diff options
Diffstat (limited to 'src/cryptography/fernet.py')
-rw-r--r-- | src/cryptography/fernet.py | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/cryptography/fernet.py b/src/cryptography/fernet.py index b990defa..862d9466 100644 --- a/src/cryptography/fernet.py +++ b/src/cryptography/fernet.py @@ -47,7 +47,9 @@ class Fernet(object): return base64.urlsafe_b64encode(os.urandom(32)) def encrypt(self, data): - current_time = int(time.time()) + return self.encrypt_at_time(data, int(time.time())) + + def encrypt_at_time(self, data, current_time): iv = os.urandom(16) return self._encrypt_from_parts(data, current_time, iv) @@ -71,8 +73,11 @@ class Fernet(object): return base64.urlsafe_b64encode(basic_parts + hmac) def decrypt(self, token, ttl=None): + return self.decrypt_at_time(token, ttl, int(time.time())) + + def decrypt_at_time(self, token, ttl, current_time): timestamp, data = Fernet._get_unverified_token_data(token) - return self._decrypt_data(data, timestamp, ttl) + return self._decrypt_data(data, timestamp, ttl, current_time) def extract_timestamp(self, token): timestamp, data = Fernet._get_unverified_token_data(token) @@ -105,8 +110,7 @@ class Fernet(object): except InvalidSignature: raise InvalidToken - def _decrypt_data(self, data, timestamp, ttl): - current_time = int(time.time()) + def _decrypt_data(self, data, timestamp, ttl, current_time): if ttl is not None: if timestamp + ttl < current_time: raise InvalidToken @@ -146,13 +150,16 @@ class MultiFernet(object): self._fernets = fernets def encrypt(self, msg): - return self._fernets[0].encrypt(msg) + return self.encrypt_at_time(msg, int(time.time())) + + def encrypt_at_time(self, msg, current_time): + return self._fernets[0].encrypt_at_time(msg, current_time) def rotate(self, msg): timestamp, data = Fernet._get_unverified_token_data(msg) for f in self._fernets: try: - p = f._decrypt_data(data, timestamp, None) + p = f._decrypt_data(data, timestamp, None, None) break except InvalidToken: pass @@ -163,9 +170,12 @@ class MultiFernet(object): return self._fernets[0]._encrypt_from_parts(p, timestamp, iv) def decrypt(self, msg, ttl=None): + return self.decrypt_at_time(msg, ttl, int(time.time())) + + def decrypt_at_time(self, msg, ttl, current_time): for f in self._fernets: try: - return f.decrypt(msg, ttl) + return f.decrypt_at_time(msg, ttl, current_time) except InvalidToken: pass raise InvalidToken |