Add stubs for Python-Jose (#7613)

stubs/python-jose/@tests/stubtest_allowlist.txt

@@ -0,0 +1,9 @@
+jose.backends.cryptography_backend
+jose.backends.CryptographyAESKey
+jose.backends.CryptographyECKey
+jose.backends.CryptographyHMACKey
+jose.backends.CryptographyRSAKey
+jose.backends.ECDSAECKey
+jose.backends.ECKey
+jose.backends.HMACKey
+jose.backends.RSAKey

stubs/python-jose/METADATA.toml

@@ -0,0 +1,2 @@
+version = "3.3.*"
+requires = [] # excluding pyasn1 until typing is available

stubs/python-jose/jose/__init__.pyi

@@ -0,0 +1,9 @@
+from .exceptions import (
+    ExpiredSignatureError as ExpiredSignatureError,
+    JOSEError as JOSEError,
+    JWSError as JWSError,
+    JWTError as JWTError,
+)
+
+__license__: str
+__version__: str

stubs/python-jose/jose/backends/__init__.pyi

@@ -0,0 +1,21 @@
+from collections.abc import Callable
+
+from .base import DIRKey as DIRKey
+from .cryptography_backend import (
+    CryptographyAESKey as CryptographyAESKey,
+    CryptographyECKey as CryptographyECKey,
+    CryptographyHMACKey as CryptographyHMACKey,
+    CryptographyRSAKey as CryptographyRSAKey,
+)
+from .ecdsa_backend import ECDSAECKey as ECDSAECKey
+from .native import HMACKey as NativeHMACKey
+from .rsa_backend import RSAKey as BackendRSAKey
+
+# python-jose relies on importing from cryptography_backend
+# then falling back on other imports
+# these are all the potential options
+AESKey: CryptographyAESKey | None
+HMACKey: CryptographyHMACKey | NativeHMACKey
+RSAKey: CryptographyRSAKey | BackendRSAKey | None
+ECKey: CryptographyECKey | ECDSAECKey
+get_random_bytes: Callable[[int], bytes]

stubs/python-jose/jose/backends/_asn1.pyi

@@ -0,0 +1,21 @@
+from typing import Any
+
+# Enable when pyasn1 gets stubs:
+# from pyasn1.type import univ
+Sequence = Any
+
+RSA_ENCRYPTION_ASN1_OID: str
+
+class RsaAlgorithmIdentifier(Sequence):
+    componentType: Any
+
+class PKCS8PrivateKey(Sequence):
+    componentType: Any
+
+class PublicKeyInfo(Sequence):
+    componentType: Any
+
+def rsa_private_key_pkcs8_to_pkcs1(pkcs8_key): ...
+def rsa_private_key_pkcs1_to_pkcs8(pkcs1_key): ...
+def rsa_public_key_pkcs1_to_pkcs8(pkcs1_key): ...
+def rsa_public_key_pkcs8_to_pkcs1(pkcs8_key): ...

stubs/python-jose/jose/backends/base.pyi

@@ -0,0 +1,17 @@
+from typing import Any
+
+class Key:
+    def __init__(self, key, algorithm) -> None: ...
+    def sign(self, msg) -> None: ...
+    def verify(self, msg, sig) -> None: ...
+    def public_key(self) -> None: ...
+    def to_pem(self) -> None: ...
+    def to_dict(self) -> None: ...
+    def encrypt(self, plain_text, aad: Any | None = ...) -> None: ...
+    def decrypt(self, cipher_text, iv: Any | None = ..., aad: Any | None = ..., tag: Any | None = ...) -> None: ...
+    def wrap_key(self, key_data) -> None: ...
+    def unwrap_key(self, wrapped_key) -> None: ...
+
+class DIRKey(Key):
+    def __init__(self, key_data, algorithm) -> None: ...
+    def to_dict(self): ...

stubs/python-jose/jose/backends/cryptography_backend.pyi

@@ -0,0 +1,66 @@
+from typing import Any
+
+from .base import Key as Key
+
+def decode_dss_signature(signature: bytes) -> tuple[int, int]: ...
+def encode_dss_signature(r: int, s: int) -> bytes: ...
+def get_random_bytes(num_bytes): ...
+
+class CryptographyECKey(Key):
+    SHA256: Any
+    SHA384: Any
+    SHA512: Any
+    hash_alg: Any
+    cryptography_backend: Any
+    prepared_key: Any
+    def __init__(self, key, algorithm, cryptography_backend=...) -> None: ...
+    def sign(self, msg): ...
+    def verify(self, msg, sig): ...
+    def is_public(self): ...
+    def public_key(self): ...
+    def to_pem(self): ...
+    def to_dict(self): ...
+
+class CryptographyRSAKey(Key):
+    SHA256: Any
+    SHA384: Any
+    SHA512: Any
+    RSA1_5: Any
+    RSA_OAEP: Any
+    RSA_OAEP_256: Any
+    hash_alg: Any
+    padding: Any
+    cryptography_backend: Any
+    prepared_key: Any
+    def __init__(self, key, algorithm, cryptography_backend=...) -> None: ...
+    def sign(self, msg): ...
+    def verify(self, msg, sig): ...
+    def is_public(self): ...
+    def public_key(self): ...
+    def to_pem(self, pem_format: str = ...): ...
+    def to_dict(self): ...
+    def wrap_key(self, key_data): ...
+    def unwrap_key(self, wrapped_key): ...
+
+class CryptographyAESKey(Key):
+    KEY_128: Any
+    KEY_192: Any
+    KEY_256: Any
+    KEY_384: Any
+    KEY_512: Any
+    AES_KW_ALGS: Any
+    MODES: Any
+    def __init__(self, key, algorithm) -> None: ...
+    def to_dict(self): ...
+    def encrypt(self, plain_text, aad: Any | None = ...): ...
+    def decrypt(self, cipher_text, iv: Any | None = ..., aad: Any | None = ..., tag: Any | None = ...): ...
+    def wrap_key(self, key_data): ...
+    def unwrap_key(self, wrapped_key): ...
+
+class CryptographyHMACKey(Key):
+    ALG_MAP: Any
+    prepared_key: Any
+    def __init__(self, key, algorithm) -> None: ...
+    def to_dict(self): ...
+    def sign(self, msg): ...
+    def verify(self, msg, sig): ...

stubs/python-jose/jose/backends/ecdsa_backend.pyi

@@ -0,0 +1,20 @@
+from typing import Any
+
+from .base import Key as Key
+
+class ECDSAECKey(Key):
+    SHA256: Any
+    SHA384: Any
+    SHA512: Any
+    CURVE_MAP: Any
+    CURVE_NAMES: Any
+    hash_alg: Any
+    curve: Any
+    prepared_key: Any
+    def __init__(self, key, algorithm) -> None: ...
+    def sign(self, msg): ...
+    def verify(self, msg, sig): ...
+    def is_public(self): ...
+    def public_key(self): ...
+    def to_pem(self): ...
+    def to_dict(self): ...

stubs/python-jose/jose/backends/native.pyi

@@ -0,0 +1,13 @@
+from typing import Any
+
+from .base import Key as Key
+
+def get_random_bytes(num_bytes): ...
+
+class HMACKey(Key):
+    HASHES: Any
+    prepared_key: Any
+    def __init__(self, key, algorithm) -> None: ...
+    def sign(self, msg): ...
+    def verify(self, msg, sig): ...
+    def to_dict(self): ...

stubs/python-jose/jose/backends/rsa_backend.pyi

@@ -0,0 +1,24 @@
+from typing import Any
+
+from .base import Key as Key
+
+LEGACY_INVALID_PKCS8_RSA_HEADER: Any
+ASN1_SEQUENCE_ID: Any
+RSA_ENCRYPTION_ASN1_OID: str
+
+def pem_to_spki(pem, fmt: str = ...): ...
+
+class RSAKey(Key):
+    SHA256: str
+    SHA384: str
+    SHA512: str
+    hash_alg: Any
+    def __init__(self, key, algorithm) -> None: ...
+    def sign(self, msg): ...
+    def verify(self, msg, sig): ...
+    def is_public(self): ...
+    def public_key(self): ...
+    def to_pem(self, pem_format: str = ...): ...
+    def to_dict(self): ...
+    def wrap_key(self, key_data): ...
+    def unwrap_key(self, wrapped_key): ...

stubs/python-jose/jose/constants.pyi

@@ -0,0 +1,69 @@
+from typing import Any
+
+class Algorithms:
+    NONE: str
+    HS256: str
+    HS384: str
+    HS512: str
+    RS256: str
+    RS384: str
+    RS512: str
+    ES256: str
+    ES384: str
+    ES512: str
+    A128CBC_HS256: str
+    A192CBC_HS384: str
+    A256CBC_HS512: str
+    A128GCM: str
+    A192GCM: str
+    A256GCM: str
+    A128CBC: str
+    A192CBC: str
+    A256CBC: str
+    DIR: str
+    RSA1_5: str
+    RSA_OAEP: str
+    RSA_OAEP_256: str
+    A128KW: str
+    A192KW: str
+    A256KW: str
+    ECDH_ES: str
+    ECDH_ES_A128KW: str
+    ECDH_ES_A192KW: str
+    ECDH_ES_A256KW: str
+    A128GCMKW: str
+    A192GCMKW: str
+    A256GCMKW: str
+    PBES2_HS256_A128KW: str
+    PBES2_HS384_A192KW: str
+    PBES2_HS512_A256KW: str
+    DEF: str
+    HMAC: set[str]
+    RSA_DS: set[str]
+    RSA_KW: set[str]
+    RSA: set[str]
+    EC_DS: set[str]
+    EC_KW: set[str]
+    EC: set[str]
+    AES_PSEUDO: set[str]
+    AES_JWE_ENC: set[str]
+    AES_ENC: set[str]
+    AES_KW: set[str]
+    AEC_GCM_KW: set[str]
+    AES: set[str]
+    PBES2_KW: set[str]
+    HMAC_AUTH_TAG: set[str]
+    GCM: set[str]
+    SUPPORTED: set[str]
+    ALL: set[str]
+    HASHES: Any
+    KEYS: Any
+
+ALGORITHMS: Any
+
+class Zips:
+    DEF: str
+    NONE: Any
+    SUPPORTED: Any
+
+ZIPS: Any

stubs/python-jose/jose/exceptions.pyi

@@ -0,0 +1,12 @@
+class JOSEError(Exception): ...
+class JWSError(JOSEError): ...
+class JWSSignatureError(JWSError): ...
+class JWSAlgorithmError(JWSError): ...
+class JWTError(JOSEError): ...
+class JWTClaimsError(JWTError): ...
+class ExpiredSignatureError(JWTError): ...
+class JWKError(JOSEError): ...
+class JWEError(JOSEError): ...
+class JWEParseError(JWEError): ...
+class JWEInvalidAuth(JWEError): ...
+class JWEAlgorithmUnsupportedError(JWEError): ...

stubs/python-jose/jose/jwe.pyi

@@ -0,0 +1,13 @@
+from typing import Any
+
+def encrypt(
+    plaintext: Any,
+    key: dict[str, str],
+    encryption=...,
+    algorithm=...,
+    zip: Any | None = ...,
+    cty: Any | None = ...,
+    kid: Any | None = ...,
+): ...
+def decrypt(jwe_str: str, key: str | dict[str, str]): ...
+def get_unverified_header(jwe_str: str): ...

stubs/python-jose/jose/jwk.pyi

@@ -0,0 +1,7 @@
+from typing import Any
+
+from .backends.base import Key as Key
+
+def get_key(algorithm): ...
+def register_key(algorithm, key_class: Key): ...
+def construct(key_data, algorithm: Any | None = ...): ...

stubs/python-jose/jose/jws.pyi

@@ -0,0 +1,7 @@
+from typing import Any
+
+def sign(payload, key, headers: Any | None = ..., algorithm=...): ...
+def verify(token, key, algorithms, verify: bool = ...): ...
+def get_unverified_header(token): ...
+def get_unverified_headers(token): ...
+def get_unverified_claims(token): ...

stubs/python-jose/jose/jwt.pyi

@@ -0,0 +1,16 @@
+from typing import Any
+
+def encode(claims, key, algorithm=..., headers: Any | None = ..., access_token: Any | None = ...): ...
+def decode(
+    token,
+    key,
+    algorithms: Any | None = ...,
+    options: Any | None = ...,
+    audience: Any | None = ...,
+    issuer: Any | None = ...,
+    subject: Any | None = ...,
+    access_token: Any | None = ...,
+): ...
+def get_unverified_header(token): ...
+def get_unverified_headers(token): ...
+def get_unverified_claims(token): ...

stubs/python-jose/jose/utils.pyi

@@ -0,0 +1,9 @@
+def long_to_bytes(n, blocksize: int = ...): ...
+def long_to_base64(data, size: int = ...): ...
+def int_arr_to_long(arr): ...
+def base64_to_long(data): ...
+def calculate_at_hash(access_token, hash_alg): ...
+def base64url_decode(input): ...
+def base64url_encode(input): ...
+def timedelta_total_seconds(delta): ...
+def ensure_binary(s): ...