o ӷ6i@s0ddlZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZmZmZmZmZmZddlmZddlmZmZd d lmZmZgd Zd Zed Z ddZ!ddedfddZ"ddedfddZ#GdddZ$Gddde$Z%Gddde$Z&Gddde$Z'dS)N)InvalidSignature)hashes)HMAC)settings) BadSignatureJSONSerializerSignatureExpired b64_decode b64_encodeget_cookie_signer)baseconv) force_bytes force_str)constant_time_compare salted_hmac) rrr r base64_hmacr rdumpsloadsSignerTimestampSigner BytesSigner FernetSigner<z^[A-z0-9-_=]*$cCstt|||SN)r rfinalize)saltvaluekeyre/var/www/hoanhtaovolam_webdjango/env/lib/python3.10/site-packages/django_cryptography/core/signing.pyr-rzdjango.core.signingFc Cs`||}d}|rt|}t|t|dkr|}d}t|}|r'd|}t||d|S)a Returns URL-safe, sha1 signed base64 compressed JSON string. If key is None, settings.SECRET_KEY is used instead. If compress is True (not the default) checks if compressing using zlib can save some space. Prepends a '.' to signify compression. This is included in the signature, to protect against zip bombs. Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application without good cause is a security risk. The serializer is expected to return a bytestring. FT.r)rzlibcompresslenr rsign) objrr serializerr&data is_compressed compressedbase64drrr r1s  rcCs`tt||dj||d}d}|dddkr|dd}d}t|}|r*t|}||S)z} Reverse of dumps(), raises BadSignature if signature fails. The serializer is expected to accept a bytestring. r$)max_ageFNr"r#T)r runsignr r% decompressr)srrr*r/r.r1r+rrr rTs    rc@s.eZdZd ddZddZddZd d ZdS) rN:cCsR|ptj|_t||_t|jrtd|t|p$|jj d|jj |_ dS)NzJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=).) r SECRET_KEYrrsep _SEP_UNSAFEmatch ValueError __class__ __module____name__r)selfrr6rrrr __init__ks    zSigner.__init__cCst|jd||j}t|SNsigner)rrrr)r=r signaturerrr rAxszSigner.signaturecCs t|}||j||Sr)rr6rAr=rrrr r(}sz Signer.signcCsVt|}|j|vrtd|j||jd\}}t|||r%t|Std|)NzNo "%s" found in valuer"Signature "%s" does not match)rr6rrsplitrrAr= signed_valuersigrrr r0s  z Signer.unsign)Nr3Nr<r; __qualname__r>rAr(r0rrrr rjs    rcs2eZdZddZfddZdfdd ZZS) rcCstjttSr)r base62encodeinttime)r=rrr timestampr!zTimestampSigner.timestampcs*t|}||j|}t|Sr)rr6rNsuperr(rBr:rr r(s zTimestampSigner.signNcstt|}||jd\}}tj|}|dur8t|tj r#| }t |}||kr8t d|d|d|S)zk Retrieve original value and check it wasn't signed more than max_age seconds ago. r"NSignature age  >  seconds) rOr0rDr6r rJdecode isinstancedatetime timedelta total_secondsrMr)r=rr/resultrNagerPrr r0s    zTimestampSigner.unsignr)r<r;rIrNr(r0 __classcell__rrrPr rs rc@s.eZdZd ddZddZddZdd ZdS) rNcCs>tj}|j|_|p tj|_t|p|jjd|jj |_ dS)Nr4) rCRYPTOGRAPHY_DIGEST digest_size _digest_sizer5rrr:r;r<r)r=rrdigestrrr r>s   zBytesSigner.__init__cCst|jd||jSr?)rrrrrBrrr rAszBytesSigner.signaturecCst|}|||Sr)r rArBrrr r(szBytesSigner.signcCsH|d|j ||j d}}t|||r|Stdt|)NrC)r^rrArbinascii b2a_base64rErrr r0s zBytesSigner.unsign)NNrHrrrr rs   rc@s4eZdZdZd ddZddZddZd d d ZdS) rNcCst|_t|p tj|_dS)z5 :type key: any :rtype: None N)rSHA256r_r rr5r)r=rrrr r>s zFernetSigner.__init__cCs&t|j|jtjd}|t||S)z7 :type value: any :rtype: HMAC )backend)rrr_rCRYPTOGRAPHY_BACKENDupdater )r=rhrrr rAszFernetSigner.signaturecCs6td|jtt}|t|7}|||S)z8 :type value: any :rtype: bytes >cQ)structpackversionrLrMr rAr)r=rpayloadrrr r(s zFernetSigner.signc Cstd|jj}}dt||||f}z t||\}}}} Wn tjy.tdw||jkr8td|dur_t |t j rF| }t t|} | |tkr_td| d|dz||d| | W|Stytd t| w) z Retrieve original value and check it wasn't signed more than max_age seconds ago. :type signed_value: bytes :type ttl: int | datetime.timedelta rhz >cQ%ds%dszSignature is not validzSignature version not supportedNrQrRrSrC)ricalcsizer_r]r'unpackerrorrrkrUrVrWrXabsrM_MAX_CLOCK_SKEWrrAverifyrr`ra) r=rFttlh_sized_sizefmtrkrNrrGrZrrr r0s.     zFernetSigner.unsignr)r<r;rIrkr>rAr(r0rrrr rs    r)(r`rVrerirMr%cryptography.exceptionsrcryptography.hazmat.primitivesr#cryptography.hazmat.primitives.hmacr django.confrdjango.core.signingrrrr r r django.utilsr django.utils.encodingr r utils.cryptorr__all__rqcompiler7rrrrrrrrrrr s4        $ !