F/j1ddlZddlZddlZddlZddlZddlZddlmZddlm Z m Z ddl m Z ddl mZddlmZddlmZmZddlmZd ZGd d eZGd d eZGddeZdZeZy)N)default_backend)ecutils) serialization)hashes)InvalidSignature) b64urldecode b64urlencode)signzVAPID-RFC/ECE-RFCceZdZdZy)VapidExceptionzAn exception wrapper for Vapid.N)__name__ __module__ __qualname____doc__O/var/www/html/maxservice/venv/lib/python3.12/site-packages/py_vapid/__init__.pyr r s)rr c eZdZdZdZdZdZddZedZ edZ edZ edZ edd Z ed Zed Zed Zej$d ZedZdZdZdZdZdZdZdZddZy)Vapid01zwMinimal VAPID Draft 01 signature generation library. https://tools.ietf.org/html/draft-ietf-webpush-vapid-01 NWebPushcl|i}||_||_|r |jj|_yy)zInitialize VAPID with an optional private key. :param private_key: A private key object :type private_key: ec.EllipticCurvePrivateKey N)conf private_key public_key _public_key)selfrrs r__init__zVapid01.__init__+s< <D & #//::O 3xrc(tjj|s?tjd|}|j |j ||St|d5}|j}ddd dvr"|j|jd}|S|j|jd}|S#1swYRxYw#t$r/}tjdt|t|d}~wwxYw)zInitialize VAPID using a file containing a private key in PEM or DER format. :param private_key_file: Name of the file containing the private key :type private_key_file: str z(Private key not found, generating key...rNz -----BEGINutf8z#Could not open private key file: %s)ospathisfilelogginginfo generate_keyssave_keyopenreadr9encoder6 Exceptionerrorreprr )r(private_key_filevapidfilerexcs r from_filezVapid01.from_fileksww~~./ LLC DEE    ! NN+ ,L "C ( &D))+K & &{* [%7%7%?@L [%7%7%?@L & & & MM?c K % % &s*+C %C+!C C D"*D  Dc|jjdd}t|}t|dk(r|j |S|j |S)zInitialize VAPID using a string containing the private key. This will try to determine if the key is in RAW or DER format. :param private_key: String containing the key info :type private_key: str  r )rIreplacer lenr+r6)r(rpkeyr*s r from_stringzVapid01.from_stringsR!!#++E374  s8r><<% %||D!!rc|jdddjdd}|j|j}|j|dj|dS)zVerify a VAPID authorization token. :param key: base64 serialized public key :type key: str :param auth: authorization token type key: str  r4.rvalidation_tokenverification_token)rsplitr2rI verify_token)r(r*authtokenskps rverifyzVapid01.verifysjS!$Q'..sA6 U " "3::< 0#AY--/F1I  rcH|js td|jS)zThe VAPID private ECDSA keyz$No private key. Call generate_keys()) _private_keyr rs rrzVapid01.private_keys%   !GH H   rcV||_|r |jj|_yy)zSet the VAPID private ECDSA key :param value: the byte array containing the private ECDSA key data :type value: ec.EllipticCurvePrivateKey N)rfrrr)rvalues rrzVapid01.private_keys+" #//::?CTUrc|jjtjjtj j tjS)N)encodingformatencryption_algorithm)r private_bytesrEncodingPEM PrivateFormatPKCS8 NoEncryptionrgs r private_pemzVapid01.private_pemsJ--"++// ..44!.!;!;!=.  rc|jjtjjtj j S)N)rnro)r public_bytesrrrrs PublicFormatSubjectPublicKeyInforgs r public_pemzVapid01.public_pems<++"++// --BB,  rct|d5}|j|j|jdddy#1swYyxYw)zSave the private key to a PEM file. :param key_file: The file path to save the private key data :type key_file: str wbN)rGwriterwcloserkey_filerOs rrFzVapid01.save_keysC(D ! T JJt'') * JJL    0AAct|d5}|j|j|jdddy#1swYyxYw)zSave the public key to a PEM file. :param key_file: The name of the file to save the public key :type key_file: str r~N)rGrr|rrs rsave_public_keyzVapid01.save_public_keysA (D ! T JJt( ) JJL   rct|jd}ttj|ddd}ttj|ddd} |j j tj|||tjtjy#t$rYywxYw)aqInternally used to verify the verification token is correct. :param validation_token: Provided validation token string :type validation_token: str :param verification_token: Generated verification token :type verification_token: str :returns: Boolean indicating if verifictation token is valid. :rtype: boolean r?NrTr )signature_algorithmTF)r rIr$r%r&rrdecutilsencode_dss_signaturerECDSArSHA256r)rr]r^hsigr>ss rr`zVapid01.verify_tokens.55f=>   cr+R 0   bc+R 0  OO " ",,Q2 $&HHV]]_$= #    s AB88 CCctj|}|jds#tt jdz|d<|j jddst |jdd}n|jddu}|s tdtjd|jd dtjs td |S) NexpiQz no-strictFsubzGMissing 'sub' from claims. 'sub' is your admin email as a mailto: link.z^https?://[^/:]+(:\d+)?$audzyMissing 'aud' from claims. 'aud' is the scheme, host and optional port for this transaction e.g. https://example.com:8080) copydeepcopygetr$timer _check_subr rematch IGNORECASE)rclaimscclaimsvalids r _base_signzVapid01._base_signs--'{{5! -5GENyy}}[%0w{{5"56EKK&d2E ? xx 'UB)? !<  rcvt|j||j}d}|t|jj t jjt jjz }|r |dz|z}n|}dj|j|jd|dS)aSign a set of claims. :param claims: JSON object containing the JWT claims to use. :type claims: dict :param crypto_key: Optional existing crypto_key header content. The vapid public key will be appended to this data. :type crypto_key: str :returns: a hash containing the header fields to use in the subscription update. :rtype: dict z p256ecdsa=;z{} {}=) Authorizationz Crypto-Key)r rrr rryrrrX962rzUncompressedPointro_schemastriprr crypto_keysigrWs rr z Vapid01.signs4??6*D,<,<= OO ( (&&++**<<    #c)D0JJ%^^DLL#))C.I$  r)NNN)rrrrrfrrr classmethodr+r2r9r6rQrXrdpropertyrsetterrrErwr|rFrr`rr rrrrr s LKG = FF  &&4 " "    !!  = =    V  0. rrc,eZdZdZdZddZedZy)Vapid02zaMinimal Vapid RFC8292 signature generation library https://tools.ietf.org/html/rfc8292 rNNc6t|j||j}|jj t j jt jj}ddj|j|t|iS)aGenerate an authorization token :param claims: JSON object containing the JWT claims to use. :type claims: dict :param crypto_key: Optional existing crypto_key header content. The vapid public key will be appended to this data. :type crypto_key: str :returns: a hash containing the header fields to use in the subscription update. :rtype: dict rz{schema} t={t},k={k})schematk) r rrrryrrrrrzrrorr rs rr z Vapid02.signCs4??6*D,<,<=++  " " ' ')C)C)U)U  3::||sl4.@;  rc|jdd}|dj|jk(sJdi}|djdD]}|jdd}|d||d<!d|j vsJdd |j vsJd |j |dj }|d jd d}|j|dj |d S) zEnsure that the token is correctly formatted and valid :param auth: An Authorization header :type auth: str :rtype: bool rZr4rzIncorrect schema specified,rrz!Auth missing public key 'k' valuerz Auth missing token set 't' valuer[r\)r_lowerrsplitkeysr2rIr`)r(rapref_tokpartstokkvrcrbs rrdzVapid02.verifyYs;;sA&{  "ckk1O3OO1A;$$S) !C3"Ba5E"Q%L !ejjl"G$GG"ejjl"F$FF" U " "5:#4#4#6 7s""3*#AY--/F1I  rr)rrrrrr rrdrrrrr:s' G ,  rrcTd}tj||tjduS)aCheck to see if the `sub` is a properly formatted `mailto:` a `mailto:` should be a SMTP mail address. Mind you, since I run YouFailAtEmail.com, you have every right to yell about how terrible this check is. I really should be doing a proper component parse and valiate each component individually per RFC5341, instead I do the unholy regex you see below. :param sub: Candidate JWT `sub` :type sub: str :rtype: bool z^(mailto:.+@((localhost|[%\w-]+(\.[%\w-]+)+|([0-9a-f]{1,4}):+([0-9a-f]{1,4})?)))|https:\/\/(localhost|[\w-]+\.[\w\.-]+|([0-9a-f]{1,4}:+)+([0-9a-f]{1,4})?)$N)rrr)rpatterns rrrqs&mG 88GS"-- 0 <rsi   8J8145  Y W fW t4 g4 n=$ r