/usr/lib/python2.7/dist-packages/M2Crypto/AuthCookie.py is in python-m2crypto 0.21.1-3ubuntu5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | """Secure Authenticator Cookies
Copyright (c) 1999-2002 Ng Pheng Siong. All rights reserved."""
# M2Crypto
import Rand, m2
# Python. Cookie is bundled with Python 2.x.
import Cookie, binascii, re, time
_MIX_FORMAT = 'exp=%s&data=%s&digest='
_MIX_RE = re.compile('exp=(\d+\.\d+)&data=(.+)&digest=(\S*)')
def mix(expiry, data, format=_MIX_FORMAT):
return format % (repr(expiry), data)
def unmix(dough, regex=_MIX_RE):
mo = regex.match(dough)
if mo:
return float(mo.group(1)), mo.group(2)
else:
return None
def unmix3(dough, regex=_MIX_RE):
mo = regex.match(dough)
if mo:
return float(mo.group(1)), mo.group(2), mo.group(3)
else:
return None
_TOKEN = '_M2AUTH_'
class AuthCookieJar:
_keylen = 20
def __init__(self):
self._key = Rand.rand_bytes(self._keylen)
def _hmac(self, key, data):
return binascii.b2a_base64(m2.hmac(key, data, m2.sha1()))[:-1]
def makeCookie(self, expiry, data):
dough = mix(expiry, data)
return AuthCookie(expiry, data, dough, self._hmac(self._key, dough))
def isGoodCookie(self, cookie):
assert isinstance(cookie, AuthCookie)
if cookie.isExpired():
return 0
c = self.makeCookie(cookie._expiry, cookie._data)
return (c._expiry == cookie._expiry) \
and (c._data == cookie._data) \
and (c._mac == cookie._mac) \
and (c.output() == cookie.output())
def isGoodCookieString(self, cookie_str):
c = Cookie.SmartCookie()
c.load(cookie_str)
if not c.has_key(_TOKEN):
return 0
undough = unmix3(c[_TOKEN].value)
if undough is None:
return 0
exp, data, mac = undough
c2 = self.makeCookie(exp, data)
return (not c2.isExpired()) and (c2._mac == mac)
class AuthCookie:
def __init__(self, expiry, data, dough, mac):
self._expiry = expiry
self._data = data
self._mac = mac
self._cookie = Cookie.SmartCookie()
self._cookie[_TOKEN] = '%s%s' % (dough, mac)
self._name = '%s%s' % (dough, mac) # XXX WebKit only.
def expiry(self):
"""Return the cookie's expiry time."""
return self._expiry
def data(self):
"""Return the data portion of the cookie."""
return self._data
def mac(self):
"""Return the cookie's MAC."""
return self._mac
def output(self):
"""Return the cookie's output in "Set-Cookie" format."""
return self._cookie.output()
def value(self):
"""Return the cookie's output minus the "Set-Cookie: " portion.
"""
return self._cookie[_TOKEN].value
def isExpired(self):
"""Return 1 if the cookie has expired, 0 otherwise."""
return (time.time() > self._expiry)
# XXX Following methods are for WebKit only. These should be pushed
# to WKAuthCookie.
def name(self):
return self._name
def headerValue(self):
return self.value()
|