¿«‘_Éã@sÔddlZddlZddlmZddlmZddlmZddlmZddlmZddl m Z Gd d „d e ƒZ Gd d „d e ƒZ Gd d„de ƒZGdd„de ƒZdS)éNé)Úconstant_time_compare)Ú_base64_alphabet)Ú base64_decode)Ú base64_encode)Ú want_bytes)Ú BadSignaturec@s.eZdZdZdd„Zdd„ZdS)ÚSigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. cCs tƒ‚dS)z2Returns the signature for the given key and value.N)ÚNotImplementedError)ÚselfÚkeyÚvalue©rú;/tmp/pip-build-5gj8f0j9/itsdangerous/itsdangerous/signer.pyÚ get_signatureszSigningAlgorithm.get_signaturecCst||j||ƒƒS)zMVerifies the given signature matches the expected signature. )rr)r r r ÚsigrrrÚverify_signaturesz!SigningAlgorithm.verify_signatureN)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrrrrr s  r c@s"eZdZdZdd„ZdS)Ú NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. cCsdS)Nór)r r r rrrr!szNoneAlgorithm.get_signatureN)rrrrrrrrrrs rc@s@eZdZdZeejƒZddd„Zdd„Z dS)Ú HMACAlgorithmz*Provides signature generation using HMACs.NcCs"|dkr|j}||_dS)N)Údefault_digest_methodÚ digest_method)r rrrrÚ__init__-s  zHMACAlgorithm.__init__cCs(tj|d|d|jƒ}|jƒS)NÚmsgÚ digestmod)ÚhmacÚnewrÚdigest)r r r Úmacrrrr2szHMACAlgorithm.get_signature) rrrrÚ staticmethodÚhashlibÚsha1rrrrrrrr%s rc@sŽeZdZdZeejƒZdZddddddd„Z dd„Z d d „Z d d „Z d d„Z dd„Zdd„ZdS)ÚSigneraèThis class can sign and unsign bytes, validating the signature provided. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application where the same signed value in one part can mean something different in another part is a security risk. See :ref:`the-salt` for an example of what the salt is doing and how you can utilize it. .. versionadded:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. .. versionadded:: 0.18 ``algorithm`` was added as an argument to the class constructor. z django-concatNÚ.cCs¸t|ƒ|_t|ƒ|_|jtkr9tdƒ‚|dkrKdn||_|dkri|j}||_|dkr‡|j}||_ |dkr«t |j ƒ}||_ dS)Nz‹The given separator cannot be used because it may be contained in the signature itself. Alphanumeric characters and `-_=` must not be used.zitsdangerous.Signer) rÚ secret_keyÚseprÚ ValueErrorÚsaltÚdefault_key_derivationÚkey_derivationrrrÚ algorithm)r r(r+r)r-rr.rrrr[s         zSigner.__init__cCsÌt|jƒ}|jdkr8|j||jƒjƒS|jdkre|j|d|jƒjƒS|jdkr¦tj|jd|jƒ}|j|ƒ|jƒS|jdkr¼|jSt dƒ‚dS) a+This method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. Úconcatz django-concatssignerrrÚnonezUnknown key derivation methodN) rr+r-rr(r!rr ÚupdateÚ TypeError)r r+r"rrrÚ derive_keyws  zSigner.derive_keycCs7t|ƒ}|jƒ}|jj||ƒ}t|ƒS)z*Returns the signature for the given value.)rr3r.rr)r r r rrrrrŒs  zSigner.get_signaturecCs$t|ƒt|jƒ|j|ƒS)zSigns the given string.)rr)r)r r rrrÚsign“sz Signer.signc CsK|jƒ}yt|ƒ}Wntk r4dSYnX|jj|||ƒS)z+Verifies the signature for the given value.F)r3rÚ Exceptionr.r)r r rr rrrr—s    zSigner.verify_signaturecCs‚t|ƒ}t|jƒ}||kr:td|jƒ‚|j|dƒ\}}|j||ƒrh|Std|d|ƒ‚dS)zUnsigns the given string.zNo %r found in valuerzSignature %r does not matchÚpayloadN)rr)rÚrsplitr)r Ú signed_valuer)r rrrrÚunsign s  z Signer.unsignc Cs2y|j|ƒdSWntk r-dSYnXdS)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TFN)r9r)r r8rrrÚvalidate«s   zSigner.validate)rrrrr#r$r%rr,rr3rr4rr9r:rrrrr&7s     r&)r$rÚ_compatrÚencodingrrrrÚexcrÚobjectr rrr&rrrrÚs