o h~ @sddlZddlZddlmZddlZddlmZddlmZddl m Z ddl m Z ddZ d d Zd d Zd eddfddZddddZdS)N)cache)default_backend)load_pem_x509_certificate) get_adapter) OAuth2ErrorcCs,||}|rt|dt}|SdS)zu Looks up the key given keys data of the form: {"": "-----BEGIN CERTIFICATE----- CERTIFICATE"} utf8N)getrencoder public_key) keys_datakidkeyr r\/var/www/html/pos/venv/lib/python3.10/site-packages/allauth/socialaccount/internal/jwtkit.pylookup_kid_pem_x509_certificates  rcCs:|dD]}|d|krtjjt|}|SqdS)a1 Looks up the key given keys data of the form: { "keys": [ { "kty": "RSA", "kid": "W6WcOKB", "use": "sig", "alg": "RS256", "n": "2Zc5d0-zk....", "e": "AQAB" }] } keysr N)jwt algorithms RSAAlgorithmfrom_jwkjsondumps)r r dr rrrlookup_kid_jwks  rc Cs`t|}|d}|d}t|}||}|||}|s,td|d||fS)Nr algzInvalid 'kid': '')rget_unverified_headerrget_requests_sessionrraise_for_statusrr) credentialkeys_urllookupheaderr rresponser r rrr fetch_key2s  r$datareturncCsr|d}|d}|d}|dus|dus|durdS|t}d|d|}tj|d|ds7td dS) zE Put the JWT token on a blacklist to prevent replay attacks. issexpjtiNzjwt:iss=z,jti=T)r valuetimeoutztoken already used)rtimeraddr)r%r'r(r)r+r rrr verify_jti@s    r.T)verify_signaturec Csxz)|rt|||\}}|g}nd}d}tj|||dddd|||d} t| | WStjy;} ztd| d} ~ ww)NT)r/ verify_iss verify_aud verify_exp)r optionsissueraudiencerzInvalid id_token)r$rdecoder. PyJWTErrorr) rr r5r6 lookup_kidr/rr rr%errrverify_and_decodeOs0  r;)rr,django.core.cacherrcryptography.hazmat.backendsrcryptography.x509rallauth.socialaccount.adapterr-allauth.socialaccount.providers.oauth2.clientrrrr$dictr.r;rrrrs