diff options
| author | Helmut Grohne <helmut@subdivi.de> | 2008-03-10 15:51:53 +0100 |
|---|---|---|
| committer | Helmut Grohne <helmut@subdivi.de> | 2008-03-10 15:51:53 +0100 |
| commit | c44530be1a4028ecf62b13dc24b847442114b2ec (patch) | |
| tree | 1d6cb3b92ff683ebbd9496ecbe95eda843c114ed /wsgitools | |
| parent | 6a50ebb9bfbfc81472c0ce4e3542122789378cb5 (diff) | |
| download | wsgitools-c44530be1a4028ecf62b13dc24b847442114b2ec.tar.gz | |
use hashlib.md5 instead of md5.md5 where possible
Diffstat (limited to 'wsgitools')
| -rwxr-xr-x | wsgitools/digest.py | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/wsgitools/digest.py b/wsgitools/digest.py index 7284c1c..19fb975 100755 --- a/wsgitools/digest.py +++ b/wsgitools/digest.py @@ -3,7 +3,11 @@ __all__ = [] import random -import md5 +try: + from hashlib import md5 +except ImportError: + from md5 import md5 + import time sysrand = random.SystemRandom() @@ -52,12 +56,12 @@ class AuthTokenGenerator: if password is None: return None a1 = "%s:%s:%s" % (username, self.realm, password) - return md5.new(a1).hexdigest() + return md5(a1).hexdigest() __all__.append("AuthDigestMiddleware") class AuthDigestMiddleware: """Middleware partly implementing RFC2617. (md5-sess was omited)""" - algorithms = {"md5": lambda data: md5.new(data).hexdigest()} + algorithms = {"md5": lambda data: md5(data).hexdigest()} def __init__(self, app, gentoken, maxage=300, maxuses=5): """ @param app: is the wsgi application to be served with authentification. @@ -192,7 +196,7 @@ class AuthDigestMiddleware: # raises ValueError nonce_time, nonce_value, nonce_hash = nonce.split(':') token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret) - token = md5.new(token).hexdigest() + token = md5(token).hexdigest() return nonce_hash == token def check_nonce(self, credentials): @@ -200,6 +204,10 @@ class AuthDigestMiddleware: nonce = credentials["nonce"] # raises ValueError nonce_time, nonce_value, nonce_hash = nonce.split(':') + token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret) + token = md5(token).hexdigest() + if token != nonce_hash: + return False qop = credentials.get("qop", None) if qop is None: nc = 1 @@ -234,7 +242,7 @@ class AuthDigestMiddleware: nonce_value = ("%066X" % randval).decode("hex").encode("base64").strip() self.nonces.append((nonce_time, nonce_value, 1)) token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret) - token = md5.new(token).hexdigest() + token = md5(token).hexdigest() return "%s:%s:%s" % (nonce_time, nonce_value, token) def authorization_required(self, environ, start_response, stale=False): |