5 files changed, 39 insertions, 17 deletions

diff --git a/paste/auth/auth_tkt.py b/paste/auth/auth_tkt.py
index b1531f2..e1c5833 100644
--- a/paste/auth/auth_tkt.py
+++ b/paste/auth/auth_tkt.py
@@ -38,7 +38,10 @@ non-Python code run under Apache.
 """
 
 import time as time_mod
-import md5
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
 import Cookie
 from paste import request
 
@@ -164,10 +167,10 @@ def calculate_digest(ip, timestamp, secret, userid, tokens, user_data):
     userid = maybe_encode(userid)
     tokens = maybe_encode(tokens)
     user_data = maybe_encode(user_data)
-    digest0 = md5.new(
+    digest0 = md5(
         encode_ip_timestamp(ip, timestamp) + secret + userid + '\0'
         + tokens + '\0' + user_data).hexdigest()
-    digest = md5.new(digest0 + secret).hexdigest()
+    digest = md5(digest0 + secret).hexdigest()
     return digest
 
 def encode_ip_timestamp(ip, timestamp):
diff --git a/paste/auth/cookie.py b/paste/auth/cookie.py
index 5c2ab27..5bc48cc 100644
--- a/paste/auth/cookie.py
+++ b/paste/auth/cookie.py
@@ -41,12 +41,18 @@ corresponding to a database session id) is stored in the cookie.
 
 """
 
-import sha, hmac, base64, random, time, warnings
+import hmac, base64, random, time, warnings
+try:
+    from hashlib import sha1
+except ImportError:
+    # NOTE: We have to use the callable with hashlib (hashlib.sha1),
+    # otherwise hmac only accepts the sha module object itself
+    import sha as sha1
 from paste.request import get_cookies
 
 def make_time(value):
     return time.strftime("%Y%m%d%H%M", time.gmtime(value))
-_signature_size = len(hmac.new('x', 'x', sha).digest())
+_signature_size = len(hmac.new('x', 'x', sha1).digest())
 _header_size = _signature_size + len(make_time(time.time()))
 
 # @@: Should this be using urllib.quote?
@@ -132,7 +138,7 @@ class AuthCookieSigner(object):
         cookie is handled server-side in the auth() function.
         """
         cookie = base64.encodestring(
-            hmac.new(self.secret, content, sha).digest() +
+            hmac.new(self.secret, content, sha1).digest() +
             make_time(time.time() + 60*self.timeout) +
             content).replace("/", "_").replace("=", "~")
         if len(cookie) > self.maxlen:
@@ -149,7 +155,7 @@ class AuthCookieSigner(object):
         signature = decode[:_signature_size]
         expires = decode[_signature_size:_header_size]
         content = decode[_header_size:]
-        if signature == hmac.new(self.secret, content, sha).digest():
+        if signature == hmac.new(self.secret, content, sha1).digest():
             if int(expires) > int(make_time(time.time())):
                 return content
             else:
diff --git a/paste/auth/digest.py b/paste/auth/digest.py
index 229a03d..cc2ccfa 100644
--- a/paste/auth/digest.py
+++ b/paste/auth/digest.py
@@ -31,11 +31,15 @@ to use sha would be a good thing.
 """
 from paste.httpexceptions import HTTPUnauthorized
 from paste.httpheaders import *
-import md5, time, random
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
+import time, random
 
 def digest_password(realm, username, password):
     """ construct the appropriate hashcode needed for HTTP digest """
-    return md5.md5("%s:%s:%s" % (username, realm, password)).hexdigest()
+    return md5("%s:%s:%s" % (username, realm, password)).hexdigest()
 
 class AuthDigestAuthenticator(object):
     """ implementation of RFC 2617 - HTTP Digest Authentication """
@@ -46,9 +50,9 @@ class AuthDigestAuthenticator(object):
 
     def build_authentication(self, stale = ''):
         """ builds the authentication error """
-        nonce  = md5.md5(
+        nonce  = md5(
             "%s:%s" % (time.time(), random.random())).hexdigest()
-        opaque = md5.md5(
+        opaque = md5(
             "%s:%s" % (time.time(), random.random())).hexdigest()
         self.nonce[nonce] = None
         parts = {'realm': self.realm, 'qop': 'auth',
@@ -64,12 +68,12 @@ class AuthDigestAuthenticator(object):
         """ computes the authentication, raises error if unsuccessful """
         if not ha1:
             return self.build_authentication()
-        ha2 = md5.md5('%s:%s' % (method, path)).hexdigest()
+        ha2 = md5('%s:%s' % (method, path)).hexdigest()
         if qop:
             chk = "%s:%s:%s:%s:%s:%s" % (ha1, nonce, nc, cnonce, qop, ha2)
         else:
             chk = "%s:%s:%s" % (ha1, nonce, ha2)
-        if response != md5.md5(chk).hexdigest():
+        if response != md5(chk).hexdigest():
             if nonce in self.nonce:
                 del self.nonce[nonce]
             return self.build_authentication()
diff --git a/paste/exceptions/serial_number_generator.py b/paste/exceptions/serial_number_generator.py
index 7a8ad4a..0289663 100644
--- a/paste/exceptions/serial_number_generator.py
+++ b/paste/exceptions/serial_number_generator.py
@@ -8,7 +8,10 @@ to create compact representations that are unique for a certain string
 (or concatenation of strings)
 """
 
-import md5
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
 
 good_characters = "23456789abcdefghjkmnpqrtuvwxyz"
 
@@ -49,13 +52,16 @@ def hash_identifier(s, length, pad=True, hasher=md5, prefix='',
     length.  E.g., ``group=4`` will cause a identifier like
     ``a5f3-hgk3-asdf``.  Grouping occurs before the prefix.
     """
+    if not callable(hasher):
+        # Accept sha/md5 modules as well as callables
+        hasher = hasher.new
     if length > 26 and hasher is md5:
         raise ValueError, (
             "md5 cannot create hashes longer than 26 characters in "
             "length (you gave %s)" % length)
     if isinstance(s, unicode):
         s = s.encode('utf-8')
-    h = hasher.new(str(s))
+    h = hasher(str(s))
     bin_hash = h.digest()
     modulo = base ** length
     number = 0
diff --git a/paste/session.py b/paste/session.py
index 5f57b92..16a7739 100644
--- a/paste/session.py
+++ b/paste/session.py
@@ -27,7 +27,6 @@ from Cookie import SimpleCookie
 import time
 import random
 import os
-import md5
 import datetime
 import threading
 import tempfile
@@ -36,6 +35,10 @@ try:
     import cPickle
 except ImportError:
     import pickle as cPickle
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
 from paste import wsgilib
 from paste import request
 
@@ -139,7 +142,7 @@ class SessionFactory(object):
             r.append(os.times())
         if for_object is not None:
             r.append(id(for_object))
-        md5_hash = md5.new(str(r))
+        md5_hash = md5(str(r))
         try:
             return md5_hash.hexdigest()
         except AttributeError: