B QUc@sddlZddlZddlZddlZddlZddlmZddlmZddl m Z m Z ddl m Z mZmZddlmZGdddeZd ZGd d d ZGd d d ZdS)N)utils)InvalidSignature)hashespadding)Cipher algorithmsmodes)HMACc@s eZdZdS) InvalidTokenN)__name__ __module__ __qualname__rr2lib/python3.7/site-packages/cryptography/fernet.pyr sr <c@s*eZdZd!ejeefejdddZe edddZ eedd d Z ee ed d d Z ee eedddZd"ejeefeje edddZejeefe e edddZejeefe dddZeejeefeje efdddZeddddZee ejeje e feddd ZdS)#FernetN)keybackendc Csryt|}Wn.tjk r<}ztd|Wdd}~XYnXt|dkrRtd|dd|_|dd|_dS)Nz4Fernet key must be 32 url-safe base64-encoded bytes. )base64urlsafe_b64decodebinasciiError ValueErrorlen _signing_key_encryption_key)selfrrexcrrr__init__s zFernet.__init__)returncCsttdS)Nr)rurlsafe_b64encodeosurandom)clsrrr generate_key.szFernet.generate_key)datar!cCs||ttS)N)encrypt_at_timeinttime)rr'rrrencrypt2szFernet.encrypt)r' current_timer!cCstd}||||S)Nr)r#r$_encrypt_from_parts)rr'r,ivrrrr(5s zFernet.encrypt_at_time)r'r,r.r!c Cstd|ttjj}||| }t t|j t |}||| }d|jddd||}t|jt} | || } t|| S)Nr'big)length byteorder)r _check_bytesrPKCS7rAES block_sizepadderupdatefinalizerrrCBC encryptorto_bytesr rrSHA256rr") rr'r,r.r8Z padded_datar< ciphertextZ basic_partshZhmacrrrr-9s   zFernet._encrypt_from_parts)tokenttlr!cCs:t|\}}|dkrd}n|ttf}||||S)N)r_get_unverified_token_datar)r* _decrypt_data)rrArB timestampr' time_inforrrdecryptRs zFernet.decrypt)rArBr,r!cCs0|dkrtdt|\}}|||||fS)Nz6decrypt_at_time() can only be used with a non-None ttl)rrrCrD)rrArBr,rEr'rrrdecrypt_at_time\s zFernet.decrypt_at_time)rAr!cCst|\}}|||S)N)rrC_verify_signature)rrArEr'rrrextract_timestampfs zFernet.extract_timestampc Cst|ttfstdyt|}Wnttjfk rBtYnX|rT|ddkrXtt |dkrhtt j |dddd}||fS)Nztoken must be bytes or strr r1)r3) isinstancestrbytes TypeErrorrrrrr rr) from_bytes)rAr'rErrrrCls  z!Fernet._get_unverified_token_datacCsVt|jt}||ddy||ddWntk rPtYnXdS)Ni)r rrr>r9Zverifyrr )rr'r@rrrrIs zFernet._verify_signature)r'rErFr!c Cs|dk r0|\}}|||kr t|t|kr0t|||dd}|dd}tt|jt| }| |} y| | 7} Wnt k rtYnXt tjj} | | } y| | 7} Wnt k rtYnX| S)NrLi)r _MAX_CLOCK_SKEWrIrrr6rrr; decryptorr9r:rrr5r7unpadder) rr'rErFrBr,r.r?rUZplaintext_paddedrVZunpaddedrrrrDs.         zFernet._decrypt_data)N)N)r r r typingUnionrPrOZAnyr classmethodr&r+r)r(r-OptionalrGrHrJ staticmethodZTuplerCrIrDrrrrrs(   rc@seZdZejedddZeedddZee eddd Z ej ee fedd d Z dej ee feje ed ddZej ee fe e edddZd S) MultiFernet)fernetscCst|}|std||_dS)Nz1MultiFernet requires at least one Fernet instance)listr_fernets)rr]rrrr s zMultiFernet.__init__)msgr!cCs||ttS)N)r(r)r*)rr`rrrr+szMultiFernet.encrypt)r`r,r!cCs|jd||S)Nr)r_r()rr`r,rrrr(szMultiFernet.encrypt_at_timec Csjt|\}}x<|jD].}y|||d}PWqtk rBYqXqWttd}|jd|||S)Nrr)rrCr_rDr r#r$r-)rr`rEr'fpr.rrrrotates   zMultiFernet.rotateN)r`rBr!c Cs:x0|jD]&}y |||Stk r,YqXqWtdS)N)r_rGr )rr`rBrarrrrGs    zMultiFernet.decrypt)r`rBr,r!c Cs<x2|jD](}y||||Stk r.YqXqWtdS)N)r_rHr )rr`rBr,rarrrrHs   zMultiFernet.decrypt_at_time)N)r r r rWIterablerr rPr+r)r(rXrOrcrZrGrHrrrrr\s r\)rrr#r*rWZ cryptographyrZcryptography.exceptionsrZcryptography.hazmat.primitivesrrZ&cryptography.hazmat.primitives.ciphersrrrZ#cryptography.hazmat.primitives.hmacr Exceptionr rTrr\rrrrs