HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
Upload Files
File: //lib/python3/dist-packages/josepy/json_util.py
"""JSON (de)serialization framework.

The framework presented here is somewhat based on `Go's "json" package`_
(especially the ``omitempty`` functionality).

.. _`Go's "json" package`: http://golang.org/pkg/encoding/json/

"""
import abc
import binascii
import logging
from typing import (
    Any,
    Callable,
    Dict,
    Iterable,
    List,
    Mapping,
    Optional,
    Type,
    TypeVar,
)

from OpenSSL import crypto

from josepy import b64, errors, interfaces, util

logger = logging.getLogger(__name__)


def field(
    json_name: str,
    default: Any = None,
    omitempty: bool = False,
    decoder: Optional[Callable[[Any], Any]] = None,
    encoder: Optional[Callable[[Any], Any]] = None,
) -> Any:
    """Convenient function to declare a :class:`Field` with proper type annotations.

    This function allows to write the following code:

    import josepy
    class JSON(josepy.JSONObjectWithFields):
        typ: str = josepy.field('type')

        def other_type(self) -> str:
            return self.typ

    """
    return _TypedField(
        json_name=json_name, default=default, omitempty=omitempty, decoder=decoder, encoder=encoder
    )


class Field:
    """JSON object field.

    :class:`Field` is meant to be used together with
    :class:`JSONObjectWithFields`.

    ``encoder`` (``decoder``) is a callable that accepts a single
    parameter, i.e. a value to be encoded (decoded), and returns the
    serialized (deserialized) value. In case of errors it should raise
    :class:`~josepy.errors.SerializationError`
    (:class:`~josepy.errors.DeserializationError`).

    Note, that ``decoder`` should perform partial serialization only.

    :ivar str json_name: Name of the field when encoded to JSON.
    :ivar default: Default value (used when not present in JSON object).
    :ivar bool omitempty: If ``True`` and the field value is empty, then
        it will not be included in the serialized JSON object, and
        ``default`` will be used for deserialization. Otherwise, if ``False``,
        field is considered as required, value will always be included in the
        serialized JSON objected, and it must also be present when
        deserializing.

    """

    __slots__ = ("json_name", "default", "omitempty", "fdec", "fenc")

    def __init__(
        self,
        json_name: str,
        default: Any = None,
        omitempty: bool = False,
        decoder: Optional[Callable[[Any], Any]] = None,
        encoder: Optional[Callable[[Any], Any]] = None,
    ) -> None:
        self.json_name = json_name
        self.default = default
        self.omitempty = omitempty

        self.fdec = self.default_decoder if decoder is None else decoder
        self.fenc = self.default_encoder if encoder is None else encoder

    @classmethod
    def _empty(cls, value: Any) -> bool:
        """Is the provided value considered "empty" for this field?

        This is useful for subclasses that might want to override the
        definition of being empty, e.g. for some more exotic data types.

        """
        return not isinstance(value, bool) and not value

    def omit(self, value: Any) -> bool:
        """Omit the value in output?"""
        return self._empty(value) and self.omitempty

    def _update_params(self, **kwargs: Any) -> "Field":
        current = {
            "json_name": self.json_name,
            "default": self.default,
            "omitempty": self.omitempty,
            "decoder": self.fdec,
            "encoder": self.fenc,
            **kwargs,
        }
        return type(self)(**current)

    def decoder(self, fdec: Callable[[Any], Any]) -> "Field":
        """Descriptor to change the decoder on JSON object field."""
        return self._update_params(decoder=fdec)

    def encoder(self, fenc: Callable[[Any], Any]) -> "Field":
        """Descriptor to change the encoder on JSON object field."""
        return self._update_params(encoder=fenc)

    def decode(self, value: Any) -> Any:
        """Decode a value, optionally with context JSON object."""
        return self.fdec(value)

    def encode(self, value: Any) -> Any:
        """Encode a value, optionally with context JSON object."""
        return self.fenc(value)

    @classmethod
    def default_decoder(cls, value: Any) -> Any:
        """Default decoder.

        Recursively deserialize into immutable types (
        :class:`josepy.util.frozendict` instead of
        :func:`dict`, :func:`tuple` instead of :func:`list`).

        """
        # bases cases for different types returned by json.loads
        if isinstance(value, list):
            return tuple(cls.default_decoder(subvalue) for subvalue in value)
        elif isinstance(value, dict):
            return util.frozendict(
                {
                    cls.default_decoder(key): cls.default_decoder(value)
                    for key, value in value.items()
                }
            )
        else:  # integer or string
            return value

    @classmethod
    def default_encoder(cls, value: Any) -> Any:
        """Default (passthrough) encoder."""
        # field.to_partial_json() is no good as encoder has to do partial
        # serialization only
        return value


class _TypedField(Field):
    """Specialized class to mark a JSON object field with typed annotations.

    This class is kept private because fields are supposed to be declared
    using the :function:`field` in this situation.

    In the future the :class:`Field` may be removed in favor of this one."""


class JSONObjectWithFieldsMeta(abc.ABCMeta):
    """Metaclass for :class:`JSONObjectWithFields` and its subclasses.

    It makes sure that, for any class ``cls`` with ``__metaclass__``
    set to ``JSONObjectWithFieldsMeta``:

    1. All fields (attributes of type :class:`Field`) in the class
       definition are moved to the ``cls._fields`` dictionary, where
       keys are field attribute names and values are fields themselves.

    2. ``cls.__slots__`` is extended by all field attribute names
       (i.e. not :attr:`Field.json_name`). Original ``cls.__slots__``
       are stored in ``cls._orig_slots``.

    In a consequence, for a field attribute name ``some_field``,
    ``cls.some_field`` will be a slot descriptor and not an instance
    of :class:`Field`. For example::

      some_field = Field('someField', default=())

      class Foo:
          __metaclass__ = JSONObjectWithFieldsMeta
          __slots__ = ('baz',)
          some_field = some_field

      assert Foo.__slots__ == ('some_field', 'baz')
      assert Foo._orig_slots == ()
      assert Foo.some_field is not Field

      assert Foo._fields.keys() == ['some_field']
      assert Foo._fields['some_field'] is some_field

    As an implementation note, this metaclass inherits from
    :class:`abc.ABCMeta` (and not the usual :class:`type`) to mitigate
    the metaclass conflict (:class:`ImmutableMap` and
    :class:`JSONDeSerializable`, parents of :class:`JSONObjectWithFields`,
    use :class:`abc.ABCMeta` as its metaclass).

    """

    _fields: Dict[str, Field] = {}
    _orig_slots: Iterable[str]

    def __new__(
        mcs, name: str, bases: List[str], namespace: Dict[str, Any]
    ) -> "JSONObjectWithFieldsMeta":
        fields: Dict[str, Field] = {}

        for base in bases:
            fields.update(getattr(base, "_fields", {}))
        # Do not reorder, this class might override fields from base classes!
        # We use a copy of namespace in the loop because the loop modifies it.
        for key, value in namespace.copy().items():
            if isinstance(value, Field):
                if isinstance(value, _TypedField):
                    # Ensure the type annotation has been set for the field.
                    # Error out if it is not the case.
                    if key not in namespace.get("__annotations__", {}):
                        raise ValueError(
                            f"Field `{key}` in JSONObject `{name}` has no type annotation."
                        )
                fields[key] = namespace.pop(key)

        namespace["_orig_slots"] = namespace.get("__slots__", ())
        namespace["__slots__"] = tuple(list(namespace["_orig_slots"]) + list(fields.keys()))
        namespace["_fields"] = fields

        return abc.ABCMeta.__new__(mcs, name, bases, namespace)  # type: ignore[arg-type]


GenericJSONObjectWithFields = TypeVar("GenericJSONObjectWithFields", bound="JSONObjectWithFields")


class JSONObjectWithFields(
    util.ImmutableMap, interfaces.JSONDeSerializable, metaclass=JSONObjectWithFieldsMeta
):
    """JSON object with fields.

    Example::

      class Foo(JSONObjectWithFields):
          bar = Field('Bar')
          empty = Field('Empty', omitempty=True)

          @bar.encoder
          def bar(value):
              return value + 'bar'

          @bar.decoder
          def bar(value):
              if not value.endswith('bar'):
                  raise errors.DeserializationError('No bar suffix!')
              return value[:-3]

      assert Foo(bar='baz').to_partial_json() == {'Bar': 'bazbar'}
      assert Foo.from_json({'Bar': 'bazbar'}) == Foo(bar='baz')
      assert (Foo.from_json({'Bar': 'bazbar', 'Empty': '!'})
              == Foo(bar='baz', empty='!'))
      assert Foo(bar='baz').bar == 'baz'

    """

    @classmethod
    def _defaults(cls) -> Dict[str, Any]:
        """Get default fields values."""
        return {slot: field.default for slot, field in cls._fields.items()}

    def __init__(self, **kwargs: Any) -> None:
        super().__init__(**{**self._defaults(), **kwargs})

    def encode(self, name: str) -> Any:
        """Encode a single field.

        :param str name: Name of the field to be encoded.

        :raises errors.SerializationError: if field cannot be serialized
        :raises errors.Error: if field could not be found

        """
        try:
            field = self._fields[name]  # type: ignore[attr-defined]
        except KeyError:
            raise errors.Error("Field not found: {0}".format(name))

        return field.encode(getattr(self, name))

    def fields_to_partial_json(self) -> Dict[str, Any]:
        """Serialize fields to JSON."""
        jobj = {}
        omitted = set()
        for slot, field in self._fields.items():  # type: ignore[attr-defined]
            value = getattr(self, slot)

            if field.omit(value):
                omitted.add((slot, value))
            else:
                try:
                    jobj[field.json_name] = field.encode(value)
                except errors.SerializationError as error:
                    raise errors.SerializationError(
                        "Could not encode {0} ({1}): {2}".format(slot, value, error)
                    )
        return jobj

    def to_partial_json(self) -> Dict[str, Any]:
        return self.fields_to_partial_json()

    @classmethod
    def _check_required(cls, jobj: Mapping[str, Any]) -> None:
        missing = set()
        for _, field in cls._fields.items():
            if not field.omitempty and field.json_name not in jobj:
                missing.add(field.json_name)

        if missing:
            raise errors.DeserializationError(
                "The following fields are required: {0}".format(",".join(missing))
            )

    @classmethod
    def fields_from_json(cls, jobj: Mapping[str, Any]) -> Any:
        """Deserialize fields from JSON."""
        cls._check_required(jobj)
        fields = {}
        for slot, field in cls._fields.items():
            if field.json_name not in jobj and field.omitempty:
                fields[slot] = field.default
            else:
                value = jobj[field.json_name]
                try:
                    fields[slot] = field.decode(value)
                except errors.DeserializationError as error:
                    raise errors.DeserializationError(
                        "Could not decode {0!r} ({1!r}): {2}".format(slot, value, error)
                    )
        return fields

    @classmethod
    def from_json(
        cls: Type[GenericJSONObjectWithFields], jobj: Mapping[str, Any]
    ) -> GenericJSONObjectWithFields:
        return cls(**cls.fields_from_json(jobj))


def encode_b64jose(data: bytes) -> str:
    """Encode JOSE Base-64 field.

    :param bytes data:
    :rtype: `str`

    """
    # b64encode produces ASCII characters only
    return b64.b64encode(data).decode("ascii")


def decode_b64jose(data: str, size: Optional[int] = None, minimum: bool = False) -> bytes:
    """Decode JOSE Base-64 field.

    :param unicode data:
    :param int size: Required length (after decoding).
    :param bool minimum: If ``True``, then `size` will be treated as
        minimum required length, as opposed to exact equality.

    :rtype: bytes

    """
    try:
        decoded = b64.b64decode(data.encode())
    except binascii.Error as error:
        raise errors.DeserializationError(error)

    if size is not None and (
        (not minimum and len(decoded) != size) or (minimum and len(decoded) < size)
    ):
        raise errors.DeserializationError("Expected at least or exactly {0} bytes".format(size))

    return decoded


def encode_hex16(value: bytes) -> str:
    """Hexlify.

    :param bytes value:
    :rtype: unicode

    """
    return binascii.hexlify(value).decode()


def decode_hex16(value: str, size: Optional[int] = None, minimum: bool = False) -> bytes:
    """Decode hexlified field.

    :param unicode value:
    :param int size: Required length (after decoding).
    :param bool minimum: If ``True``, then `size` will be treated as
        minimum required length, as opposed to exact equality.

    :rtype: bytes

    """
    value_b = value.encode()
    if size is not None and (
        (not minimum and len(value_b) != size * 2) or (minimum and len(value_b) < size * 2)
    ):
        raise errors.DeserializationError()
    try:
        return binascii.unhexlify(value_b)
    except binascii.Error as error:
        raise errors.DeserializationError(error)


def encode_cert(cert: util.ComparableX509) -> str:
    """Encode certificate as JOSE Base-64 DER.

    :type cert: `OpenSSL.crypto.X509` wrapped in `.ComparableX509`
    :rtype: unicode

    """
    if isinstance(cert.wrapped, crypto.X509Req):
        raise ValueError("Error input is actually a certificate request.")

    return encode_b64jose(crypto.dump_certificate(crypto.FILETYPE_ASN1, cert.wrapped))


def decode_cert(b64der: str) -> util.ComparableX509:
    """Decode JOSE Base-64 DER-encoded certificate.

    :param unicode b64der:
    :rtype: `OpenSSL.crypto.X509` wrapped in `.ComparableX509`

    """
    try:
        return util.ComparableX509(
            crypto.load_certificate(crypto.FILETYPE_ASN1, decode_b64jose(b64der))
        )
    except crypto.Error as error:
        raise errors.DeserializationError(error)


def encode_csr(csr: util.ComparableX509) -> str:
    """Encode CSR as JOSE Base-64 DER.

    :type csr: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`
    :rtype: unicode

    """
    if isinstance(csr.wrapped, crypto.X509):
        raise ValueError("Error input is actually a certificate.")

    return encode_b64jose(crypto.dump_certificate_request(crypto.FILETYPE_ASN1, csr.wrapped))


def decode_csr(b64der: str) -> util.ComparableX509:
    """Decode JOSE Base-64 DER-encoded CSR.

    :param unicode b64der:
    :rtype: `OpenSSL.crypto.X509Req` wrapped in `.ComparableX509`

    """
    try:
        return util.ComparableX509(
            crypto.load_certificate_request(crypto.FILETYPE_ASN1, decode_b64jose(b64der))
        )
    except crypto.Error as error:
        raise errors.DeserializationError(error)


GenericTypedJSONObjectWithFields = TypeVar(
    "GenericTypedJSONObjectWithFields", bound="TypedJSONObjectWithFields"
)


class TypedJSONObjectWithFields(JSONObjectWithFields):
    """JSON object with type."""

    typ: str = NotImplemented
    """Type of the object. Subclasses must override."""

    type_field_name: str = "type"
    """Field name used to distinguish different object types.

    Subclasses will probably have to override this.

    """

    TYPES: Dict[str, Type] = NotImplemented
    """Types registered for JSON deserialization"""

    @classmethod
    def register(
        cls, type_cls: Type[GenericTypedJSONObjectWithFields], typ: Optional[str] = None
    ) -> Type[GenericTypedJSONObjectWithFields]:
        """Register class for JSON deserialization."""
        typ = type_cls.typ if typ is None else typ
        cls.TYPES[typ] = type_cls
        return type_cls

    @classmethod
    def get_type_cls(cls, jobj: Mapping[str, Any]) -> Type["TypedJSONObjectWithFields"]:
        """Get the registered class for ``jobj``."""
        if cls in cls.TYPES.values():
            if cls.type_field_name not in jobj:
                raise errors.DeserializationError(
                    "Missing type field ({0})".format(cls.type_field_name)
                )
            # cls is already registered type_cls, force to use it
            # so that, e.g Revocation.from_json(jobj) fails if
            # jobj["type"] != "revocation".
            return cls

        if not isinstance(jobj, dict):
            raise errors.DeserializationError("{0} is not a dictionary object".format(jobj))
        try:
            typ = jobj[cls.type_field_name]
        except KeyError:
            raise errors.DeserializationError("missing type field")

        try:
            return cls.TYPES[typ]
        except KeyError:
            raise errors.UnrecognizedTypeError(typ, jobj)

    def to_partial_json(self) -> Dict[str, Any]:
        """Get JSON serializable object.

        :returns: Serializable JSON object representing ACME typed object.
            :meth:`validate` will almost certainly not work, due to reasons
            explained in :class:`josepy.interfaces.IJSONSerializable`.
        :rtype: dict

        """
        jobj = self.fields_to_partial_json()
        jobj[self.type_field_name] = self.typ
        return jobj

    @classmethod
    def from_json(cls, jobj: Mapping[str, Any]) -> "TypedJSONObjectWithFields":
        """Deserialize ACME object from valid JSON object.

        :raises josepy.errors.UnrecognizedTypeError: if type
            of the ACME object has not been registered.

        """
        # make sure subclasses don't cause infinite recursive from_json calls
        type_cls = cls.get_type_cls(jobj)
        return type_cls(**type_cls.fields_from_json(jobj))