nhV|ddlZddlZddlmZmZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZmZddlmZmZmZmZddlmZmZmZdd lmZdd lmZmZdd l m!Z!dd l"m#Z#d dl$m%Z%d dl&m'Z'm(Z(d dl)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0ddl1m2Z2ddl3m4Z4dZ5Gdde4Z6Gdde4Z7Gdde4Z8Gdde4Z9y)N)InvalidSignature InvalidTag)default_backend)hasheshmac serialization)ecpaddingrsa)decode_dss_signatureencode_dss_signature)Cipheraead algorithmsmodes) InvalidUnwrapaes_key_unwrap aes_key_wrap)PKCS7)load_pem_private_keyload_pem_public_key) int_to_bytes)load_pem_x509_certificate) ALGORITHMS)JWEErrorJWKError)base64_to_longbase64url_decodebase64url_encode ensure_binary is_pem_format is_ssh_keylong_to_base64)get_random_bytes)KeyceZdZejZej Zej ZefdZdZ dZ dZ dZ dZ dZdZd Zd Zd Zy ) CryptographyECKeyc^|tjvrtd|ztj|jtj |j tj|jij||_ ||_ ||_ t|ds t|dr||_yt|dr|jj!d}t#|t$r|j'||_yt#|t(r|j+d}t#|t,r$ t/||j}||_ytd|z#t0$rt3|d|j}Y=wxYw#t4$r}t|d}~wwxYw)N*hash_alg: %s is not a valid hash algorithm public_bytes private_bytesto_pemutf-8passwordbackendz%Unable to parse an ECKey from key: %s)rECrES256SHA256ES384SHA384ES512SHA512gethash_alg _algorithmcryptography_backendhasattr prepared_keyr.decode isinstancedict _process_jwkstrencodebytesr ValueErrorr Exceptionselfkey algorithmr=es t/var/www/pru.catia.catastroantioquia-mas.com/tasa/lib/python3.12/site-packages/jose/backends/cryptography_backend.py__init__zCryptographyECKey.__init__&sw JMM )G)ST T   dkk   dkk   dkk  #i. $$8! 3 '73+H #D   3 !**,%%g.C c4 $ 1 1# 6D   c3 **W%C c5 ! "h-c43L3L3NOC !$D  >DEE"h.sT4KdKdKfgCh "qk! "s08E((%F FFF F, F''F,cjddk(stdjdztfddDs tdtjd}tjd}tj tj tjd d }t j|||}d vrOtjd }t j||}|j|jS|j|jS) Nktyr3z0Incorrect key type. Expected: 'EC', Received: %sc3&K|]}|v ywN.0kjwk_dicts rN z1CryptographyECKey._process_jwk..Ws > 8<<, - 8<<, -\\\\\\  5/  ..q!UW= (?x||C01A44Q?G&&t'@'@'BC C$$T%>%>%@A Aclttj|jjdz S)zDetermine the correct serialization length for an encoded signature component. This is the number of bytes required to encode the maximum key value. g @)intmathceilr?key_sizerJs rN_sig_component_lengthz'CryptographyECKey._sig_component_lengthls) 499T..77#=>??rmcpt|\}}|j}t||t||zS)z4Convert signature from DER encoding to RAW encoding.)r rtr)rJ der_signaturerscomponent_lengths rN _der_to_rawzCryptographyECKey._der_to_rawss:#M21557A/0<CS3TTTrmc|j}t|td|zk7r td|d|}||d}tj |d}tj |d}t ||S)z4Convert signature from RAW encoding to DER encoding.rzInvalid signatureNbig)rtlenrorG from_bytesr )rJ raw_signatureryr_bytess_bytesrwrxs rN _raw_to_derzCryptographyECKey._raw_to_derys~557 } Q)9%9!: :01 1 1!12 0 12 NN7E * NN7E *#Aq))rmc|jjdz|jjjkDrEt d|jjj d|jjzfz|jj|tj|j}|j|S)Nz1this curve (%s) is too short for your digest (%d)) r; digest_sizer?rjrr TypeErrornamesignr ECDSArz)rJmsg signatures rNrzCryptographyECKey.signs == $ $q (4+<+<+B+B+K+K K'*.*;*;*A*A*F*FDMMLeLeHe)fg %%**30IJ  **rmc |j|}|jj||tj|j y#t $rYywxYw)NTF)rr?verifyr rr;rH)rJrsigrs rNrzCryptographyECKey.verifysS ((-I    $ $YRXXdmmo5N O  sAA AAc.t|jdSNr,r>r?rss rN is_publiczCryptographyECKey.is_publict((.99rmc|jr|S|j|jj|jSrSr __class__r?rir<rss rNrizCryptographyECKey.public_key5 >> K~~d//::> ##00&//33M?? 9 9 ; = =HMTTU\] 9 9 ; = =HMTTU\]  ~~ --==?MMM&}8DKKGTDI rmN)__name__ __module__ __qualname__rr5r7r9rrOrCrtrzrrrrrir.rrTrmrNr)r)!s] ]]F ]]F ]]Fr?rArBrCrDrErF startswith _process_certrrGrrHrIs rNrOzCryptographyRSAKey.__init__s JNN *G)ST T   dkk   dkk   dkk  #i. $   t{{     # #T%6%6  #i. %9! C (WS:J-KPWX[]lPm #D   c4 $ 1 1# 6D   c3 **W%C c5 ! ">>"@A&&s+v(;CAZAZA\(]D% @3FGG "v( G*G;8G>:G;;G>> H HHc jddk(stdjdztjdd}tjd}tj||}dvr|j |j Stjd}gd}tfd |Drftfd |Ds td td }td }td} td} td} n\tj|||\}}tj||} tj||} tj||} tj|||| | | |} | j|j S)NrQrz1Incorrect key type. Expected: 'RSA', Received: %srMnra)pqdpdqqic3&K|]}|v ywrSrTrUs rNrYz2CryptographyRSAKey._process_jwk..s7Q1=7rZc3&K|]}|v ywrSrTrUs rNrYz2CryptographyRSAKey._process_jwk..s?Q1=?rZz2Precomputed private key parameters are incomplete.rrrrr)r:rrr RSAPublicNumbersrir=anyrbrsa_recover_prime_factors rsa_crt_dmp1 rsa_crt_dmq1 rsa_crt_iqmpRSAPrivateNumbersrh) rJrXrMrrkra extra_paramsrrrrrrls ` rNrCzCryptographyRSAKey._process_jwks||E"e+NQYQ]Q]^cQdde e 8<<S1 2 8<<, -%%a+ h $$T%>%>%@A Ax||C01A7L7,77?,??##WXX"8C=1"8C=1#HTN3#HTN3#HTN344Q1=1%%a+%%a+%%a+++Aq!RRHG&&t'@'@'BC Crmcbt||j}|j|_yrS)rr=rir?)rJrKs rNrz CryptographyRSAKey._process_cert,s&'T-F-F-HINN,rmc |jj|tj|j }|S#t $r}t |d}~wwxYwrS)r?rr PKCS1v15r;rHr)rJrrrMs rNrzCryptographyRSAKey.sign0sT ))..sG4D4D4F XI 1+  s=A A AAc|jstjd |jjj ||t j|jy#t$rYywxYw)NzKAttempting to verify a message with a private key. This is not recommended.TF) rwarningswarnrir?rr rr;r)rJrrs rNrzCryptographyRSAKey.verify7sg~~ MMj k  OO  * * 1 1#sG> W$#00EEw&#0066 !?*!LMM##00-:P:P:T:T]`0aCJ  --33C 7 "--@@C;jHI I  .."++//R_RlRlRn/  rmc `|js|jj}n |j}|jdt |j j jdt |j jjdd}|jst|jt |jjjjdt |jjjjdt |jjjjdt |jjjjdt |jjjjdt |jjj jdd|S)Nrr)rrQrrM)rarrrrr)rr?rir<r$rrr@rMupdaterrarrdmp1dmq1iqmp)rJrirs rNrzCryptographyRSAKey.to_dict_s~~**557J**J?? 9 9 ; = =>EEgN 9 9 ; = =>EEgN  ~~ KK'(9(9(I(I(K(M(MNUUV]^'(9(9(I(I(K(M(MNUUV]^'(9(9(I(I(K(M(MNUUV]^():):)J)J)L)Q)QRYYZab():):)J)J)L)Q)QRYYZab():):)J)J)L)Q)QRYYZab   rmc |jj||j}|S#t$r}t |d}~wwxYwrS)r?encryptr rHr)rJkey_data wrapped_keyrMs rNwrap_keyzCryptographyRSAKey.wrap_keyzsG ++33HdllKK 1+  s&* A >Ac |jj||j}|S#t$r}t |d}~wwxYwrS)r?decryptr rHr)rJr unwrapped_keyrMs rN unwrap_keyzCryptographyRSAKey.unwrap_keysC  --55k4<<PM  1+  s'* A >A)r)rrrrr5r7r9r rrOAEPMGF1SHA1rrrrOrCrrrrrir.rrrrTrmrNrrs ]]F ]]F ]]F W   Fw||LGLL7MH7<<  ]V]]_ =}v}}PTULdzddZ dZ!dZ"d dZ#d dZ$d Z%d Z&y) CryptographyAESKeyNr )CBCGCMc|tjvrtd|z|tjj tj vrtd|z||_|jj|j |_ ||jvrt|dk7rtd|||jvrt|dk7rtd|||jvrt|dk7rtd|||jvrt|d k7rtd |||jvrt|d k7rtd |||_y) Nz%s is not a valid AES algorithmz%s is not a supported algorithmzKey must be 128 bit for alg zKey must be 192 bit for alg zKey must be 256 bit for alg 0zKey must be 384 bit for alg @zKey must be 512 bit for alg )rAESr SUPPORTEDunion AES_PSEUDOr<MODESr:_modeKEY_128r}KEY_192KEY_256KEY_384KEY_512_keyrJrKrLs rNrOzCryptographyAESKey.__init__sB JNN *9)EF F $,, &3s8r>9)EF F $,, &3s8r>9)EF F $,, &3s8r>9)EF F rmcL|jdt|jd}|S)NoctrrQrW)r<r r)rJrs rNrzCryptographyAESKey.to_dicts!u;KDII;VW rmcLt|} |jj|jjt j j}t|}|j|}|jdk(rItj|j}|j|||}|dt|dz }|dd} ntt j |j|t}|j!} t#t j jj%} | j'|} | | j)z } | j'| | j)z}d} ||| fS#t*$r} t-| d} ~ wwxYw)Nrrir2)r!IV_BYTE_LENGTH_MODE_MAPr:rrrr block_sizer&rAESGCMrrr}rr encryptorrpadderrfinalizerHr)rJ plain_textaadiv_byte_lengthivmodeciphercipher_text_and_tag cipher_textauth_tagrr padded_datarMs rNrzCryptographyAESKey.encryptsY":.  !99==djjooz~~OhOhiN!.1B::b>DyyE!TYY/&,nnRS&I#12QC8K4Lr4QR .st4 tyy 94IZ[",,. z~~889@@B$mmJ7 v00 '..{;i>P>P>RR {H, , 1+  sEDyyE!;$%9::TYY/&1C&7#;!'4G!MJ  tyy 94IZ[",,. $-$4$4[$A!!Y%7%7%99! !:!:;DDF%__->? h//11  ";"#9::; 1+  s7AE*D==E?B=E=EE E. E))E.cZt|}t|j|t}|SrS)r!rrr)rJrrs rNrzCryptographyAESKey.wrap_keys' *"499h8IJ rmct|} t|j|t}|S#t$r}t |d}~wwxYwrS)r!rrrrr)rJrrcauses rNrzCryptographyAESKey.unwrap_keysJ#K0  "' ;@QRJ "5/ ! "s. A AArS)NNN)'rrrrA128GCM A128GCMKWA128KWA128CBCrA192GCM A192GCMKWA192KWA192CBCrA256GCM A256GCMKWA256KW A128CBC_HS256A256CBCr A192CBC_HS384r A256CBC_HS512r AES_KW_ALGSrrrrrrrrrOrrrrrrTrmrNrrs!!:#7#79J9JJL^L^_G!!:#7#79J9JJL^L^_G   G'')G'')G$$j&7&79J9JKK EIIEIIEII  %))  %))  %))EIIEIIEIIeiieiieii444 E$'1nn&?&?1&DWU,.6 rmrceZdZdZej ejejejejejiZ dZ dZdZdZdZy)CryptographyHMACKeyzf Performs signing and verification operations using HMAC and the specified hash function. c|tjvrtd|z||_|jj ||_t|tr|j||_ yt|tst|ts tdt|tr|jd}t|s t|r td||_ y)Nr+z+Expecting a string- or bytes-formatted key.r/zdThe specified key is an asymmetric key or x509 certificate and should not be used as an HMAC secret.)rHMACrr<ALG_MAPr: _hash_algrArBrCr?rDrFrEr"r#r s rNrOzCryptographyHMACKey.__init__s JOO +G)ST T#)))4 c4 $ 1 1# 6D  #s#JsE,BHI I c3 **W%C  C9   rmc|jddk(std|jdz|jd}|jd}t|}t |}|S)NrQr z1Incorrect key type. Expected: 'oct', Received: %srWr/)r:rrErFr)rJrXrWs rNrCz CryptographyHMACKey._process_jwk'se||E"e+NQYQ]Q]^cQdde e LL  HHW  !H Q rmcf|jdt|jjddS)Nr rr )r<r r?r@rss rNrzCryptographyHMACKey.to_dict2s/??!$"3"34;;GD  rmct|}tj|j|jt }|j ||j}|S)Nr)r!rr:r?r<rrr)rJrhrs rNrzCryptographyHMACKey.sign9sGC  IId''AR S  JJL rmct|}t|}tj|j|jt }|j | |j|d}|S#t$rd}Y|SwxYw)NrTF) r!rr:r?r<rrrr)rJrrr@verifieds rNrzCryptographyHMACKey.verify@swC C  IId''AR S    HHSMH  H sA22 BBN)rrr__doc__rHS256rr5HS384r7HS512r9r;rOrCrrrrTrmrNr8r8sd *2B2BMFMMOU_UeUegtgmgtgtgvwG 0   rmr8):rprcryptography.exceptionsrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrrr)cryptography.hazmat.primitives.asymmetricr r r /cryptography.hazmat.primitives.asymmetric.utilsr r &cryptography.hazmat.primitives.ciphersrrrr&cryptography.hazmat.primitives.keywraprrr&cryptography.hazmat.primitives.paddingr,cryptography.hazmat.primitives.serializationrrcryptography.utilsrcryptography.x509r constantsr exceptionsrrutilsrrr r!r"r#r$r&baser'_bindingr)rrr8rTrmrNrXs @8FFFFfRR^^8b+7"+ ggT||~zzzC#Crm