U 1_{@sddlmZmZmZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z ddlmZddlmZmZddlmZmZmZddlmZGd d d eZd ZGd d d eZGdddeZdS))absolute_importdivisionprint_functionN)utils)InvalidSignature)default_backend)hashespadding)Cipher algorithmsmodes)HMACc@s eZdZdS) InvalidTokenN)__name__ __module__ __qualname__rr7/tmp/pip-unpacked-wheel-yx5s595q/cryptography/fernet.pyrsr<c@speZdZdddZeddZddZdd Zd d Zdd d Z ddZ ddZ e ddZ ddZddZdS)FernetNcCsR|dkrt}t|}t|dkr,td|dd|_|dd|_||_dS)N z4Fernet key must be 32 url-safe base64-encoded bytes.)rbase64urlsafe_b64decodelen ValueError _signing_key_encryption_key_backend)selfkeybackendrrr__init__s  zFernet.__init__cCsttdS)Nr)rurlsafe_b64encodeosurandom)clsrrr generate_key-szFernet.generate_keycCs||ttSNencrypt_at_timeinttime)rdatarrrencrypt1szFernet.encryptcCstd}||||S)Nr)r$r%_encrypt_from_parts)rr- current_timeivrrrr*4s zFernet.encrypt_at_timec Cstd|ttjj}||| }t t|j t ||j}||| }dtd|||}t|jt|jd} | || } t|| S)Nr->Qr!)r _check_bytesr PKCS7r AES block_sizepadderupdatefinalizer rr CBCr encryptorstructpackr rrSHA256rr#) rr-r0r1r9Z padded_datar= ciphertextZ basic_partshhmacrrrr/8s   zFernet._encrypt_from_partscCs&t|\}}||||ttSr()r_get_unverified_token_data _decrypt_datar+r,)rtokenttl timestampr-rrrdecryptKszFernet.decryptcCs.|dkrtdt|\}}|||||S)Nz6decrypt_at_time() can only be used with a non-None ttl)rrrDrE)rrFrGr0rHr-rrrdecrypt_at_timeOs zFernet.decrypt_at_timecCst|\}}|||Sr()rrD_verify_signature)rrFrHr-rrrextract_timestampWs zFernet.extract_timestampc Cstd|zt|}Wnttjfk r8tYnX|rNt |ddkrRtzt d|dd\}Wnt j k rtYnX||fS)NrFrr3 ) rr5rr TypeErrorbinasciiErrorrsix indexbytesr>unpackerror)rFr-rHrrrrD]s   z!Fernet._get_unverified_token_datacCs\t|jt|jd}||ddz||ddWntk rVtYnXdS)Nr4) r rrr@rr:verifyrr)rr-rBrrrrKns zFernet._verify_signaturec Cs|dk r(|||krt|t|kr(t|||dd}|dd}tt|jt||j  }| |}z|| 7}Wnt k rtYnXttjj} | |} z| | 7} Wnt k rtYnX| S)NrOrW)r_MAX_CLOCK_SKEWrKr r r7rr r<r decryptorr:r;rr r6r8unpadder) rr-rHrGr0r1rAr[Zplaintext_paddedr\ZunpaddedrrrrEvs2          zFernet._decrypt_data)N)N)rrrr" classmethodr'r.r*r/rIrJrL staticmethodrDrKrErrrrrs    rc@s>eZdZddZddZddZddZdd d Zd d Zd S) MultiFernetcCst|}|std||_dS)Nz1MultiFernet requires at least one Fernet instance)listr_fernets)rZfernetsrrrr"s zMultiFernet.__init__cCs||ttSr(r))rmsgrrrr.szMultiFernet.encryptcCs|jd||S)Nr)rar*)rrbr0rrrr*szMultiFernet.encrypt_at_timec Cslt|\}}|jD]4}z|||dd}WqNWqtk rFYqXqttd}|jd|||S)Nrr)rrDrarErr$r%r/)rrbrHr-fpr1rrrrotates   zMultiFernet.rotateNc Cs<|jD],}z|||WStk r0YqXqtdSr()rarIr)rrbrGrcrrrrIs  zMultiFernet.decryptc Cs>|jD].}z||||WStk r2YqXqtdSr()rarJr)rrbrGr0rcrrrrJs  zMultiFernet.decrypt_at_time)N) rrrr"r.r*rerIrJrrrrr_s  r_) __future__rrrrrQr$r>r,rSZ cryptographyrZcryptography.exceptionsrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrr Z&cryptography.hazmat.primitives.ciphersr r r Z#cryptography.hazmat.primitives.hmacr ExceptionrrZobjectrr_rrrrs     v