B -[@sddlZddlZddlmZddlmZddlmZddlmZddlmZddl m Z Gd d d e Z Gd d d e Z Gd dde ZGddde ZdS)N)constant_time_compare)_base64_alphabet) base64_decode) base64_encode) want_bytes) BadSignaturec@s eZdZdZddZddZdS)SigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. cCs tdS)z2Returns the signature for the given key and value.N)NotImplementedError)selfkeyvaluer2lib/python3.7/site-packages/itsdangerous/signer.py get_signatureszSigningAlgorithm.get_signaturecCst||||S)zMVerifies the given signature matches the expected signature. )rr)r r r sigrrrverify_signaturesz!SigningAlgorithm.verify_signatureN)__name__ __module__ __qualname____doc__rrrrrrr sr c@seZdZdZddZdS) NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. cCsdS)Nr)r r r rrrr!szNoneAlgorithm.get_signatureN)rrrrrrrrrrsrc@s,eZdZdZeejZdddZddZ dS) HMACAlgorithmz*Provides signature generation using HMACs.NcCs|dkr|j}||_dS)N)default_digest_method digest_method)r rrrr__init__-szHMACAlgorithm.__init__cCstj|||jd}|S)N)msg digestmod)hmacnewrdigest)r r r macrrrr2szHMACAlgorithm.get_signature)N) rrrr staticmethodhashlibsha1rrrrrrrr%s  rc@sXeZdZdZeejZdZdddZ ddZ d d Z d d Z d dZ ddZddZdS)SigneraThis class can sign and unsign bytes, validating the signature provided. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application where the same signed value in one part can mean something different in another part is a security risk. See :ref:`the-salt` for an example of what the salt is doing and how you can utilize it. .. versionadded:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. .. versionadded:: 0.18 ``algorithm`` was added as an argument to the class constructor. z django-concatN.cCs|t||_t||_|jtkr&td|dkr2dn||_|dkrF|j}||_|dkrZ|j}||_ |dkrrt |j }||_ dS)NzThe given separator cannot be used because it may be contained in the signature itself. Alphanumeric characters and `-_=` must not be used.zitsdangerous.Signer) r secret_keysepr ValueErrorsaltdefault_key_derivationkey_derivationrrr algorithm)r r(r+r)r-rr.rrrr[s    zSigner.__init__cCst|j}|jdkr(|||jS|jdkrJ||d|jS|jdkrxtj|j|jd}|||S|jdkr|jSt ddS) a+This method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. concatz django-concatssignerr)rZnonezUnknown key derivation methodN) rr+r-rr(r!rr update TypeError)r r+r"rrr derive_keyws      zSigner.derive_keycCs&t|}|}|j||}t|S)z*Returns the signature for the given value.)rr2r.rr)r r r rrrrrszSigner.get_signaturecCst|t|j||S)zSigns the given string.)rr)r)r r rrrsignsz Signer.signcCs:|}y t|}Wntk r(dSX|j|||S)z+Verifies the signature for the given value.F)r2r Exceptionr.r)r r rr rrrrs  zSigner.verify_signaturecCs\t|}t|j}||kr(td|j||d\}}|||rH|Std||ddS)zUnsigns the given string.zNo %r found in valuerzSignature %r does not match)ZpayloadN)rr)rrsplitr)r signed_valuer)r rrrrunsigns  z Signer.unsigncCs(y||dStk r"dSXdS)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TFN)r7r)r r6rrrvalidates  zSigner.validate)Nr'NNN)rrrrr#r$r%rr,rr2rr3rr7r8rrrrr&7s    r&)r$rZ_compatrencodingrrrrexcrobjectr rrr&rrrrs