g~ ddlZddlZddlmZddlZddlmZddlmZddl m Z ddl m Z dZ dZd Zd ed dfd Zd ddZy)N)cache)default_backend)load_pem_x509_certificate) get_adapter) OAuth2Errorc|j|}|r3t|jdtj }|Sy)zu Looks up the key given keys data of the form: {"": "-----BEGIN CERTIFICATE----- CERTIFICATE"} utf8N)getrencoder public_key) keys_datakidkeyr s b/var/www/django_project/virt/lib/python3.12/site-packages/allauth/socialaccount/internal/jwtkit.pylookup_kid_pem_x509_certificatersG -- C . JJv  1 *,   c|dD]J}|d|k(s tjjjt j |}|cSy)a1 Looks up the key given keys data of the form: { "keys": [ { "kty": "RSA", "kid": "W6WcOKB", "use": "sig", "alg": "RS256", "n": "2Zc5d0-zk....", "e": "AQAB" }] } keysrN)jwt algorithms RSAAlgorithmfrom_jwkjsondumps)r rdr s rlookup_kid_jwkrsK v  U8s?44==djjmLJ rc tj|}|d}|d}tjj |}|j |j }|||}|std|d||fS)NralgzInvalid 'kid': '')rget_unverified_headerrget_requests_sessionr raise_for_statusrr) credentialkeys_urllookupheaderrrresponser rs r fetch_keyr(2s  & &z 2F -C -C}11377AH  I C C ,SE344 8Ordatareturnc|jd}|jd}|jd}|||y|tjz }d|d|}tj|d|s t d y) zE Put the JWT token on a blacklist to prevent replay attacks. issexpjtiNzjwt:iss=z,jti=T)rvaluetimeoutztoken already used)r timeraddr)r)r,r-r.r0rs r verify_jtir3@s~ ((5/C ((5/C ((5/C {ckS[DIIKG SEse $C 99D' :.// ;rT)verify_signaturec  |rt|||\}}|g}nd}d}tj|||dddd|||} t| | S#tj$r} t d| d} ~ wwxYw)NT)r4 verify_iss verify_aud verify_exp)roptionsissueraudiencerzInvalid id_token)r(rdecoder3 PyJWTErrorr) r#r$r;r< lookup_kidr4rrrr)es rverify_and_decoderAOs5  XzBHCJCJzz $4"""  !   4 >>5,-145sAA A- A((A-)rr1django.core.cacherrcryptography.hazmat.backendsrcryptography.x509rallauth.socialaccount.adapterr-allauth.socialaccount.providers.oauth2.clientrrrr(dictr3rArrrIsK # 875E ,  0T 0d 0 MQ5r