ó ‚¾^Yc@s¤dZddlZddlZddlZddlmZddlmZejZejZdZ dZ dZ ej e ƒZdefd„ƒYZd „Zy/dd lmZejZejZejZWn#ek rðdZdZeZnXy&dd lmZejZejZWnek r6dZdZnXerLeZeZn!eraeZeZn eZeZdd „Zd „Zd„Zd„Z dd„Z!dS(s)Crypto-related routines for oauth2client.iÿÿÿÿN(t_helpers(t_pure_python_crypti,i€QtAppIdentityErrorcBseZdZRS(s!Error to indicate crypto failure.(t__name__t __module__t__doc__(((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/crypt.pyR$scOstdƒ‚dS(Ns#pkcs12_key_as_pem requires OpenSSL.(tNotImplementedError(targstkwargs((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/crypt.pyt_bad_pkcs12_key_as_pem(s(t_openssl_crypt(t_pycrypto_cryptcCs±idd6dd6}|dk r-||d {1}: {2}N(tintttimeR.RRR/tMAX_TOKEN_LIFETIME_SECStCLOCK_SKEW_SECS(R0tnowt issued_att expirationtearliesttlatest((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/crypt.pyt_verify_time_rangešs(        c Csìtj|ƒ}|jdƒdkr<tdj|ƒƒ‚n|jdƒ\}}}|d|}tj|ƒ}tj|ƒ}ytjtj |ƒƒ}Wntdj|ƒƒ‚nXt |||j ƒƒt |ƒt ||ƒ|S(sþVerify a JWT against public certs. See http://self-issued.info/docs/draft-jones-json-web-token.html. Args: jwt: string, A JWT. certs: dict, Dictionary where values of public keys in PEM format. audience: string, The audience, 'aud', that this JWT should contain. If None then the JWT's 'aud' parameter is not verified. Returns: dict, The deserialized JSON payload in the JWT. Raises: AppIdentityError: if any checks are failed. Ris&Wrong number of segments in token: {0}sCan't parse token: {0}(Rt _to_bytestcountRR/tsplitt_urlsafe_b64decodetjsontloadst _from_bytesR,tvaluesR?R3( tjwtR)R1RRR!tmessage_to_signt payload_bytesR0((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/crypt.pytverify_signed_jwt_with_certsÏs   ("RRDtloggingR7t oauth2clientRRt RsaSignert RsaVerifierR9tAUTH_TOKEN_LIFETIME_SECSR8t getLoggerRRt ExceptionRR R t OpenSSLSignertOpenSSLVerifiertpkcs12_key_as_pemt ImportErrorRR tPyCryptoSignertPyCryptoVerifiertSignerR$R"R,R3R?RK(((s8/tmp/pip-build-kpPAdC/oauth2client/oauth2client/crypt.pytsT                     5