rkrrsUXrmc Sn[US5(Ga;UR5nSS/[URR5R 5[URR 5R 5[UR5R 5[UR5R 5[UR5R 5[UR5R 5[UR5R 5[UR5R 5S. nOw[US5(a[UR5nSS/[UR5R 5[UR 5R 5S.nO [S5eU(aU$[R"U5$)Nprivate_numbersRSAr) rkey_opsnedpqdpdqqir)rrrrNot a public or private key)hasattrrrpublic_numbersrrrrrrdmp1dmq1iqmprrr)rrrnumberss rkrrsh)-Cw 122!113! &x*7+A+A+C+CDKKM*7+A+A+C+CDKKM*7995<<>*7995<<>*7995<<>+GLL9@@B+GLL9@@B+GLL9@@B (++!002! (z*7995<<>*7995<<> &&CDD zz#&rmc z[U[5(a[R"U5nO[U[5(aUnO[ eURS5S:wa [ S5SeSU;GaaSU;GaZSU;GaSSU;a [ S 5e/S QnUVs/sHo3U;PM nn[U5nU(a[U5(d [ S 5Se[[US5[US55nU(ag[[US5[US 5[US 5[US5[US5[US5US9nUR'5$[US5n[URXR5up[UU U [!X5[#X5[%X5US9nUR'5$SU;a8SU;a2[[US5[US55R)5$[ S5e![ a [ S5Sef=fs snf)NrrrzNot an RSA keyrrrothz5Unsupported RSA private key: > 2 primes not supported)rrrrrz@RSA key must include all parameters if any are present besides drrrrr)rrrr!r"r#r r)rwrrrrrrranyallr3rr1r7rrr4r5r6r r ) rr other_propsprop props_foundany_props_foundr r$rrrs rkrRSAAlgorithm.from_jwks8 Ic3''**S/CT**C$$wwu~&%&67TAczcSjSCZC<)O; 7BC{ts{{ C"%k"2"3{+;+;)Z "2'C1'C1" #/-c#h7-c#h7-c#h70T;0T;0T;'5G2**,,,CH5A4&((!-=-=DA0)!/)!/)!/'5G**,,s ''C1'C1*, &&CDD{ I%&=>DH IDs+HHHH8H5cnURU[R"5UR55nU$r)rr!PKCS1v15rsrrr signatures rkrRSAAlgorithm.sign:s)"xxW-=-=-?QI rmcURX1[R"5UR55 g![a gf=f)NTF)rr!r/rsrrs rkrRSAAlgorithm.verify>s;  3W%5%5%7I#  s47 AArN)rstype[hashes.HashAlgorithm]rr)rrBrr)rzAllowedRSAKeys | str | bytesrrB)rrBrrrrr)rrBrrrr)rrBrrrr)rrrrBrr|rr0rr|rr|rr2rr|rr)rrrrrr rarrbrcr tuplerxrEr r r0r2rqrrrrrrrrrrrrrmrkrfrfs 8>}}4D7=}}4D7=}}4D ${#S( ) U=,67 8 (, }+ %  <  S  S  X  X $ ' $ 'L E E E EN  rmrfcf\rSrSr%Sr\R rS\S'\RrS\S'\Rr S\S'\ "\ \ \ S4\"\\\455rSSS jjrSS jrSS jrSS jrSS jr\\SSj55r\\SSSjj55r\SSSjj5r\SSj5rSrg)rgiEzZ Performs signing and verification operations using ECDSA and the specified hash function rrarbrc.NcXlX lgr)rsexpected_curve)rrsr;s rkrECAlgorithm.__init__Ts %M"0 rmcURcg[URUR5(d:[SURRSURRS35eg)z9Validate that the key's curve matches the expected curve.NzThe key's curve 'z%' does not match the expected curve 'z' for this algorithm)r;rwcurverrrs rk_validate_curveECAlgorithm._validate_curve\sj""*cii)<)<==%' '78"116677KM>rmc>[XR5(a#[[U5nUR U5 U$[U[ [ 45(d [S5e[U5nURS5(a [U5nO [U5nURU5 [[U5nUR U5 U$![aA [USS9nURU5 [[ U5nUR U5 Us$f=f)Nrs ecdsa-sha2-r)rwrqr rCr?r|rr rr r>r=rr*rr<r()rrec_keyrr  ec_public_keyr ec_private_keys rkrECAlgorithm.prepare_keygs#5566mS1$$V, cE3<00 @AA#C(I  &''771DY1OJ!4Y!?J**:6 $%;Z H $$]3$$ &29tL **;7!%&={!K$$^4%%  &s0A CADDc~URU[UR555n[X2R5$r)rr"rsrr>)rrrder_sigs rkrECAlgorithm.signs,hhsE$--/$:;G'; ;rmc[X2R5n[U[5(aUR 5OUnUR XA[UR555 g![a gf=f![a gf=f)NFT) rr>rrwr(r rr"rsr)rrrrrGr s rkrECAlgorithm.verifys .sII> "#'>??NN$ !!'dmmo0FG  $  s#A)AA9) A65A69 BBcgrrrs rkrECAlgorithm.to_jwksORrmcgrrrs rkrrLsTWrmc[U[5(aUR5R5nO1[U[5(aUR5nO [ S5e[UR [5(aSnO~[UR [5(aSnO\[UR [5(aSnO:[UR [5(aSnO[ SUR 35eSU[URUR RS9R5[URUR RS9R5S .n[U[5(aG[UR!5R"UR RS9R5US 'U(aU$[$R&"U5$) NrP-256P-384P-521 secp256k1Invalid curve: EC) bit_length)rcrvxyr)rwr(r r r*rr>r$r%r&r#rrWrrrXr private_valuerr)rrr rVrs rkrrLs{'#:;;!(!3!3!5!D!D!FG%;<rz!D should be {} bytes for curve {})rwrrrrrrrrrr$r%r&r#r+int from_bytesr r)r )rrrWrXr> curve_objr rs rkrECAlgorithm.from_jwksd Ic3''**S/CT**C$$wwu~%%&ABL#~C%&ABL .A .AGGENEq6SV)r) ) I)C '!q6SV)r) ) I)C '!q6SV)r) ) I)C +%q6SV)r) ) I)G&w&?@@7..e.4..e.4N #~%0022 .A1vQ%7Q/qE2Nkm { I%&=>DH Is+J J J J#)r;rsr)rsr5r;ztype[EllipticCurve] | Nonerr)rrCrr)rzAllowedECKeys | str | bytesrrC)rr|rr(rr|)rr|rrCrr|rr)rrCrrrrr)rrCrrrr)rrCrrrr)rrrrC)rrrrrr rarrbrcr r8rxrEr r r(r*rqrr?rrrrrrrrrrmrkrgrgEs 8>}}4D7=}}4D7=}}4D ${#S( ) U24JJK L :> 10 17 1  1  &@ <  "  R  R  W  W ) ' ) 'V G  G rmrgc,\rSrSrSrSSjrSSjrSrg) rhiz1 Performs a signature using RSASSA-PSS with MGF1 c URU[R"[R"UR 55UR 5R S9UR 55nU$)Nmgf salt_length)rr!PSSMGF1rsrr0s rkrRSAPSSAlgorithm.sign sS"xx  T]]_5 $  ; ;   I rmc URUU[R"[R"UR 55UR 5R S9UR 55 g![ a gf=f)NrfTF)rr!rirjrsrrrs rkrRSAPSSAlgorithm.verify+sh  KK#LL9$(MMO$?$?MMO#  sA/A22 A?>A?rNr6r7)rrrrrrrrrrmrkrhrhs   rmrhc \rSrSrSr\"\\\S4\ "\ \ \ \ \455rSSjrSSjrSSjrSSjr\\SSj55r\\SSS jj55r\SSS jj5r\SS j5rS rg )rii:zv Performs signing and verification operations using EdDSA This class requires ``cryptography>=2.6`` to be installed. .c grr)rkwargss rkrOKPAlgorithm.__init__Ms rmc[U[[45(dURU5 U$[U[5(aUR S5OUn[U[5(aUR S5OUnSU;a [ U5nO1SU;a [USS9nO USSS:Xa [U5nO [S5eURU5 [S U5$) Nutf-8z-----BEGIN PUBLICz-----BEGIN PRIVATErrzssh-rrD) rwrr|rrencoder=r<r>rr )rrkey_strr loaded_keys rkrOKPAlgorithm.prepare_keyPscC<00**3/ -7U-C-Ccjj)G/9#s/C/C 7+I#g-0; %01)dK 1'0; %&CDD  & &z 2(*5 5rmcx[U[5(aURS5OUnURU5nU$)a  Sign a message ``msg`` using the EdDSA private key ``key`` :param str|bytes msg: Message to sign :param Ed25519PrivateKey}Ed448PrivateKey key: A :class:`.Ed25519PrivateKey` or :class:`.Ed448PrivateKey` isinstance :return bytes signature: The signature, as bytes rs)rwrrur)rrr msg_bytesr1s rkrOKPAlgorithm.signfs40:#s/C/C 7+I"xx 2I rmcB[U[5(aURS5OUn[U[5(aURS5OUn[U[[45(aUR 5OUnUR XT5 g![a gf=f)ap Verify a given ``msg`` against a signature ``sig`` using the EdDSA key ``key`` :param str|bytes sig: EdDSA signature to check ``msg`` against :param str|bytes msg: Message to sign :param Ed25519PrivateKey|Ed25519PublicKey|Ed448PrivateKey|Ed448PublicKey key: A private or public EdDSA key instance :return bool verified: True if signature is valid, False if not. rsTF)rwrrur.r,r rr)rrrrrz sig_bytesr s rkrOKPAlgorithm.verifyts 3=c33G3GCJJw/S 3=c33G3GCJJw/S "#(9?'KLLNN$ !!)7#  sBB BBcgrrrrs rkrOKPAlgorithm.to_jwksLOrmcgrrrs rkrrsQTrmct[U[[45(aUR[R [ R S9n[U[5(aSOSn[[U55R5SUS.nU(aU$[R"U5$[U[[45(aUR[R [R [!5S9nUR#5R[R [ R S9n[U[5(aSOSn[[U55R5[[U55R5SUS.nU(aU$[R"U5$[%S5e) N)encodingformatEd25519Ed448OKP)rWrrV)rrencryption_algorithm)rWrrrVr)rwr/r- public_bytesr8Rawr;rrrrrr.r, private_bytesr:r9r r)rrrWrVrrs rkrrsh# 0.ABB$$%\\'++%$.c3C#D#Di'*+a.9@@B  J::c?*# 1?CDD%%%\\(,,)5& NN$11%\\'++2 $.c3D#E#Ei7)+a.9@@B)+a.9@@B  J::c?*!"?@ @rmc[U[5(a[R"U5nO[U[5(aUnO[ eURS5S:wa [ S5eURS5nUS:waUS:wa[ SU35eS U;a [ S 5e[URS 55nS U;a2US:Xa[R"U5$[R"U5$[URS 55nUS:Xa[R"U5$[R"U5$![ a [ S5Sef=f![ an[ S 5UeSnAff=f) NrrrzNot an Octet Key PairrVrrrSrWzOKP should have "x" parameterrzInvalid key parameter)rwrrrrrrrrr/from_public_bytesr-r.from_private_bytesr,)rrr>rWrerrs rkrOKPAlgorithm.from_jwks` Ic3''**S/CT**C$$wwu~&%&=>>GGENE !ew&6%w&?@@#~%&EFF .A Hc> )/AA!DD);;A>>$SWWS\2I%,??BB&99!<<- I%&=>DH I. H%&=>CG Hs@+EEE!E!%E!;5E!1E!E! E<+ E77E<rN)rprrr)rzAllowedOKPKeys | str | bytesrrD)rrrz#Ed25519PrivateKey | Ed448PrivateKeyrr|)rrrrDrrrr)rrDrrrrr)rrDrrrr)rrDrrrr)rrrrD)rrrrrr r8rxrEr r r.r/r,r-rqrrrrrrrrrrrmrkriri:s ! ${#S( ) %$#"$     6, " )L    " )7 >I   4  O  O  T  T , A , A\  H  Hrmri)rzdict[str, Algorithm])i __future__rrrrossysabcrrtypingrrrr r r r r r exceptionsrtypesrrutilsrrrrrrrrrcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr!,cryptography.hazmat.primitives.asymmetric.ecr"r#r$r%r&r'r(r)r*r+/cryptography.hazmat.primitives.asymmetric.ed448r,r-1cryptography.hazmat.primitives.asymmetric.ed25519r.r/-cryptography.hazmat.primitives.asymmetric.rsar0r1r2r3r4r5r6r7,cryptography.hazmat.primitives.serializationr8r9r:r;r<r=r> version_inforAtyping_extensionsrBrrCrDrErFrGrgetenv/cryptography.hazmat.primitives.asymmetric.typesrJrKrdModuleNotFoundErrorrMrequires_cryptographyrlror_r`rfrgrhrirrmrkrs3" #   ('   VN<5A       7"$ 0!&m\&A BNIB$%<>T%TUM9U %+_nL!NI#>=.#PQKQ$).0A?R% $),.>N$yRYY~r:;; J  DiiX$I$lHylHg u  7" +NMNKJ sDG1G54G5