prefer hashlib over the md5/sha modules which are deprecated in Python 2.6

3 files changed, 26 insertions, 13 deletions

diff --git a/paste/auth/auth_tkt.py b/paste/auth/auth_tkt.py
index b1531f2..e1c5833 100644
--- a/paste/auth/auth_tkt.py
+++ b/paste/auth/auth_tkt.py
@@ -38,7 +38,10 @@ non-Python code run under Apache.
 """
 
 import time as time_mod
-import md5
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
 import Cookie
 from paste import request
 
@@ -164,10 +167,10 @@ def calculate_digest(ip, timestamp, secret, userid, tokens, user_data):
     userid = maybe_encode(userid)
     tokens = maybe_encode(tokens)
     user_data = maybe_encode(user_data)
-    digest0 = md5.new(
+    digest0 = md5(
         encode_ip_timestamp(ip, timestamp) + secret + userid + '\0'
         + tokens + '\0' + user_data).hexdigest()
-    digest = md5.new(digest0 + secret).hexdigest()
+    digest = md5(digest0 + secret).hexdigest()
     return digest
 
 def encode_ip_timestamp(ip, timestamp):
diff --git a/paste/auth/cookie.py b/paste/auth/cookie.py
index 5c2ab27..5bc48cc 100644
--- a/paste/auth/cookie.py
+++ b/paste/auth/cookie.py
@@ -41,12 +41,18 @@ corresponding to a database session id) is stored in the cookie.
 
 """
 
-import sha, hmac, base64, random, time, warnings
+import hmac, base64, random, time, warnings
+try:
+    from hashlib import sha1
+except ImportError:
+    # NOTE: We have to use the callable with hashlib (hashlib.sha1),
+    # otherwise hmac only accepts the sha module object itself
+    import sha as sha1
 from paste.request import get_cookies
 
 def make_time(value):
     return time.strftime("%Y%m%d%H%M", time.gmtime(value))
-_signature_size = len(hmac.new('x', 'x', sha).digest())
+_signature_size = len(hmac.new('x', 'x', sha1).digest())
 _header_size = _signature_size + len(make_time(time.time()))
 
 # @@: Should this be using urllib.quote?
@@ -132,7 +138,7 @@ class AuthCookieSigner(object):
         cookie is handled server-side in the auth() function.
         """
         cookie = base64.encodestring(
-            hmac.new(self.secret, content, sha).digest() +
+            hmac.new(self.secret, content, sha1).digest() +
             make_time(time.time() + 60*self.timeout) +
             content).replace("/", "_").replace("=", "~")
         if len(cookie) > self.maxlen:
@@ -149,7 +155,7 @@ class AuthCookieSigner(object):
         signature = decode[:_signature_size]
         expires = decode[_signature_size:_header_size]
         content = decode[_header_size:]
-        if signature == hmac.new(self.secret, content, sha).digest():
+        if signature == hmac.new(self.secret, content, sha1).digest():
             if int(expires) > int(make_time(time.time())):
                 return content
             else:
diff --git a/paste/auth/digest.py b/paste/auth/digest.py
index 229a03d..cc2ccfa 100644
--- a/paste/auth/digest.py
+++ b/paste/auth/digest.py
@@ -31,11 +31,15 @@ to use sha would be a good thing.
 """
 from paste.httpexceptions import HTTPUnauthorized
 from paste.httpheaders import *
-import md5, time, random
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
+import time, random
 
 def digest_password(realm, username, password):
     """ construct the appropriate hashcode needed for HTTP digest """
-    return md5.md5("%s:%s:%s" % (username, realm, password)).hexdigest()
+    return md5("%s:%s:%s" % (username, realm, password)).hexdigest()
 
 class AuthDigestAuthenticator(object):
     """ implementation of RFC 2617 - HTTP Digest Authentication """
@@ -46,9 +50,9 @@ class AuthDigestAuthenticator(object):
 
     def build_authentication(self, stale = ''):
         """ builds the authentication error """
-        nonce  = md5.md5(
+        nonce  = md5(
             "%s:%s" % (time.time(), random.random())).hexdigest()
-        opaque = md5.md5(
+        opaque = md5(
             "%s:%s" % (time.time(), random.random())).hexdigest()
         self.nonce[nonce] = None
         parts = {'realm': self.realm, 'qop': 'auth',
@@ -64,12 +68,12 @@ class AuthDigestAuthenticator(object):
         """ computes the authentication, raises error if unsuccessful """
         if not ha1:
             return self.build_authentication()
-        ha2 = md5.md5('%s:%s' % (method, path)).hexdigest()
+        ha2 = md5('%s:%s' % (method, path)).hexdigest()
         if qop:
             chk = "%s:%s:%s:%s:%s:%s" % (ha1, nonce, nc, cnonce, qop, ha2)
         else:
             chk = "%s:%s:%s" % (ha1, nonce, ha2)
-        if response != md5.md5(chk).hexdigest():
+        if response != md5(chk).hexdigest():
             if nonce in self.nonce:
                 del self.nonce[nonce]
             return self.build_authentication()