U 'Q^@sddlZddlZddlmZddlmZddlmZddlmZddlmZddl m Z Gd d d e Z Gd d d e Z Gd dde ZGddde ZdS)N)constant_time_compare)_base64_alphabet) base64_decode) base64_encode) want_bytes) BadSignaturec@s eZdZdZddZddZdS)SigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. cCs tdS)z2Returns the signature for the given key and value.N)NotImplementedErrorselfkeyvaluer=/tmp/pip-install-bd4o36v9/itsdangerous/itsdangerous/signer.py get_signatureszSigningAlgorithm.get_signaturecCst||||S)zMVerifies the given signature matches the expected signature. )rr)r r rsigrrrverify_signaturesz!SigningAlgorithm.verify_signatureN)__name__ __module__ __qualname____doc__rrrrrrr sr c@seZdZdZddZdS) NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. cCsdS)Nrr rrrr!szNoneAlgorithm.get_signatureN)rrrrrrrrrrsrc@s,eZdZdZeejZdddZddZ dS) HMACAlgorithmz*Provides signature generation using HMACs.NcCs|dkr|j}||_dS)N)default_digest_method digest_method)r rrrr__init__-szHMACAlgorithm.__init__cCstj|||jd}|S)N)msg digestmod)hmacnewrdigest)r r rmacrrrr2szHMACAlgorithm.get_signature)N) rrrr staticmethodhashlibsha1rrrrrrrr%s  rc@sXeZdZdZeejZdZdddZ ddZ d d Z d d Z d dZ ddZddZdS)SigneraThis class can sign and unsign bytes, validating the signature provided. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application where the same signed value in one part can mean something different in another part is a security risk. See :ref:`the-salt` for an example of what the salt is doing and how you can utilize it. .. versionadded:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. .. versionadded:: 0.18 ``algorithm`` was added as an argument to the class constructor. django-concatN.cCs|t||_t||_|jtkr&td|dkr2dn||_|dkrF|j}||_|dkrZ|j}||_ |dkrrt |j }||_ dS)NzThe given separator cannot be used because it may be contained in the signature itself. Alphanumeric characters and `-_=` must not be used.zitsdangerous.Signer) r secret_keysepr ValueErrorsaltdefault_key_derivationkey_derivationrrr algorithm)r r*r-r+r/rr0rrrr[s    zSigner.__init__cCst|j}|jdkr(|||jS|jdkrJ||d|jS|jdkrxtj|j|jd}|||S|jdkr|jSt ddS) a+This method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. concatr(ssignerr )rnonezUnknown key derivation methodN) rr-r/rr*r"r r!update TypeError)r r-r#rrr derive_keyws      zSigner.derive_keycCs&t|}|}|j||}t|S)z*Returns the signature for the given value.)rr5r0rr)r rr rrrrrszSigner.get_signaturecCst|t|j||S)zSigns the given string.)rr+r)r rrrrsignsz Signer.signcCs<|}z t|}Wntk r*YdSX|j|||S)z+Verifies the signature for the given value.F)r5r Exceptionr0r)r rrr rrrrs  zSigner.verify_signaturecCs\t|}t|j}||kr(td|j||d\}}|||rH|Std||ddS)zUnsigns the given string.zNo %r found in valuerzSignature %r does not match)payloadN)rr+rrsplitr)r signed_valuer+rrrrrunsigns  z Signer.unsigncCs,z||WdStk r&YdSXdS)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TFN)r;r)r r:rrrvalidates  zSigner.validate)Nr)NNN)rrrrr$r%r&rr.rr5rr6rr;r<rrrrr'7s    r')r%r _compatrencodingrrrrexcrobjectr rrr'rrrrs