import hashlib
import hmac
import typing as _t
from . encoding import _base64_alphabet
from . encoding import base64_decode
from . encoding import base64_encode
from . encoding import want_bytes
from . exc import BadSignature
_t_str_bytes = _t . Union [ str , bytes ]
_t_opt_str_bytes = _t . Optional [ _t_str_bytes ]
_t_secret_key = _t . Union [ _t . Iterable [ _t_str_bytes ] , _t_str_bytes ]
class SigningAlgorithm :
""" Subclasses must implement :meth:`get_signature` to provide
signature generation functionality .
"""
def get_signature ( self , key : bytes , value : bytes ) - > bytes :
""" Returns the signature for the given key and value. """
raise NotImplementedError ( )
def verify_signature ( self , key : bytes , value : bytes , sig : bytes ) - > bool :
""" Verifies the given signature matches the expected
signature .
"""
return hmac . compare_digest ( sig , self . get_signature ( key , value ) )
class NoneAlgorithm ( SigningAlgorithm ) :
""" Provides an algorithm that does not perform any signing and
returns an empty signature .
"""
def get_signature ( self , key : bytes , value : bytes ) - > bytes :
return b " "
class HMACAlgorithm ( SigningAlgorithm ) :
""" Provides signature generation using HMACs. """
#: The digest method to use with the MAC algorithm. This defaults to
#: SHA1, but can be changed to any other function in the hashlib
#: module.
default_digest_method : _t . Any = staticmethod ( hashlib . sha1 )
def __init__ ( self , digest_method : _t . Any = None ) :
if digest_method is None :
digest_method = self . default_digest_method
self . digest_method : _t . Any = digest_method
def get_signature ( self , key : bytes , value : bytes ) - > bytes :
mac = hmac . new ( key , msg = value , digestmod = self . digest_method )
return mac . digest ( )
def _make_keys_list ( secret_key : _t_secret_key ) - > _t . List [ bytes ] :
if isinstance ( secret_key , ( str , bytes ) ) :
return [ want_bytes ( secret_key ) ]
return [ want_bytes ( s ) for s in secret_key ]
class Signer :
""" A signer securely signs bytes, then unsigns them to verify that
the value hasn ' t been changed.
The secret key should be a random string of ` ` bytes ` ` and should not
be saved to code or version control . Different salts should be used
to distinguish signing in different contexts . See : doc : ` / concepts `
for information about the security of the secret key and salt .
: param secret_key : The secret key to sign and verify with . Can be a
list of keys , oldest to newest , to support key rotation .
: param salt : Extra key to combine with ` ` secret_key ` ` to distinguish
signatures in different contexts .
: param sep : Separator between the signature and value .
: param key_derivation : How to derive the signing key from the secret
key and salt . Possible values are ` ` concat ` ` , ` ` django - concat ` ` ,
or ` ` hmac ` ` . Defaults to : attr : ` default_key_derivation ` , which
defaults to ` ` django - concat ` ` .
: param digest_method : Hash function to use when generating the HMAC
signature . Defaults to : attr : ` default_digest_method ` , which
defaults to : func : ` hashlib . sha1 ` . Note that the security of the
hash alone doesn ' t apply when used intermediately in HMAC.
: param algorithm : A : class : ` SigningAlgorithm ` instance to use
instead of building a default : class : ` HMACAlgorithm ` with the
` ` digest_method ` ` .
. . versionchanged : : 2.0
Added support for key rotation by passing a list to
` ` secret_key ` ` .
. . versionchanged : : 0.18
` ` algorithm ` ` was added as an argument to the class constructor .
. . versionchanged : : 0.14
` ` key_derivation ` ` and ` ` digest_method ` ` were added as arguments
to the class constructor .
"""
#: The default digest method to use for the signer. The default is
#: :func:`hashlib.sha1`, but can be changed to any :mod:`hashlib` or
#: compatible object. Note that the security of the hash alone
#: doesn't apply when used intermediately in HMAC.
#:
#: .. versionadded:: 0.14
default_digest_method : _t . Any = staticmethod ( hashlib . sha1 )
#: The default scheme to use to derive the signing key from the
#: secret key and salt. The default is ``django-concat``. Possible
#: values are ``concat``, ``django-concat``, and ``hmac``.
#:
#: .. versionadded:: 0.14
default_key_derivation : str = " django-concat "
def __init__ (
self ,
secret_key : _t_secret_key ,
salt : _t_opt_str_bytes = b " itsdangerous.Signer " ,
sep : _t_str_bytes = b " . " ,
key_derivation : _t . Optional [ str ] = None ,
digest_method : _t . Optional [ _t . Any ] = None ,
algorithm : _t . Optional [ SigningAlgorithm ] = None ,
) :
#: The list of secret keys to try for verifying signatures, from
#: oldest to newest. The newest (last) key is used for signing.
#:
#: This allows a key rotation system to keep a list of allowed
#: keys and remove expired ones.
self . secret_keys : _t . List [ bytes ] = _make_keys_list ( secret_key )
self . sep : bytes = want_bytes ( sep )
if self . sep in _base64_alphabet :
raise ValueError (
" The given separator cannot be used because it may be "
" contained in the signature itself. ASCII letters, "
" digits, and ' -_= ' must not be used. "
)
if salt is not None :
salt = want_bytes ( salt )
else :
salt = b " itsdangerous.Signer "
self . salt = salt
if key_derivation is None :
key_derivation = self . default_key_derivation
self . key_derivation : str = key_derivation
if digest_method is None :
digest_method = self . default_digest_method
self . digest_method : _t . Any = digest_method
if algorithm is None :
algorithm = HMACAlgorithm ( self . digest_method )
self . algorithm : SigningAlgorithm = algorithm
@property
def secret_key ( self ) - > bytes :
""" The newest (last) entry in the :attr:`secret_keys` list. This
is for compatibility from before key rotation support was added .
"""
return self . secret_keys [ - 1 ]
def derive_key ( self , secret_key : _t_opt_str_bytes = None ) - > bytes :
""" This method is called to derive the key. The default key
derivation choices can be overridden here . Key derivation is not
intended to be used as a security method to make a complex key
out of a short password . Instead you should use large random
secret keys .
: param secret_key : A specific secret key to derive from .
Defaults to the last item in : attr : ` secret_keys ` .
. . versionchanged : : 2.0
Added the ` ` secret_key ` ` parameter .
"""
if secret_key is None :
secret_key = self . secret_keys [ - 1 ]
else :
secret_key = want_bytes ( secret_key )
if self . key_derivation == " concat " :
return _t . cast ( bytes , self . digest_method ( self . salt + secret_key ) . digest ( ) )
elif self . key_derivation == " django-concat " :
return _t . cast (
bytes , self . digest_method ( self . salt + b " signer " + secret_key ) . digest ( )
)
elif self . key_derivation == " hmac " :
mac = hmac . new ( secret_key , digestmod = self . digest_method )
mac . update ( self . salt )
return mac . digest ( )
elif self . key_derivation == " none " :
return secret_key
else :
raise TypeError ( " Unknown key derivation method " )
def get_signature ( self , value : _t_str_bytes ) - > bytes :
""" Returns the signature for the given value. """
value = want_bytes ( value )
key = self . derive_key ( )
sig = self . algorithm . get_signature ( key , value )
return base64_encode ( sig )
def sign ( self , value : _t_str_bytes ) - > bytes :
""" Signs the given string. """
value = want_bytes ( value )
return value + self . sep + self . get_signature ( value )
def verify_signature ( self , value : _t_str_bytes , sig : _t_str_bytes ) - > bool :
""" Verifies the signature for the given value. """
try :
sig = base64_decode ( sig )
except Exception :
return False
value = want_bytes ( value )
for secret_key in reversed ( self . secret_keys ) :
key = self . derive_key ( secret_key )
if self . algorithm . verify_signature ( key , value , sig ) :
return True
return False
def unsign ( self , signed_value : _t_str_bytes ) - > bytes :
""" Unsigns the given string. """
signed_value = want_bytes ( signed_value )
if self . sep not in signed_value :
raise BadSignature ( f " No { self . sep !r} found in value " )
value , sig = signed_value . rsplit ( self . sep , 1 )
if self . verify_signature ( value , sig ) :
return value
raise BadSignature ( f " Signature { sig !r} does not match " , payload = value )
def validate ( self , signed_value : _t_str_bytes ) - > bool :
""" Only validates the given signed value. Returns ``True`` if
the signature exists and is valid .
"""
try :
self . unsign ( signed_value )
return True
except BadSignature :
return False
