hdZddlmZmZddlZddlmZmZmZmZddlm Z m Z m Z ddl m Z dZdefd Zdd edeeeffd ZGd d ZGddZdS)zFirebase App Check module.)AnyDictN) PyJWKClientExpiredSignatureErrorInvalidTokenError DecodeError)InvalidAudienceErrorInvalidIssuerErrorInvalidSignatureError)_utils _app_checkreturncBtj|ttSN)r get_app_service_APP_CHECK_ATTRIBUTE_AppCheckService)apps \/var/www/html/e360mart/e360mart_env/lib/python3.11/site-packages/firebase_admin/app_check.py_get_app_check_servicers  !#';=M N NNtokencFt||S)aVerifies a Firebase App Check token. Args: token: A token from App Check. app: An App instance (optional). Returns: Dict[str, Any]: The token's decoded claims. Raises: ValueError: If the app's ``project_id`` is invalid or unspecified, or if the token's headers or payload are invalid. PyJWKClientError: If PyJWKClient fails to fetch a valid signing key. )r verify_token)rrs rrrs  "# & & 3 3E : ::rceZdZdZdZdZdZdZdZde j iZ dZ de dee effd Zd eddfd Zde d e fd ZdS)rz?Service class that implements Firebase App Check functionality.z(https://firebaseappcheck.googleapis.com/z/https://firebaseappcheck.googleapis.com/v1/jwksNzx-goog-api-clientc|j|_|jstdd|jz|_t |jd|j|_dS)NzA project ID must be specified to access the App Check service. Either set the projectId option, use service account credentials, or set the GOOGLE_CLOUD_PROJECT environment variable.z projects/i`T)lifespanheaders) project_id _project_id ValueError_scoped_project_idr _JWKS_URL_APP_CHECK_HEADERS _jwks_client)selfrs r__init__z_AppCheckService.__init__:sk> >=>> > #.">' NUD4KMMMrrrctd| |j|}|t j||||j}n,#ttf$r}td||d}~wwxYw| d|d<|S)z$Verifies a Firebase App Check token.zapp check tokenz)Verifying App Check token failed. Error: Nsubapp_id) _Validators check_stringr%get_signing_key_from_jwt_has_valid_token_headersjwtget_unverified_header_decode_and_verifykeyrrr!get)r&r signing_keyverified_claims exceptions rrz_AppCheckService.verify_tokenIs  !2E:::  !+DDUKKK  ) )#*CE*J*J K K K"55e[_MMOO!;/ ! ! !GIGG  ! ! %4$7$7$>$>!sAA::B# BB#rc|ddkrtd|d}|dkrtd|ddS) z9Checks whether the token has valid headers for App Check.typJWTz9The provided App Check token has an incorrect type headeralgRS256zQThe provided App Check token has an incorrect alg header. Expected RS256 but got .N)r3r!)r&r algorithms rr.z)_AppCheckService._has_valid_token_headers\sw ;;u   & &XYY YKK&&   7*3777  rr4ci} tj||dg|j}n#t$r}t d|d}~wt $r}t d|jd|d}~wt $r}t d|j|d}~wt$r}t d|d}~wt$r}t d ||d}~wwxYw| d }t|tr |j|vrt d | d  |jst d td| d|S)z.Decodes and verifies the token from App Check.r;) algorithmsaudiencez6The provided App Check token has an invalid signature.NzbThe provided App Check token has an incorrect "aud" (audience) claim. Expected payload to include r<z^The provided App Check token has an incorrect "iss" (issuer) claim. Expected claim to include z)The provided App Check token has expired.z(Decoding App Check token failed. Error: audz>Firebase App Check token has incorrect "aud" (audience) claim.issz2Token does not contain the correct "iss" (issuer).z2The provided App Check token "sub" (subject) claimr))r/decoder"r r!r r _APP_CHECK_ISSUERrrr3 isinstancelist startswithr+r,)r&rr4payloadr6r@s rr1z#_AppCheckService._decode_and_verifyis !j#90 GG % ! ! !H  !$ ! ! !J/3/FJJJ! !" ! ! !F-1-CFF! !% ! ! !;  !! ! ! !F9FF  ! ! ;;u%%(D)) _T-DH-T-T]^^ ^{{5!!,,T-CDD SQRR R  @ KK     sB# C = C  A## C 0B C B%% C 2CC )__name__ __module__ __qualname____doc__rDr#r r"r%r get_metrics_headerr$r'strrrrr.r1rrrr-sIIBAIKL 6V688 M M M#$sCx.&      **#******rrc2eZdZdZededefdZdS)r+zA collection of data validation utilities. Methods provided in this class raise ``ValueErrors`` if any validations fail. labelvaluec|t|d|dt|tst|d|ddS)z&Checks if the given value is a string.Nz "z" must be a non-empty string.z" must be a string.)r!rErN)clsrQrRs rr,z_Validators.check_stringsf =MMMMMNN N%%% ECCCCCDD D E ErN)rIrJrKrL classmethodrNrr,rOrrr+r+sT EESEEE[EEErr+r)rLtypingrrr/rrrrr r r firebase_adminr rrrNrrr+rOrrrXsD!  RRRRRRRRRRRROOOOOOOOOO!!!!!!#O3OOOO;;;$sCx.;;;;"ffffffffP E E E E E E E E E Er