diff options
| -rw-r--r-- | cryptography/fernet.py | 6 | ||||
| -rw-r--r-- | tests/test_fernet.py | 10 |
2 files changed, 12 insertions, 4 deletions
diff --git a/cryptography/fernet.py b/cryptography/fernet.py index 2c134bbd..ef747b7c 100644 --- a/cryptography/fernet.py +++ b/cryptography/fernet.py @@ -37,8 +37,10 @@ class Fernet(object): b"\x80" + struct.pack(">Q", current_time) + iv + ciphertext + hmac ) - def decrypt(self, data, ttl=None): + def decrypt(self, data, ttl=None, current_time=None): # TODO: whole function is a giant hack job with no error checking + if current_time is None: + current_time = int(time.time()) data = base64.urlsafe_b64decode(data) assert data[0] == b"\x80" timestamp = data[1:9] @@ -46,7 +48,7 @@ class Fernet(object): ciphertext = data[25:-32] hmac = data[-32:] if ttl is not None: - if struct.unpack(">Q", timestamp)[0] + ttl > int(time.time()): + if struct.unpack(">Q", timestamp)[0] + ttl < current_time: raise ValueError h = HMAC(self.signing_key, digestmod=hashes.SHA256) h.update(data[:-32]) diff --git a/tests/test_fernet.py b/tests/test_fernet.py index e9d07f81..f7c06b95 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -13,11 +13,17 @@ class TestFernet(object): 499162800, b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", ) - assert token == b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==" + assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" + "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" )) - payload = f.decrypt(b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", 60) + payload = f.decrypt( + (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" + "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + ttl=60, + current_time=499162801 + ) assert payload == b"hello" |