U ڲg@sddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z m Z ddlmZmZmZddlmZGdd d eZd ZGd d d ZGd ddZdS)) annotationsN)utils)InvalidSignature)hashespadding)Cipher algorithmsmodes)HMACc@s eZdZdS) InvalidTokenN)__name__ __module__ __qualname__rr7/tmp/pip-unpacked-wheel-orgc96xl/cryptography/fernet.pyr sr <c@seZdZd)ddddddZedd d d Zddd d dZddddddZdddddddZd*ddddddZ dddddddZ dddddZ e dd dd!d"Z ddd d#d$Zddd%dd&d'd(ZdS)+FernetN bytes | strz typing.AnyNone)keybackendreturnc Csrzt|}Wn.tjk r<}ztd|W5d}~XYnXt|dkrRtd|dd|_|dd|_dS)Nz4Fernet key must be 32 url-safe base64-encoded bytes. )base64urlsafe_b64decodebinasciiError ValueErrorlen _signing_key_encryption_key)selfrrexcrrr__init__s zFernet.__init__bytes)rcCsttdS)Nr)rurlsafe_b64encodeosurandom)clsrrr generate_key/szFernet.generate_key)datarcCs||ttSNencrypt_at_timeinttime)r"r+rrrencrypt3szFernet.encryptr/)r+ current_timercCstd}||||S)Nr)r'r(_encrypt_from_parts)r"r+r2ivrrrr.6s zFernet.encrypt_at_time)r+r2r4rc Cstd|ttjj}||| }t t|j t |}||| }d|jddd||}t|jt} | || } t|| S)Nr+big)length byteorder)r _check_bytesrPKCS7rAES block_sizepadderupdatefinalizerr!r CBC encryptorto_bytesr r rSHA256rr&) r"r+r2r4r>Z padded_datarB ciphertextZ basic_partshhmacrrrr3:s(    zFernet._encrypt_from_parts int | None)tokenttlrcCs:t|\}}|dkrd}n|ttf}||||Sr,)r_get_unverified_token_datar/r0 _decrypt_data)r"rIrJ timestampr+ time_inforrrdecryptSs zFernet.decrypt)rIrJr2rcCs0|dkrtdt|\}}|||||fS)Nz6decrypt_at_time() can only be used with a non-None ttl)rrrKrL)r"rIrJr2rMr+rrrdecrypt_at_time[s zFernet.decrypt_at_time)rIrcCst|\}}|||Sr,)rrK_verify_signature)r"rIrMr+rrrextract_timestampes zFernet.extract_timestampztuple[int, bytes]c Cst|ttfstdzt|}Wnttjfk rBtYnX|rT|ddkrXtt |dkrhtt j |dddd}||fS)Nztoken must be bytes or strr r7)r9) isinstancestrr% TypeErrorrrrrr rr/ from_bytes)rIr+rMrrrrKks  z!Fernet._get_unverified_token_datacCsVt|jt}||ddz||ddWntk rPtYnXdS)N)r r rrDr?verifyrr )r"r+rFrrrrQ~s zFernet._verify_signatureztuple[int, int] | None)r+rMrNrc Cs|dk r0|\}}|||kr t|t|kr0t|||dd}|dd}tt|jt| }| |} z| | 7} Wnt k rtYnXt tjj} | | } z| | 7} Wnt k rtYnX| S)NrTrZ)r _MAX_CLOCK_SKEWrQrrr<r!r rA decryptorr?r@rrr;r=unpadder) r"r+rMrNrJr2r4rEr^Zplaintext_paddedr_ZunpaddedrrrrLs2          zFernet._decrypt_data)N)N)r r rr$ classmethodr*r1r.r3rOrPrR staticmethodrKrQrLrrrrrs rc@seZdZddddZdddddZdd dd d d Zd ddddZdd dddddZd d d ddddZd d dddZ dS) MultiFernetztyping.Iterable[Fernet])fernetscCst|}|std||_dS)Nz1MultiFernet requires at least one Fernet instance)listr_fernets)r"rcrrrr$s zMultiFernet.__init__r%)msgrcCs||ttSr,r-)r"rfrrrr1szMultiFernet.encryptr/)rfr2rcCs|jd||S)Nr)rer.)r"rfr2rrrr.szMultiFernet.encrypt_at_timerc Csjt|\}}|jD]2}z|||d}WqLWqtk rDYqXqttd}|jd|||S)Nrr)rrKrerLr r'r(r3)r"rfrMr+fpr4rrrrotates   zMultiFernet.rotateNrH)rfrJrc Cs<|jD],}z|||WStk r0YqXqtdSr,)rerOr )r"rfrJrgrrrrOs  zMultiFernet.decrypt)rfrJr2rc Cs>|jD].}z||||WStk r2YqXqtdSr,)rerPr )r"rfrJr2rgrrrrPs  zMultiFernet.decrypt_at_timec Cs:|jD]*}z||WStk r.YqXqtdSr,)rerRr )r"rfrgrrrrRs  zMultiFernet.extract_timestamp)N) r r rr$r1r.rirOrPrRrrrrrbs rb) __future__rrrr'r0typingZ cryptographyrZcryptography.exceptionsrZcryptography.hazmat.primitivesrrZ&cryptography.hazmat.primitives.ciphersrrr Z#cryptography.hazmat.primitives.hmacr Exceptionr r]rrbrrrrs