o MiN@sddlZddlZddlZddlZddlmZmZmZddlm Z ddl Z ddl Z ddl Z ddl Z dddZ dd d Z dd d ZddZddZddZddZdS)N)Cipher algorithmsmodes)default_backendHS256cCs|d||d}tj|dd}t|ddd}t|ddd}|d|} |d} |dkrHt| | dt j  } n+|d krZt| | dt j  } n|d krlt| | dt j  } ntd |t| dd} |d|d| } | S) a Sign data using JWS with HMAC for BillDesk integration Args: payload_string (str): The data to sign (usually encrypted JWE) signing_key (str): BillDesk provided signing key key_id (str): BillDesk provided signing key ID client_id (str): BillDesk provided client ID algorithm (str): JWS algorithm (default: "HS256") Returns: str: JWS signed string JWT)algtypkidclientid,: separatorsutf-8=.rHS384HS512Unsupported algorithm: )jsondumpsbase64urlsafe_b64encodeencodedecoderstriphmacnewhashlibsha256digestsha384sha512 ValueError)payload_string signing_keykey_id client_id algorithm jws_header header_json header_b64 payload_b64 signing_inputsigning_key_bytes signature signature_b64jws_signed_datar4?/var/www/html/Testing_prj/Navya-Bakers/orders/billdesk_utils.pysign_jws_billdesk s( r6356DIRECT 123.0.0.1c  Cshdtt|td|| || d| dddd} tj| dd } t| |||}t||||}| ||fS) a Complete BillDesk payment flow: Create payload -> Encrypt with JWE -> Sign with JWS Args: merc_id (str): Merchant ID amount (str): Payment amount return_url (str): Return URL encryption_key (str): Encryption key enc_key_id (str): Encryption key ID enc_client_id (str): Encryption client ID signing_key (str): Signing key sign_key_id (str): Signing key ID sign_client_id (str): Signing client ID currency (str): Currency code (default: "356" for INR) itemcode (str): Item code (default: "DIRECT") user_ip (str): User's IP address Returns: tuple: (original_payload, encrypted_data, signed_data) TEST%Y-%m-%dT%H:%M:%S+05:30internetIMozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0gapplication/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 init_channelip user_agent accept_headerorderidmercid order_dateamountcurrencyruitemcodedevicer r)inttimestrftimerrencrypt_jwe_billdeskr6)merc_idrH return_urlencryption_key enc_key_id enc_client_idr' sign_key_idsign_client_idrIrKuser_ippayload payload_jsonencrypted_data signed_datar4r4r5!encrypt_and_sign_billdesk_payment@s" r]c CsPdtt|td||||d|dddd} tj| dd } t| |||S) a\ Create and encrypt a BillDesk payment payload Args: merc_id (str): Merchant ID provided by BillDesk amount (str): Payment amount return_url (str): Return URL after payment encryption_key (str): BillDesk provided encryption key key_id (str): BillDesk provided encryption key ID client_id (str): BillDesk provided client ID currency (str): Currency code (default: "356" for INR) itemcode (str): Item code (default: "DIRECT") user_ip (str): User's IP address Returns: str: JWE encrypted payment data r:r;r<r=r>r?rDr r)rMrNrOrrrP) rQrHrRrSr(r)rIrKrXrYrZr4r4r5encrypt_billdesk_paymentvsr^c CsB|d}t|dkr|dd}n t|dkr|dd}dd||d}tj|dd }t|ddd }t d }t t |t|td } | } |d } | | |d} | | | } | j}d}t|dd }t| dd }t|dd }|d|d|d|d| }|S)aq Encrypt data using JWE with AES-256-GCM for BillDesk integration Args: response_string (str): The payload to encrypt encryption_key (str): BillDesk provided encryption key key_id (str): BillDesk provided encryption key ID client_id (str): BillDesk provided client ID Returns: str: JWE encrypted string r NdirA256GCM)rencr r r rr backendasciir)rlenljustrrrrrrosurandomrrAESrGCMr encryptorauthenticate_additional_dataupdatefinalizetag)response_stringrSr(r)key jwe_headerr,r-ivcipherroaad payload_bytes ciphertextauth_tag encrypted_keyiv_b64ciphertext_b64tag_b64jwe_encrypted_datar4r4r5rPs4         rPc Csz|d}t|dkr@|\}}}|ddt|dd}z t|d}Wn(ty?}z tdt|d}~wwt|dkrI|}n tdt|d |d} t| dkrgtd t| | \} } } } }| ddt| dd}zt|d}t |}Wnty}z td t|d}~ww| d d krtd| d d| ddkrtd| ddz$| d}| drt |dd}t|dkrtdt|Wnty}z tdt|d}~wwdd}| r tdz|| }|| }||}Wnty.}z tdt|d}~wwt|dkr@tdt|dz(tt|t||td}|}| d }|||||}Wnty~}z td!t|d}~wwz |d}t |}Wn,tjy}z td"t|d}~wty}z td#t|d}~wwt|tstd$||WStd!t|)%NrrrzFailed to decode JWS payload: zInvalid format - got z# parts, expected 3 (JWS) or 5 (JWE)z,Invalid JWE format - must have 5 parts, got z&Failed to decode or parse JWE header: rrarz, expected 'dir'rcrbzUnsupported encryption method: z, expected 'A256GCM'zb64:r_z%Encryption key must be 32 bytes, got zInvalid encryption key: cSs&|ddt|dd}t|S)Nrr)rirurlsafe_b64decode)datapaddedr4r4r5base64url_decode#s z!decrypt..base64url_decodez0Expected empty encrypted key for 'dir' algorithmz!Failed to decode JWE components: rdzInvalid IV length: z , expected 12rergDecryption failed: z Failed to parse decrypted JSON: z!Failed to decode decrypted data: z$Decrypted data is not a dictionary: )splitrirrr Exceptionr%strrloadsgetr startswith b64decoderrrmrrnr decryptorrprqrrJSONDecodeError isinstancedict)r[rSpartsjws_header_b64jws_payload_b64jws_signature_b64jws_payload_paddedre jwe_partsr-encrypted_key_b64r~rrheader_b64_paddedr,headerrurrwr{r|rxrrydecrypted_bytesdecrypted_stringdecrypted_jsonr4r4r5decrypts              rc Cs<zt||}|WSty}z tdt|d}~ww)a Decrypt JWE data using AES-256-GCM for BillDesk integration Handles both direct JWE and nested JWS->JWE formats Args: encrypted_data (str): The JWE encrypted string or JWS containing JWE encryption_key (str): BillDesk provided encryption key Returns: dict: Decrypted and parsed JSON payload with 'bdorderid' key Raises: ValueError: If decryption, JSON parsing, or structure validation fails rN)rrr%r)r[rSrrr4r4r5decrypt_jwe_billdeskOs rc Cs&|d}tdt|t|dkrtd|\}}}z'|ddt|dd}tt|d}tdtj|d d Wntd Yzg|ddt|dd}t|d}td ||d} td t| t| dkrz+| dddt| ddd} tt| d} tdtj| d d WntdYWnXt y} z td| WYd} ~ nDd} ~ wwt|dkr tdz+|dddt|ddd} tt| d}tdtj|d d WntdYtddS)z? Analyze the structure of encrypted data from BillDesk rzNumber of parts: rz Format: JWS (JSON Web Signature)rrrz JWS Header: )indentzCould not decode JWS headerzJWS Payload (JWE): zJWE parts in payload: rrz JWE Header: zCould not decode JWE headerzCould not decode JWS payload: Nz!Format: JWE (JSON Web Encryption)z2--------------------------------------------------) rprintrirrrrrrr)r[rrrrjws_header_paddedr+r jws_payloadrjwe_header_paddedrvr header_paddedrr4r4r5analyze_encrypted_dataesL      $ $  r)r)r7r8r9)rrrr &cryptography.hazmat.primitives.ciphersrrrcryptography.hazmat.backendsrrkrNrequestsuuidr6r]r^rPrrrr4r4r4r5s"  9 7 .Aj