123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 |
- import hashlib
- import hmac
- import typing as _t
- from .encoding import _base64_alphabet
- from .encoding import base64_decode
- from .encoding import base64_encode
- from .encoding import want_bytes
- from .exc import BadSignature
- _t_str_bytes = _t.Union[str, bytes]
- _t_opt_str_bytes = _t.Optional[_t_str_bytes]
- _t_secret_key = _t.Union[_t.Iterable[_t_str_bytes], _t_str_bytes]
- class SigningAlgorithm:
- """Subclasses must implement :meth:`get_signature` to provide
- signature generation functionality.
- """
- def get_signature(self, key: bytes, value: bytes) -> bytes:
- """Returns the signature for the given key and value."""
- raise NotImplementedError()
- def verify_signature(self, key: bytes, value: bytes, sig: bytes) -> bool:
- """Verifies the given signature matches the expected
- signature.
- """
- return hmac.compare_digest(sig, self.get_signature(key, value))
- class NoneAlgorithm(SigningAlgorithm):
- """Provides an algorithm that does not perform any signing and
- returns an empty signature.
- """
- def get_signature(self, key: bytes, value: bytes) -> bytes:
- return b""
- class HMACAlgorithm(SigningAlgorithm):
- """Provides signature generation using HMACs."""
- #: The digest method to use with the MAC algorithm. This defaults to
- #: SHA1, but can be changed to any other function in the hashlib
- #: module.
- default_digest_method: _t.Any = staticmethod(hashlib.sha1)
- def __init__(self, digest_method: _t.Any = None):
- if digest_method is None:
- digest_method = self.default_digest_method
- self.digest_method: _t.Any = digest_method
- def get_signature(self, key: bytes, value: bytes) -> bytes:
- mac = hmac.new(key, msg=value, digestmod=self.digest_method)
- return mac.digest()
- def _make_keys_list(secret_key: _t_secret_key) -> _t.List[bytes]:
- if isinstance(secret_key, (str, bytes)):
- return [want_bytes(secret_key)]
- return [want_bytes(s) for s in secret_key]
- class Signer:
- """A signer securely signs bytes, then unsigns them to verify that
- the value hasn't been changed.
- The secret key should be a random string of ``bytes`` and should not
- be saved to code or version control. Different salts should be used
- to distinguish signing in different contexts. See :doc:`/concepts`
- for information about the security of the secret key and salt.
- :param secret_key: The secret key to sign and verify with. Can be a
- list of keys, oldest to newest, to support key rotation.
- :param salt: Extra key to combine with ``secret_key`` to distinguish
- signatures in different contexts.
- :param sep: Separator between the signature and value.
- :param key_derivation: How to derive the signing key from the secret
- key and salt. Possible values are ``concat``, ``django-concat``,
- or ``hmac``. Defaults to :attr:`default_key_derivation`, which
- defaults to ``django-concat``.
- :param digest_method: Hash function to use when generating the HMAC
- signature. Defaults to :attr:`default_digest_method`, which
- defaults to :func:`hashlib.sha1`. Note that the security of the
- hash alone doesn't apply when used intermediately in HMAC.
- :param algorithm: A :class:`SigningAlgorithm` instance to use
- instead of building a default :class:`HMACAlgorithm` with the
- ``digest_method``.
- .. versionchanged:: 2.0
- Added support for key rotation by passing a list to
- ``secret_key``.
- .. versionchanged:: 0.18
- ``algorithm`` was added as an argument to the class constructor.
- .. versionchanged:: 0.14
- ``key_derivation`` and ``digest_method`` were added as arguments
- to the class constructor.
- """
- #: The default digest method to use for the signer. The default is
- #: :func:`hashlib.sha1`, but can be changed to any :mod:`hashlib` or
- #: compatible object. Note that the security of the hash alone
- #: doesn't apply when used intermediately in HMAC.
- #:
- #: .. versionadded:: 0.14
- default_digest_method: _t.Any = staticmethod(hashlib.sha1)
- #: The default scheme to use to derive the signing key from the
- #: secret key and salt. The default is ``django-concat``. Possible
- #: values are ``concat``, ``django-concat``, and ``hmac``.
- #:
- #: .. versionadded:: 0.14
- default_key_derivation: str = "django-concat"
- def __init__(
- self,
- secret_key: _t_secret_key,
- salt: _t_opt_str_bytes = b"itsdangerous.Signer",
- sep: _t_str_bytes = b".",
- key_derivation: _t.Optional[str] = None,
- digest_method: _t.Optional[_t.Any] = None,
- algorithm: _t.Optional[SigningAlgorithm] = None,
- ):
- #: The list of secret keys to try for verifying signatures, from
- #: oldest to newest. The newest (last) key is used for signing.
- #:
- #: This allows a key rotation system to keep a list of allowed
- #: keys and remove expired ones.
- self.secret_keys: _t.List[bytes] = _make_keys_list(secret_key)
- self.sep: bytes = want_bytes(sep)
- if self.sep in _base64_alphabet:
- raise ValueError(
- "The given separator cannot be used because it may be"
- " contained in the signature itself. ASCII letters,"
- " digits, and '-_=' must not be used."
- )
- if salt is not None:
- salt = want_bytes(salt)
- else:
- salt = b"itsdangerous.Signer"
- self.salt = salt
- if key_derivation is None:
- key_derivation = self.default_key_derivation
- self.key_derivation: str = key_derivation
- if digest_method is None:
- digest_method = self.default_digest_method
- self.digest_method: _t.Any = digest_method
- if algorithm is None:
- algorithm = HMACAlgorithm(self.digest_method)
- self.algorithm: SigningAlgorithm = algorithm
- @property
- def secret_key(self) -> bytes:
- """The newest (last) entry in the :attr:`secret_keys` list. This
- is for compatibility from before key rotation support was added.
- """
- return self.secret_keys[-1]
- def derive_key(self, secret_key: _t_opt_str_bytes = None) -> bytes:
- """This method is called to derive the key. The default key
- derivation choices can be overridden here. Key derivation is not
- intended to be used as a security method to make a complex key
- out of a short password. Instead you should use large random
- secret keys.
- :param secret_key: A specific secret key to derive from.
- Defaults to the last item in :attr:`secret_keys`.
- .. versionchanged:: 2.0
- Added the ``secret_key`` parameter.
- """
- if secret_key is None:
- secret_key = self.secret_keys[-1]
- else:
- secret_key = want_bytes(secret_key)
- if self.key_derivation == "concat":
- return _t.cast(bytes, self.digest_method(self.salt + secret_key).digest())
- elif self.key_derivation == "django-concat":
- return _t.cast(
- bytes, self.digest_method(self.salt + b"signer" + secret_key).digest()
- )
- elif self.key_derivation == "hmac":
- mac = hmac.new(secret_key, digestmod=self.digest_method)
- mac.update(self.salt)
- return mac.digest()
- elif self.key_derivation == "none":
- return secret_key
- else:
- raise TypeError("Unknown key derivation method")
- def get_signature(self, value: _t_str_bytes) -> bytes:
- """Returns the signature for the given value."""
- value = want_bytes(value)
- key = self.derive_key()
- sig = self.algorithm.get_signature(key, value)
- return base64_encode(sig)
- def sign(self, value: _t_str_bytes) -> bytes:
- """Signs the given string."""
- value = want_bytes(value)
- return value + self.sep + self.get_signature(value)
- def verify_signature(self, value: _t_str_bytes, sig: _t_str_bytes) -> bool:
- """Verifies the signature for the given value."""
- try:
- sig = base64_decode(sig)
- except Exception:
- return False
- value = want_bytes(value)
- for secret_key in reversed(self.secret_keys):
- key = self.derive_key(secret_key)
- if self.algorithm.verify_signature(key, value, sig):
- return True
- return False
- def unsign(self, signed_value: _t_str_bytes) -> bytes:
- """Unsigns the given string."""
- signed_value = want_bytes(signed_value)
- if self.sep not in signed_value:
- raise BadSignature(f"No {self.sep!r} found in value")
- value, sig = signed_value.rsplit(self.sep, 1)
- if self.verify_signature(value, sig):
- return value
- raise BadSignature(f"Signature {sig!r} does not match", payload=value)
- def validate(self, signed_value: _t_str_bytes) -> bool:
- """Only validates the given signed value. Returns ``True`` if
- the signature exists and is valid.
- """
- try:
- self.unsign(signed_value)
- return True
- except BadSignature:
- return False
|