3 l_\@sddlmZmZmZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z ddlmZddlmZmZddlmZmZmZddlmZGd d d eZd ZGd d d eZGdddeZdS))absolute_importdivisionprint_functionN)utils)InvalidSignature) _get_backend)hashespadding)Cipher algorithmsmodes)HMACc@s eZdZdS) InvalidTokenN)__name__ __module__ __qualname__rr/usr/lib64/python3.6/fernet.pyrsr<c@speZdZdddZeddZddZdd Zd d Zdd d Z ddZ ddZ e ddZ ddZddZdS)FernetNcCsLt|}tj|}t|dkr&td|dd|_|dd|_||_dS)N z4Fernet key must be 32 url-safe base64-encoded bytes.)rbase64urlsafe_b64decodelen ValueError _signing_key_encryption_key_backend)selfkeybackendrrr__init__s  zFernet.__init__cCstjtjdS)Nr)rurlsafe_b64encodeosurandom)clsrrr generate_key,szFernet.generate_keycCs|j|ttjS)N)encrypt_at_timeinttime)rdatarrrencrypt0szFernet.encryptcCstjd}|j|||S)Nr)r$r%_encrypt_from_parts)rr+ current_timeivrrrr(3s zFernet.encrypt_at_timec Cstjd|tjtjjj}|j||j }t tj|j t j ||jj}|j||j }dtjd|||}t|jtj|jd} | j|| j } tj|| S)Nr+z>Q)r!)r _check_bytesr PKCS7r AES block_sizepadderupdatefinalizer rr CBCr encryptorstructpackr rrSHA256rr#) rr+r.r/r5Z padded_datar9 ciphertextZ basic_partshZhmacrrrr-7s  zFernet._encrypt_from_partscCs&tj|\}}|j|||ttjS)N)r_get_unverified_token_data _decrypt_datar)r*)rtokenttl timestampr+rrrdecryptJszFernet.decryptcCs.|dkrtdtj|\}}|j||||S)Nz6decrypt_at_time() can only be used with a non-None ttl)rrr?r@)rrArBr.rCr+rrrdecrypt_at_timeNs zFernet.decrypt_at_timecCstj|\}}|j||S)N)rr?_verify_signature)rrArCr+rrrextract_timestampVs zFernet.extract_timestampcCstjd|ytj|}Wnttjfk r8tYnX| sPtj |ddkrTtyt j d|dd\}Wnt j k rtYnX||fS)NrArz>Q ) rr1rr TypeErrorbinasciiErrorrsixZ indexbytesr:unpackerror)rAr+rCrrrr?\s   z!Fernet._get_unverified_token_datac Cs\t|jtj|jd}|j|ddy|j|ddWntk rVtYnXdS)N)r!rii) r rrr<rr6Zverifyrr)rr+r>rrrrFms zFernet._verify_signaturec Cs|dk r(|||krt|t|kr(t|j||dd}|dd}ttj|jtj||j j }|j |}y||j 7}Wnt k rtYnXtjtjjj} | j |} y| | j 7} Wnt k rtYnX| S)NrJri)r_MAX_CLOCK_SKEWrFr r r3rr r8r decryptorr6r7rr r2r4unpadder) rr+rCrBr.r/r=rSZplaintext_paddedrTZunpaddedrrrr@us,         zFernet._decrypt_data)N)N)rrrr" classmethodr'r,r(r-rDrErG staticmethodr?rFr@rrrrrs   rc@s>eZdZddZddZddZddZdd d Zd d Zd S) MultiFernetcCst|}|std||_dS)Nz1MultiFernet requires at least one Fernet instance)listr_fernets)rZfernetsrrrr"s zMultiFernet.__init__cCs|j|ttjS)N)r(r)r*)rmsgrrrr,szMultiFernet.encryptcCs|jdj||S)Nr)rYr()rrZr.rrrr(szMultiFernet.encrypt_at_timec Csltj|\}}x>|jD]0}y|j||dd}PWqtk rDYqXqWttjd}|jdj|||S)Nrr)rr?rYr@rr$r%r-)rrZrCr+fpr/rrrrotates   zMultiFernet.rotateNc Cs:x0|jD]&}y |j||Stk r,YqXqWtdS)N)rYrDr)rrZrBr[rrrrDs    zMultiFernet.decryptc Cs<x2|jD](}y|j|||Stk r.YqXqWtdS)N)rYrEr)rrZrBr.r[rrrrEs   zMultiFernet.decrypt_at_time)N) rrrr"r,r(r]rDrErrrrrWs  rW)Z __future__rrrrrLr$r:r*rNZ cryptographyrZcryptography.exceptionsrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrr Z&cryptography.hazmat.primitives.ciphersr r r Z#cryptography.hazmat.primitives.hmacr ExceptionrrRobjectrrWrrrrs     u