diff options
author | Jakub Stasiak <jakub@stasiak.at> | 2020-06-14 20:30:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-14 13:30:18 -0500 |
commit | 0d0d70bd78f432397b91eee4d9743000686037a6 (patch) | |
tree | b5cc66c60ea5436171275bf606e0aa58ceca0c2e /src | |
parent | 09b9fd924d7714883683d534f65585c4f5986b1e (diff) | |
download | cryptography-0d0d70bd78f432397b91eee4d9743000686037a6.tar.gz cryptography-0d0d70bd78f432397b91eee4d9743000686037a6.tar.bz2 cryptography-0d0d70bd78f432397b91eee4d9743000686037a6.zip |
Add a way to pass current time to Fernet (#5256)
* Add a way to pass current time to Fernet
The motivation behind this is to be able to unit test code using Fernet
easily without having to monkey patch global state.
* Reformat to satisfy flake8
* Trigger a Fernet.encrypt() branch missing from coverage
* Revert specifying explicit current time in MultiFernet.rotate()
Message's timestamp is not verified anyway since ttl is None.
* Change the Fernet's explicit current time API slightly
This's been suggested in code review.
* Fix a typo
* Fix a typo
* Restore full MultiFernet test coverage and fix a typo
* Restore more coverage
time.time() is not called by MultiFernet.rotate() anymore so the monkey
patching and lambda need to go, because the patched function is not used
and coverage calculation will rightfully notice it.
* Remove an unused import
* Document when the *_at_time Fernet methods were added
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/fernet.py | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/cryptography/fernet.py b/src/cryptography/fernet.py index b990defa..862d9466 100644 --- a/src/cryptography/fernet.py +++ b/src/cryptography/fernet.py @@ -47,7 +47,9 @@ class Fernet(object): return base64.urlsafe_b64encode(os.urandom(32)) def encrypt(self, data): - current_time = int(time.time()) + return self.encrypt_at_time(data, int(time.time())) + + def encrypt_at_time(self, data, current_time): iv = os.urandom(16) return self._encrypt_from_parts(data, current_time, iv) @@ -71,8 +73,11 @@ class Fernet(object): return base64.urlsafe_b64encode(basic_parts + hmac) def decrypt(self, token, ttl=None): + return self.decrypt_at_time(token, ttl, int(time.time())) + + def decrypt_at_time(self, token, ttl, current_time): timestamp, data = Fernet._get_unverified_token_data(token) - return self._decrypt_data(data, timestamp, ttl) + return self._decrypt_data(data, timestamp, ttl, current_time) def extract_timestamp(self, token): timestamp, data = Fernet._get_unverified_token_data(token) @@ -105,8 +110,7 @@ class Fernet(object): except InvalidSignature: raise InvalidToken - def _decrypt_data(self, data, timestamp, ttl): - current_time = int(time.time()) + def _decrypt_data(self, data, timestamp, ttl, current_time): if ttl is not None: if timestamp + ttl < current_time: raise InvalidToken @@ -146,13 +150,16 @@ class MultiFernet(object): self._fernets = fernets def encrypt(self, msg): - return self._fernets[0].encrypt(msg) + return self.encrypt_at_time(msg, int(time.time())) + + def encrypt_at_time(self, msg, current_time): + return self._fernets[0].encrypt_at_time(msg, current_time) def rotate(self, msg): timestamp, data = Fernet._get_unverified_token_data(msg) for f in self._fernets: try: - p = f._decrypt_data(data, timestamp, None) + p = f._decrypt_data(data, timestamp, None, None) break except InvalidToken: pass @@ -163,9 +170,12 @@ class MultiFernet(object): return self._fernets[0]._encrypt_from_parts(p, timestamp, iv) def decrypt(self, msg, ttl=None): + return self.decrypt_at_time(msg, ttl, int(time.time())) + + def decrypt_at_time(self, msg, ttl, current_time): for f in self._fernets: try: - return f.decrypt(msg, ttl) + return f.decrypt_at_time(msg, ttl, current_time) except InvalidToken: pass raise InvalidToken |