From c44530be1a4028ecf62b13dc24b847442114b2ec Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 10 Mar 2008 15:51:53 +0100
Subject: use hashlib.md5 instead of md5.md5 where possible

---
 wsgitools/digest.py | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/wsgitools/digest.py b/wsgitools/digest.py
index 7284c1c..19fb975 100755
--- a/wsgitools/digest.py
+++ b/wsgitools/digest.py
@@ -3,7 +3,11 @@
 __all__ = []
 
 import random
-import md5
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
+
 import time
 
 sysrand = random.SystemRandom()
@@ -52,12 +56,12 @@ class AuthTokenGenerator:
         if password is None:
             return None
         a1 = "%s:%s:%s" % (username, self.realm, password)
-        return md5.new(a1).hexdigest()
+        return md5(a1).hexdigest()
 
 __all__.append("AuthDigestMiddleware")
 class AuthDigestMiddleware:
     """Middleware partly implementing RFC2617. (md5-sess was omited)"""
-    algorithms = {"md5": lambda data: md5.new(data).hexdigest()}
+    algorithms = {"md5": lambda data: md5(data).hexdigest()}
     def __init__(self, app, gentoken, maxage=300, maxuses=5):
         """
         @param app: is the wsgi application to be served with authentification.
@@ -192,7 +196,7 @@ class AuthDigestMiddleware:
         # raises ValueError
         nonce_time, nonce_value, nonce_hash = nonce.split(':')
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
-        token = md5.new(token).hexdigest()
+        token = md5(token).hexdigest()
         return nonce_hash == token
 
     def check_nonce(self, credentials):
@@ -200,6 +204,10 @@ class AuthDigestMiddleware:
         nonce = credentials["nonce"]
         # raises ValueError
         nonce_time, nonce_value, nonce_hash = nonce.split(':')
+        token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
+        token = md5(token).hexdigest()
+        if token != nonce_hash:
+            return False
         qop = credentials.get("qop", None)
         if qop is None:
             nc = 1
@@ -234,7 +242,7 @@ class AuthDigestMiddleware:
         nonce_value = ("%066X" % randval).decode("hex").encode("base64").strip()
         self.nonces.append((nonce_time, nonce_value, 1))
         token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret)
-        token = md5.new(token).hexdigest()
+        token = md5(token).hexdigest()
         return "%s:%s:%s" % (nonce_time, nonce_value, token)
 
     def authorization_required(self, environ, start_response, stale=False):
-- 
cgit v1.2.3