Source code for thorn.utils.hmac
"""HMAC Message signing utilities."""
from __future__ import absolute_import, unicode_literals
import base64
import hashlib
import hmac
import random
import string
from .compat import bytes_if_py3, want_bytes
try:
import itsdangerous
except ImportError: # pragma: no cover
itsdangerous = None # noqa
# Some version of PyPy does not have hashlib.algorithms_available
allowed_algorithms = {
'sha1', 'sha224', 'sha256', 'sha384', 'sha512',
}
punctuation = string.punctuation.replace('"', '').replace("'", '')
[docs]def get_digest(d):
"""Get digest type by name (e.g. ``"sha512"``)."""
assert d.lower() in allowed_algorithms, d.lower()
return getattr(hashlib, d.lower())
[docs]def sign(digest_method, key, message):
"""Sign HMAC digest."""
return base64.b64encode(bytes_if_py3(hmac.new(
want_bytes(key),
want_bytes(message),
digestmod=get_digest(digest_method)).digest()))
[docs]def verify(digest, digest_method, key, message):
"""Verify HMAC digest."""
return hmac.compare_digest(
want_bytes(sign(digest_method, key, message)),
want_bytes(digest))
[docs]def random_secret(
length, chars=string.ascii_letters + string.digits + punctuation):
"""Generate random secret (letters, digits, punctuation)."""
return ''.join(random.choice(chars) for _ in range(length))
[docs]def compat_sign(digest_method, key, message):
"""Sign message using old itsdangerous signer."""
return itsdangerous.Signer(
key, digest_method=get_digest(digest_method),
).get_signature(message)