o )%a@sddlZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z mZddlmZmZmZddlmZGdd d eZd ZGd d d eZGd ddeZdS)N)utils)InvalidSignature) _get_backend)hashespadding)Cipher algorithmsmodes)HMACc@s eZdZdS) InvalidTokenN)__name__ __module__ __qualname__rr5/usr/lib/python3/dist-packages/cryptography/fernet.pyr sr <c @seZdZd!defddZedefddZdedefd d Zded edefd d Z ded ededefddZ d!dede j edefddZ deded edefddZdedefddZedede jeeffddZdeddfddZdedede j e jeefdefdd ZdS)"FernetNkeycCsLt|}t|}t|dkrtd|dd|_|dd|_||_dS)N z4Fernet key must be 32 url-safe base64-encoded bytes.)rbase64urlsafe_b64decodelen ValueError _signing_key_encryption_key_backend)selfrbackendrrr__init__s   zFernet.__init__returncCsttdS)Nr)rurlsafe_b64encodeosurandom)clsrrr generate_key*szFernet.generate_keydatacC||ttSNencrypt_at_timeinttime)rr&rrrencrypt.zFernet.encrypt current_timecCstd}||||S)Nr)r"r#_encrypt_from_parts)rr&r/ivrrrr*1s zFernet.encrypt_at_timer1c Cstd|ttjj}||| }t t|j t ||j}||| }dtd|||}t|jt|jd} | || } t|| S)Nr&>Qr)r _check_bytesrPKCS7rAES block_sizepadderupdatefinalizerrr CBCr encryptorstructpackr rrSHA256rr!) rr&r/r1r9 padded_datar= ciphertext basic_partshhmacrrrr05s  zFernet._encrypt_from_partstokenttlcCs:t|\}}|durd}n|ttf}||||Sr()r_get_unverified_token_datar+r, _decrypt_data)rrFrG timestampr& time_inforrrdecryptJs zFernet.decryptcCs0|durtdt|\}}|||||fS)Nz6decrypt_at_time() can only be used with a non-None ttl)rrrHrI)rrFrGr/rJr&rrrdecrypt_at_timeRs zFernet.decrypt_at_timecCst|\}}|||Sr()rrH_verify_signature)rrFrJr&rrrextract_timestamp\s zFernet.extract_timestampc Cs~td|zt|}Wn ttjfytw|r"|ddkr$tzt d|dd\}W||fStj y>tw)NrFrr3 ) rr5rr TypeErrorbinasciiErrorr r>unpackerror)rFr&rJrrrrHbs z!Fernet._get_unverified_token_datacCsTt|jt|jd}||ddz ||ddWdSty)tw)Nr4) r rrr@rr:verifyrr )rr&rDrrrrNss zFernet._verify_signaturerJrKc Cs|dur|\}}|||krt|t|krt|||dd}|dd}tt|jt||j  }| |} z| | 7} Wn t yOtwttjj} | | } z | | 7} W| St yptw)NrRrX)r _MAX_CLOCK_SKEWrNrrr7rr r<r decryptorr:r;rrr6r8unpadder) rr&rJrKrGr/r1rBr\plaintext_paddedr]unpaddedrrrrI{s8         zFernet._decrypt_datar()r r rbytesr classmethodr%r-r+r*r0typingOptionalrLrMrO staticmethodTuplerHrNrIrrrrrsL    rc@seZdZdejefddZdedefddZdede defd d Z dedefd d Z ddedej e defddZ dede de defddZd S) MultiFernetfernetscCst|}|s td||_dS)Nz1MultiFernet requires at least one Fernet instance)listr_fernets)rrgrrrrs  zMultiFernet.__init__msgr cCr'r(r))rrjrrrr-r.zMultiFernet.encryptr/cCs|jd||S)Nr)rir*)rrjr/rrrr*szMultiFernet.encrypt_at_timec Csbt|\}}|jD]}z |||d}Wn tyYq wttd}|jd|||S)Nrr)rrHrirIr r"r#r0)rrjrJr&fpr1rrrrotates   zMultiFernet.rotateNrGc Cs4|jD]}z |||WStyYqwtr()rirLr )rrjrGrkrrrrLs  zMultiFernet.decryptc Cs6|jD]}z ||||WStyYqwtr()rirMr )rrjrGr/rkrrrrMs  zMultiFernet.decrypt_at_timer()r r rrbIterablerrr`r-r+r*rmrcrLrMrrrrrfsrf)rrTr"r>r,rb cryptographyrcryptography.exceptionsrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr&cryptography.hazmat.primitives.ciphersrrr #cryptography.hazmat.primitives.hmacr Exceptionr r[objectrrfrrrrs"