Viên ngọc phương Đông

ruạṛ

�������f�����������������������@���s����d�Z�ddlmZ�ddlmZ�ddlmZmZmZ�ddl	m
Z
mZ�ddlm
Z
�ddlmZ�dd	lmZ�dd
lT�G�dd��de�ZG�d
d��de�ZdS�)z0
Module to assist in verifying a signed header.
�����)�six)�default_backend)�hashes�hmac�
serialization)�rsa�padding)�InvalidSignature)�	b64decode����)�Signer)�*c�������������������@���s���e�Zd�ZdZdd��ZdS�)�Verifierz�
    Verifies signed text against a secret.
    For HMAC, the secret is the shared secret.
    For RSA, the secret is the PUBLIC key.
    c�����������������C���s����t�|tj�r|�d�}t�|tj�r,|�d�}|�jdkrrz$|�j�t|�|t�	��|��
����W�dS��tyn���Y�dS�0�n,|�jdkr�|��|�}t|�}||kS�t
d��dS�)z�
        Verifies the data matches a signed version with the given signature.
        `data` is the message to verify
        `signature` is a base64-encoded signature to verify against `data`
        �asciir���TFr���zUnsupported algorithm.N)�
isinstancer���Zstring_types�encodeZsign_algorithmZ_rsa_public�verifyr
���r���ZPKCS1v15Z_rsahashr	���Z
_sign_hmac�HttpSigException)�self�data�	signature�h�s��r����C/usr/lib/python3.9/site-packages/oci/_vendor/httpsig_cffi/verify.py�_verify���s(����

�

zVerifier._verifyN)�__name__�
__module__�__qualname__�__doc__r���r���r���r���r���r������s���r���c�����������������������s*���e�Zd�ZdZd��fdd�	Zdd��Z���ZS�)�HeaderVerifierz8
    Verifies an HTTP signature from given headers.
    Nc��������������������s����|pdg}t�|d��}t|�dkr.|d�|�_ntd��t|�|�_dd��|D��|�_||�_||�_||�_	t
t|��j||�jd�d	��d
S�)a(��
        Instantiate a HeaderVerifier object.

:param headers:             A dictionary of headers from the HTTP request.
        :param secret:              The HMAC secret or RSA *public* key.
        :param required_headers:    Optional. A list of headers required to be present to validate, even if the signature is otherwise valid.  Defaults to ['date'].
        :param method:              Optional. The HTTP method used in the request (eg. "GET"). Required for the '(request-target)' header.
        :param path:                Optional. The HTTP path requested, exactly as sent (including query arguments and fragments). Required for the '(request-target)' header.
        :param host:                Optional. The value to use for the Host header, if not supplied in :param:headers.
        �dateZ
authorization����r���zInvalid authorization header.c�����������������S���s���g�|�]}|�����qS�r���)�lower)�.0r���r���r���r����
<listcomp>T��������z+HeaderVerifier.__init__.<locals>.<listcomp>�	algorithm)r'���N)
Zparse_authorization_header�len�	auth_dictr���ZCaseInsensitiveDict�headers�required_headers�method�path�host�superr ����__init__)r���r*���Zsecretr+���r,���r-���r.���Zauth��	__class__r���r���r0���@���s����

zHeaderVerifier.__init__c�����������������C���sz���|�j��dd��d�}tt|�j�t|���dkrPtd�d�t|�j�t|������t	||�j
|�j|�j|�j
�}|��||�j�d��S�)z�
        Verify the headers based on the arguments passed at creation and current properties.

Raises an Exception if a required header (:param:required_headers) is not found in the signature.
        Returns True or False.
        r*���r!���� r���z{} is a required header(s)z, r���)r)����get�splitr(����setr+����	Exception�format�joinZgenerate_messager*���r.���r,���r-���r���)r���Zauth_headersZsigning_strr���r���r���r���[���s
����"zHeaderVerifier.verify)NNNN)r���r���r���r���r0���r����
__classcell__r���r���r1���r���r ���<���s���r ���N)r���Zoci._vendorr���Zcryptography.hazmat.backendsr���Zcryptography.hazmat.primitivesr���r���r���Z)cryptography.hazmat.primitives.asymmetricr���r���Zcryptography.exceptionsr	����base64r
����signr���Zutilsr���r ���r���r���r���r����<module>���s���%

Register