Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 1d2901cae193cb965480835aaf96696f8eecfaab^! / .
commit1d2901cae193cb965480835aaf96696f8eecfaab[log] [tgz]
authorAlex Gaynor <alex.gaynor@gmail.com>Fri Nov 22 10:12:05 2013 -0800
committerAlex Gaynor <alex.gaynor@gmail.com>Fri Nov 22 10:12:05 2013 -0800
tree65ada261aa41bc3000d029480ee2d25f69a22288
parentaafa63cce69c446a0c4d713c8357c61d4a7a8f4e [diff]
Hide the dangerous bits

diff --git a/cryptography/fernet.py b/cryptography/fernet.py
index ae3a8bf..1c6cb5d 100644
--- a/cryptography/fernet.py
+++ b/cryptography/fernet.py

@@ -85,24 +85,22 @@
         ).encryptor()
         ciphertext = encryptor.update(padded_data) + encryptor.finalize()
 
-        h = HMAC(self.signing_key, hashes.SHA256(), self.backend)
-        h.update(b"\x80")
-        h.update(struct.pack(">Q", current_time))
-        h.update(iv)
-        h.update(ciphertext)
-        hmac = h.finalize()
-        return base64.urlsafe_b64encode(
-            b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext + hmac
+        basic_parts = (
+            b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext
         )
 
-    def decrypt(self, data, ttl=None, current_time=None):
+        h = HMAC(self.signing_key, hashes.SHA256(), self.backend)
+        h.update(basic_parts)
+        hmac = h.finalize()
+        return base64.urlsafe_b64encode(basic_parts + hmac)
+
+    def decrypt(self, data, ttl=None):
         if isinstance(data, six.text_type):
             raise TypeError(
                 "Unicode-objects must be encoded before decryption"
             )
 
-        if current_time is None:
-            current_time = int(time.time())
+        current_time = int(time.time())
 
         try:
             data = base64.urlsafe_b64decode(data)

diff --git a/tests/test_fernet.py b/tests/test_fernet.py
index 4080bd2..c1caaa0 100644
--- a/tests/test_fernet.py
+++ b/tests/test_fernet.py

@@ -15,6 +15,7 @@
 import calendar
 import json
 import os
+import time
 
 import iso8601
 
@@ -51,22 +52,20 @@
     @json_parametrize(
         ("secret", "now", "src", "ttl_sec", "token"), "verify.json",
     )
-    def test_verify(self, secret, now, src, ttl_sec, token):
+    def test_verify(self, secret, now, src, ttl_sec, token, monkeypatch):
         f = Fernet(secret.encode("ascii"))
         current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple())
-        payload = f.decrypt(
-            token.encode("ascii"), ttl=ttl_sec, current_time=current_time
-        )
+        monkeypatch.setattr(time, "time", lambda: current_time)
+        payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec)
         assert payload == src.encode("ascii")
 
     @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json")
-    def test_invalid(self, secret, token, now, ttl_sec):
+    def test_invalid(self, secret, token, now, ttl_sec, monkeypatch):
         f = Fernet(secret.encode("ascii"))
         current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple())
+        monkeypatch.setattr(time, "time", lambda: current_time)
         with pytest.raises(InvalidToken):
-            f.decrypt(
-                token.encode("ascii"), ttl=ttl_sec, current_time=current_time
-            )
+            f.decrypt(token.encode("ascii"), ttl=ttl_sec)
 
     def test_unicode(self):
         f = Fernet(base64.b64encode(b"\x00" * 32))