a b@sddlZddlZddlZddlZddlZddlmZddlmZddl m Z m Z ddl m Z mZmZddlmZGdddeZd ZGd d d ZGd d d ZdS)N)utils)InvalidSignature)hashespadding)Cipher algorithmsmodes)HMACc@s eZdZdS) InvalidTokenN)__name__ __module__ __qualname__rr:/tmp/pip-target-98j97qn4/lib/python/cryptography/fernet.pyr sr <c@seZdZd!ejeefejdddZe edddZ eedd d Z ee ed d d Z ee eedddZd"eeje edddZee e edddZee dddZeeeje efdddZeddddZee ejeje e feddd ZdS)#FernetN)keybackendc Cstzt|}Wn0tjy>}ztd|WYd}~n d}~00t|dkrTtd|dd|_|dd|_dS)Nz4Fernet key must be 32 url-safe base64-encoded bytes. )base64urlsafe_b64decodebinasciiError ValueErrorlen _signing_key_encryption_key)selfrrexcrrr__init__s zFernet.__init__)returncCsttdS)Nr)rurlsafe_b64encodeosurandom)clsrrr generate_key.szFernet.generate_key)datar!cCs||ttSNencrypt_at_timeinttime)rr'rrrencrypt2szFernet.encrypt)r' current_timer!cCstd}||||S)Nr)r#r$_encrypt_from_parts)rr'r.ivrrrr*5s zFernet.encrypt_at_time)r'r.r0r!c Cstd|ttjj}||| }t t|j t |}||| }d|jddd||}t|jt} | || } t|| S)Nr'big)length byteorder)r _check_bytesrPKCS7rAES block_sizepadderupdatefinalizerrrCBC encryptorto_bytesr rrSHA256rr") rr'r.r0r:Z padded_datar> ciphertextZ basic_partshhmacrrrr/9s(    zFernet._encrypt_from_parts)tokenttlr!cCs:t|\}}|durd}n|ttf}||||Sr()r_get_unverified_token_datar+r, _decrypt_data)rrDrE timestampr' time_inforrrdecryptRs zFernet.decrypt)rDrEr.r!cCs0|durtdt|\}}|||||fS)Nz6decrypt_at_time() can only be used with a non-None ttl)rrrFrG)rrDrEr.rHr'rrrdecrypt_at_timeZs zFernet.decrypt_at_time)rDr!cCst|\}}|||Sr()rrF_verify_signature)rrDrHr'rrrextract_timestampds zFernet.extract_timestampc Csztd|zt|}Wnttjfy6tYn0|rH|ddkrLtt|dkr\tt j |dddd}||fS)NrDr r3)r5) rr6rr TypeErrorrrr rr+ from_bytes)rDr'rHrrrrFjs   z!Fernet._get_unverified_token_datacCsTt|jt}||ddz||ddWntyNtYn0dS)N)r rrr@r;verifyrr )rr'rBrrrrL{s  zFernet._verify_signature)r'rHrIr!c Cs|dur0|\}}|||kr t|t|kr0t|||dd}|dd}tt|jt| }| |} z| | 7} Wnt ytYn0t tjj} | | } z| | 7} Wnt ytYn0| S)NrOrS)r _MAX_CLOCK_SKEWrLrrr8rrr= decryptorr;r<rrr7r9unpadder) rr'rHrIrEr.r0rArWZplaintext_paddedrXZunpaddedrrrrGs0           zFernet._decrypt_data)N)N)r r r typingUnionbytesstrAnyr classmethodr&r-r+r*r/OptionalrJrKrM staticmethodTuplerFrLrGrrrrrs2      rc@seZdZejedddZeedddZee eddd Z eedd d Z deej e ed ddZ ee e edddZd S) MultiFernet)fernetscCst|}|std||_dS)Nz1MultiFernet requires at least one Fernet instance)listr_fernets)rrcrrrr s zMultiFernet.__init__)msgr!cCs||ttSr(r))rrfrrrr-szMultiFernet.encrypt)rfr.r!cCs|jd||S)Nr)rer*)rrfr.rrrr*szMultiFernet.encrypt_at_timec Csht|\}}|jD]0}z|||d}WqJWqtyBYq0qttd}|jd|||S)Nrr)rrFrerGr r#r$r/)rrfrHr'fpr0rrrrotates    zMultiFernet.rotateN)rfrEr!c Cs:|jD]*}z|||WSty.Yq0qtdSr()rerJr )rrfrErgrrrrJs   zMultiFernet.decrypt)rfrEr.r!c Cs<|jD],}z||||WSty0Yq0qtdSr()rerKr )rrfrEr.rgrrrrKs   zMultiFernet.decrypt_at_time)N)r r r rYIterablerr r[r-r+r*rir_rJrKrrrrrbs rb)rrr#r,rYZ cryptographyrZcryptography.exceptionsrZcryptography.hazmat.primitivesrrZ&cryptography.hazmat.primitives.ciphersrrrZ#cryptography.hazmat.primitives.hmacr Exceptionr rVrrbrrrrs