From c44530be1a4028ecf62b13dc24b847442114b2ec Mon Sep 17 00:00:00 2001 From: Helmut Grohne Date: Mon, 10 Mar 2008 15:51:53 +0100 Subject: use hashlib.md5 instead of md5.md5 where possible --- wsgitools/digest.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/wsgitools/digest.py b/wsgitools/digest.py index 7284c1c..19fb975 100755 --- a/wsgitools/digest.py +++ b/wsgitools/digest.py @@ -3,7 +3,11 @@ __all__ = [] import random -import md5 +try: + from hashlib import md5 +except ImportError: + from md5 import md5 + import time sysrand = random.SystemRandom() @@ -52,12 +56,12 @@ class AuthTokenGenerator: if password is None: return None a1 = "%s:%s:%s" % (username, self.realm, password) - return md5.new(a1).hexdigest() + return md5(a1).hexdigest() __all__.append("AuthDigestMiddleware") class AuthDigestMiddleware: """Middleware partly implementing RFC2617. (md5-sess was omited)""" - algorithms = {"md5": lambda data: md5.new(data).hexdigest()} + algorithms = {"md5": lambda data: md5(data).hexdigest()} def __init__(self, app, gentoken, maxage=300, maxuses=5): """ @param app: is the wsgi application to be served with authentification. @@ -192,7 +196,7 @@ class AuthDigestMiddleware: # raises ValueError nonce_time, nonce_value, nonce_hash = nonce.split(':') token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret) - token = md5.new(token).hexdigest() + token = md5(token).hexdigest() return nonce_hash == token def check_nonce(self, credentials): @@ -200,6 +204,10 @@ class AuthDigestMiddleware: nonce = credentials["nonce"] # raises ValueError nonce_time, nonce_value, nonce_hash = nonce.split(':') + token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret) + token = md5(token).hexdigest() + if token != nonce_hash: + return False qop = credentials.get("qop", None) if qop is None: nc = 1 @@ -234,7 +242,7 @@ class AuthDigestMiddleware: nonce_value = ("%066X" % randval).decode("hex").encode("base64").strip() self.nonces.append((nonce_time, nonce_value, 1)) token = "%s:%s:%s" % (nonce_time, nonce_value, self.server_secret) - token = md5.new(token).hexdigest() + token = md5(token).hexdigest() return "%s:%s:%s" % (nonce_time, nonce_value, token) def authorization_required(self, environ, start_response, stale=False): -- cgit v1.2.3