~tribaal/txaws/xss-hardening

« back to all changes in this revision

Viewing changes to txaws/util.py

  • Committer: Thomas Hervé
  • Date: 2009-10-21 19:40:18 UTC
  • Revision ID: thomas@canonical.com-20091021194018-nbcgy745732s00xs
Default to HmacSHA256 instead of HmacSHA1: it's more secure and provides
compatibility with Eucalyptus [r=oubiwann]

Show diffs side-by-side

added added

removed removed

Lines of Context:
5
5
"""
6
6
 
7
7
from base64 import b64encode
8
 
from hashlib import sha1, md5
 
8
from hashlib import sha1, md5, sha256
9
9
import hmac
10
10
from urlparse import urlparse, urlunparse
11
11
import time
12
12
 
13
 
# Import XMLTreeBuilder from somwhere; here in one place to prevent duplication.
 
13
# Import XMLTreeBuilder from somewhere; here in one place to prevent
 
14
# duplication.
14
15
try:
15
16
    from xml.etree.ElementTree import XMLTreeBuilder
16
17
except ImportError:
17
18
    from elementtree.ElementTree import XMLTreeBuilder
18
19
 
19
20
 
20
 
__all__ = ["hmac_sha1", "iso8601time", "calculate_md5", "XML"]
 
21
__all__ = ["hmac_sha1", "hmac_sha256", "iso8601time", "calculate_md5", "XML"]
21
22
 
22
23
 
23
24
def calculate_md5(data):
30
31
    return b64encode(digest)
31
32
 
32
33
 
 
34
def hmac_sha256(secret, data):
 
35
    digest = hmac.new(secret, data, sha256).digest()
 
36
    return b64encode(digest)
 
37
 
 
38
 
33
39
def iso8601time(time_tuple):
34
40
    """Format time_tuple as a ISO8601 time string.
35
41