]hMdZddlZddlZddlZddlZddlmZddlmZddlmZddlm Z ddl Z ddl Z ddl Z ddlmZddlmZdd lmZd Zd Zd Zd Zeej.dj1Zeej.dj1Zeej.dj1ZdZegdZdZdZ dZ!dZ"Gdde jFjHjJZ&GddZ'GddZ(Gd d!e jRZ*Gd"d#Z+Gd$d%Z,Gd&d'ejZZ.Gd(d)ejZZ/Gd*d+ej`Z1Gd,d-ej`Z2Gd.d/ejfZ4Gd0d1e4Z5Gd2d3e4Z6y)4z1Firebase token minting and validation sub module.N) credentials)iam)jwt) transport) exceptions) _auth_utils) _http_clientzhttps://securetoken.google.com/zXhttps://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.comz$https://session.firebase.google.com/zEhttps://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys)minutes)days)hourszYhttps://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit)acramrat_hashaud auth_timeazpcnfc_hashexpfirebaseiatissjtinbfnoncesubzZhttp://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/emailRS256nonez"firebase-auth-emulator@example.comceZdZdZdZdZy)_EmulatedSignerNcyNselfs _/var/www/html/Kila-kolis-project/venv/lib/python3.12/site-packages/firebase_admin/_token_gen.py__init__z_EmulatedSigner.__init__Bs cy)Nr+r&r(messages r)signz_EmulatedSigner.signEsr+)__name__ __module__ __qualname__key_idr*r/r&r+r)r#r#?s F r+r#czeZdZdZefdZedZedZedZ e dZ e dZ e dZ y ) _SigningProviderz2Stores a reference to a google.auth.crypto.Signer.c.||_||_||_yr%)_signer _signer_email_alg)r(signer signer_emailalgs r)r*z_SigningProvider.__init__Ls ) r+c|jSr%)r7r's r)r:z_SigningProvider.signerQs ||r+c|jSr%)r8r's r)r;z_SigningProvider.signer_emailUs!!!r+c|jSr%)r9r's r)r<z_SigningProvider.algYs yyr+cBt|j|jSr%)r5r:r;)cls google_creds r)from_credentialz _SigningProvider.from_credential]s 2 2K4L4LMMr+cHtj|||}t||Sr%)rSignerr5)rArequestrBservice_accountr:s r)from_iamz_SigningProvider.from_iamas!G[/B88r+c<ttttSr%)r5r#AUTH_EMULATOR_EMAILALGORITHM_NONE)rAs r) for_emulatorz_SigningProvider.for_emulatorfs 13FWWr+N)r0r1r2__doc__ALGORITHM_RS256r*propertyr:r;r< classmethodrCrHrLr&r+r)r5r5Is<1@ ""NN99XXr+r5c@eZdZdZdZd dZdZedZd dZ dZ y) TokenGeneratorz,Generates custom tokens and session cookies.z)https://identitytoolkit.googleapis.com/v1Nc||_||_tjj |_|xs |j }dj||j|_ d|_ y)Nz{0}/projects/{1}) app http_clientrrequestsRequestrFID_TOOLKIT_URLformat project_idbase_url_signing_provider)r(rTrU url_override url_prefixs r)r*zTokenGenerator.__init__psW& ))113 !8T%8%8 *11*cnnM !%r+c8tjrtjS|jj j }t|tjjjrtj|S|jjjd}|r!tj|j ||St|t"j$rtj|S|j!t&ddi}|j(dk7r2t+dj-|j.j1|j.j1}tj|j ||S)zPInitializes a signing provider by following the go/firebase-admin-sign protocol.serviceAccountIdzMetadata-FlavorGoogle)urlheadersz2Failed to contact the local metadata service: {0}.)r is_emulatedr5rLrT credentialget_credential isinstancegoogleoauth2rG CredentialsrCoptionsgetrHrFrSigningMETADATA_SERVICE_URLstatus ValueErrorrYdatadecode)r(rBrGresps r)_init_signing_providerz%TokenGenerator._init_signing_providerxs9  " " $#002 2hh))88: k6==#@#@#L#L M#33K@ @((**../AB #,,T\\;X X k;#6#6 7#33K@ @|| 4?PRZ>[|\ ;;# DKKDIIL\L\L^_a a))**,(({OTTr+c|js" |j|_|jS|jS#t$r"}d}tdj ||d}~wwxYw)z@Initializes and returns the SigningProvider instance to be used.z@https://firebase.google.com/docs/auth/admin/create-custom-tokenszFailed to determine service account: {0}. Make sure to initialize the SDK with service account credentials or specify a service account ID with iam.serviceAccounts.signBlob permission. Please refer to {1} for more details on creating custom tokens.N)r\ru ExceptionrqrY)r(errorrbs r)signing_providerzTokenGenerator.signing_providersy%% M)-)D)D)F&%%%t%%% MX 9:@s9K MM Ms; A&A!!A&cV|t|ts tdt|j t z}|rdt |dkDr+djdj|}t|djdj|}t||rt|trt |dkDr td|j}ttj}|j|jt|||tzd }|r||d <|||d <d |j i} t#j$|j&|| S#t(j*j,j.$r"} dj| } t1| | d} ~ wwxYw)z.Builds and signs a Firebase custom auth token.Nz%developer_claims must be a dictionaryrz:Developer claims {0} are reserved and cannot be specified.z, z8Developer claim {0} is reserved and cannot be specified.z2uid must be a string between 1 and 128 characters.)rrruidrr tenant_idclaimsr<)headerz Failed to sign custom token. {0})rhdictrqsetkeysRESERVED_CLAIMSlenrYjoinstrryinttimer;FIREBASE_AUDIENCEMAX_TOKEN_LIFETIME_SECONDSr<rencoder:riauthrTransportErrorTokenSignError) r(r|developer_claimsr}disallowed_keys error_messagerynowpayloadrrxmsgs r)create_custom_tokenz"TokenGenerator.create_custom_tokens  '.5 !HII!"2"7"7"9:_LO'!+&< > ?s.!F G'F<<Gr%)NN) r0r1r2rMrXr*rurOryrrr&r+r)rRrRks46@N&U: & &*-Z -r+rRc@eZdZdZddZedZedZddZy) CertificateFetchRequestzyA google-auth transport that supports HTTP cache-control. Also injects a timeout to each outgoing HTTP request. Nctjtj|_t jj |j|_||_ yr%) cachecontrol CacheControlrVSession_sessionrrWsession _delegate_timeout_seconds)r(timeout_secondss r)r*z CertificateFetchRequest.__init__sA$11(2B2B2DE "++33DLLA /r+c|jSr%)rr's r)rzCertificateFetchRequest.sessions }}r+c|jSr%)rr's r)rz'CertificateFetchRequest.timeout_secondss$$$r+c R|xs |j}|j|f||||d|S)N)methodrrctimeout)rr)r(rbrrrcrkwargss r)__call__z CertificateFetchRequest.__call__sB1T11t~~ WT7GWOUW Wr+r%)GETNNN) r0r1r2rMr*rOrrrr&r+r)rrs: 0 %%Wr+rc&eZdZdZdZddZddZy) TokenVerifierz'Verifies ID tokens and session cookies.c T|jjdtj}t ||_t |jdddtttjt|_ t |jdddttt t"|_y)N httpTimeoutzID tokenzverify_id_token()zDVDNN=S U U  !%7"%<]*+- -11%8U#;;u%++e$++7 ((.t(?  : @ @4?? [ **, ( (0H0HI &**U"3zz% G+ 11"'7;;sB+?"?#VDNND4L4LM!C I I$// Z fjj/7:#VDOOVZZ5FH[\  (%%+VDOOT__h,@BU&W  &%%+VDOO_f,@BU&W _Jw$<fT__.AB fT__.AB \C fT__.AB  ++M: : E")"(--"8"8"E"E#!__"mm*< #F#> &5U%;OE "" "{{%%44 A'E %@ @ E#e*,//E %/HH++CJe+D D Es&AN))'P<O&& P<2AP77P<c tj|}tj|d}||fS#t$r!}|j t ||d}~wwxYw)NF)rr)r decode_headerrsrqrr)r(rrrrxs r)rz_JWTVerifier._decode_unverifieds^ E&&u-Fjju5G7? " E++CJe+D D Es/2 AAANr)r0r1r2rMr*rrr&r+r)rr+s@ F^E@Er+rceZdZdZdZy)rz7Unexpected error while signing a Firebase custom token.cFtjj|||yr%r UnknownErrorr*r(r.rs r)r*zTokenSignError.__init__((w>r+Nr0r1r2rMr*r&r+r)rrs A?r+rceZdZdZdZy)rzHFailed to fetch some public key certificates required to verify a token.cFtjj|||yr%rrs r)r*zCertificateFetchError.__init__rr+Nrr&r+r)rrs R?r+rceZdZdZdZy)rz!The provided ID token is expired.cFtjj|||yr%rrr*rs r)r*zExpiredIdTokenError.__init__s''00wFr+Nrr&r+r)rrs +Gr+rceZdZdZdZy)RevokedIdTokenErrorz'The provided ID token has been revoked.cDtjj||yr%r r-s r)r*zRevokedIdTokenError.__init__s''00w?r+Nrr&r+r)r r s 1@r+r ceZdZdZddZy)rz;The provided string is not a valid Firebase session cookie.NcFtjj|||yr%)rInvalidArgumentErrorr*rs r)r*z"InvalidSessionCookieError.__init__s''00wFr+r%rr&r+r)rrs EGr+rceZdZdZdZy)rz'The provided session cookie is expired.c2tj|||yr%rr*rs r)r*z"ExpiredSessionCookieError.__init__s!**4%@r+Nrr&r+r)rrs 1Ar+rceZdZdZdZy)RevokedSessionCookieErrorz-The provided session cookie has been revoked.c0tj||yr%rr-s r)r*z"RevokedSessionCookieError.__init__s!**49r+Nrr&r+r)rrs 7:r+r)7rMrrrrV google.authrrrrgoogle.auth.exceptionsrigoogle.oauth2.id_tokengoogle.oauth2.service_accountfirebase_adminrrr rrrrrrrrrrrrrrorNrKrJrcryptrEr#r5rRrWrrrrrrrrr rrrrr&r+r)rs8 #!$%&';>>Y&)*<(*<*