delta/python-packages/cryptography.git/src/cryptography/fernet.py, branch 3.4.3

Apply type annotations to x509 ct and ocsp (#5712)

2021-01-30T22:44:14+00:00

Apply type annotations to fernet (#5708)

2021-01-29T21:39:20+00:00

Complete removal of py2 (#5533)

2020-12-09T15:13:48+00:00

* Drop Python 2

* Black everything

Remove future import from our code (#5610)

2020-12-09T06:35:11+00:00

use _get_backend everywhere (#5408)

2020-08-16T22:04:10+00:00

* use _get_backend everywhere

* black

Paint it Black by the Rolling Stones (#5324)

2020-07-20T18:06:29+00:00

Disallow ttl=None in (Multi)Fernet.decrypt_at_time() (#5280)

2020-06-25T01:51:54+00:00

* Disallow ttl=None in (Multi)Fernet.decrypt_at_time()

Since the introduction of the _at_time() methods in #5256[1] there's
been this little voice in the back of my mind telling me that maybe it's
not the best idea to allow ttl=None in decrypt_at_time(). It's been like
this for convenience and code reuse reasons.

Then I submitted a patch for cryptography stubs in typeshed[2] and I had
to decide whether to define decrypt_at_time()'s ttl as int and be
incompatible with cryptography's behavior or Optional[int] and advertise
an API that can be misused much too easily. I went ahead with int.

Considering the above I decided to propose this patch. Some amount of
redundancy (and a new test to properly cover the
MultiFernet.decrypt_at_time() implementation) is a price to prevent
clients from shooting themselves in the foot with the tll=None gun since
setting ttl to None disabled timestamp checks even if current_time was
provided.

[1] https://github.com/pyca/cryptography/pull/5256
[2] https://github.com/python/typeshed/pull/4238

* Actually test the return value here

* Fix formatting

Add a way to pass current time to Fernet (#5256)

2020-06-14T18:30:18+00:00

* Add a way to pass current time to Fernet

The motivation behind this is to be able to unit test code using Fernet
easily without having to monkey patch global state.

* Reformat to satisfy flake8

* Trigger a Fernet.encrypt() branch missing from coverage

* Revert specifying explicit current time in MultiFernet.rotate()

Message's timestamp is not verified anyway since ttl is None.

* Change the Fernet's explicit current time API slightly

This's been suggested in code review.

* Fix a typo

* Fix a typo

* Restore full MultiFernet test coverage and fix a typo

* Restore more coverage

time.time() is not called by MultiFernet.rotate() anymore so the monkey
patching and lambda need to go, because the patched function is not used
and coverage calculation will rightfully notice it.

* Remove an unused import

* Document when the *_at_time Fernet methods were added

centralize our bytes check (#4622)

2018-12-02T11:20:33+00:00

this will make life a bit easier when we support bytearrays

Add support for extracting timestamp from a Fernet token (#4229)

2018-05-12T15:57:32+00:00

* Add API for retrieving the seconds-to-expiry for the token, given a TTL.

* Process PR feedback:

* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.

* Factored out the HMAC signature verification to a separate function.

* Fixed a copy&paste mistake in the test cases

* Tests cleanup.

* `struct` no longer needed

* Document `def age()`

* typo in `age()` documentation

* token, not data

* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.

* let's call this extract_timestamp and just return timestamp

* review comments

* it's UNIX I know this