首页 > 编程语言 > 详细

python的模块itsdangerous

时间:2017-09-04 21:16:04      阅读:1554      评论:0      收藏:0      [点我收藏+]

这个模块主要用来签名和序列化

使用场景:

一、给字符串添加签名:

  发送方和接收方拥有相同的密钥--"secret-key",发送方使用密钥对发送内容进行签名,接收方使用相同的密钥对接收到的内容进行验证,看是否是发送方发送的内容

 1 >>> from itsdangerous import Signer
 2 >>> s = Signer(secret-key)
 3 >>> s.sign(my string, ssssssssss,dddddddddddddlsd)
 4 my string, ssssssssss,dddddddddddddlsd.nSXTxgO_UMN4gkLZcFCioa-dZSo
 5 >>>
 6 >>> s.unsign(my string, ssssssssss,dddddddddddddlsd.nSXTxgO_UMN4gkLZcFCioa-dZSo)
 7 my string, ssssssssss,dddddddddddddlsd
 8 >>> s.unsign(my string, ssss.nSXTxgO_UMN4gkLZcFCioa-dZSo)
 9 Traceback (most recent call last):
10   File "<stdin>", line 1, in <module>
11   File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 374, in unsign
12     payload=value)
13 itsdangerous.BadSignature: Signature nSXTxgO_UMN4gkLZcFCioa-dZSo does not match
14 >>> s.unsign(my string, ssssssssss,dddddddddddddlsd.nSXTxgO_UMN4gkLZcFCioa-dZSP)
15 Traceback (most recent call last):
16   File "<stdin>", line 1, in <module>
17   File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 374, in unsign
18     payload=value)
19 itsdangerous.BadSignature: Signature nSXTxgO_UMN4gkLZcFCioa-dZSP does not match
20 >>>

二、带时间戳的签名:

  签名有一定的时效性,发送方发送时,带上时间信息,接收方判断多长时间内是否失效

>>> from itsdangerous import TimestampSigner
>>> s = TimestampSigner(secret-key)
>>> string = s.sign(foo)
>>> s.unsign(string, max_age=5)
foo
>>> s.unsign(string, max_age=5) Traceback (most recent call last): ... itsdangerous.SignatureExpired: Signature age 15 > 5 seconds

三、序列化

>>> from itsdangerous import Serializer
>>> s = Serializer(secret-key)
>>> s.dumps([1, 2, 3, 4])
[1, 2, 3, 4].r7R9RhGgDPvvWl3iNzLuIIfELmo
And it can of course also load:

>>> s.loads([1, 2, 3, 4].r7R9RhGgDPvvWl3iNzLuIIfELmo)
[1, 2, 3, 4]
If you want to have the timestamp attached you can use the TimedSerializer.

四、带时间戳的序列化:

>>> from itsdangerous import TimedSerializer
>>> s=TimedSerializer(secret-key)
>>> s.dumps([1,2,3,4])
[1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc
>>> s.loads([1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc)
[1, 2, 3, 4]
>>> s.loads([1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc,max_age=10)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 643, in loads
    .unsign(s, max_age, return_timestamp=True)
  File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 463, in unsign
    date_signed=self.timestamp_to_datetime(timestamp))
itsdangerous.SignatureExpired: Signature age 28 > 10 seconds
>>> s.loads([1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc,max_age=40)
[1, 2, 3, 4]
>>>

五、URL安全序列化

对于限定字符串的场景,你可以使用URL安全序列化

>>> from itsdangerous import URLSafeSerializer
>>> s = URLSafeSerializer(secret-key)
>>> s.dumps([1, 2, 3, 4])
WzEsMiwzLDRd.wSPHqC0gR7VUqivlSukJ0IeTDgo
>>> s.loads(WzEsMiwzLDRd.wSPHqC0gR7VUqivlSukJ0IeTDgo)
[1, 2, 3, 4]

六、JSON Web签名

JSON Web Signatures

Starting with “itsdangerous” 0.18 JSON Web Signatures are also supported. They generally work very similar to the already existing URL safe serializer but will emit headers according to the current draft (10) of the JSON Web Signature (JWS) [draft-ietf-jose-json-web-signature].

>>> from itsdangerous import JSONWebSignatureSerializer
>>> s = JSONWebSignatureSerializer(secret-key)
>>> s.dumps({x: 42})
eyJhbGciOiJIUzI1NiJ9.eyJ4Ijo0Mn0.ZdTn1YyGz9Yx5B5wNpWRL221G1WpVE5fPCPKNuc6UAo

 

When loading the value back the header will not be returned by default like with the other serializers. However it is possible to also ask for the header by passing return_header=True. Custom header fields can be provided upon serialization:

>>> s.dumps(0, header_fields={‘v‘: 1})
‘eyJhbGciOiJIUzI1NiIsInYiOjF9.MA.wT-RZI9YU06R919VBdAfTLn82_iIQD70J_j-3F4z_aM‘
>>> s.loads(‘eyJhbGciOiJIUzI1NiIsInYiOjF9.MA.wT-RZI9YU06R919VBdAf‘
...         ‘TLn82_iIQD70J_j-3F4z_aM‘, return_header=True)
...
(0, {u‘alg‘: u‘HS256‘, u‘v‘: 1})

“itsdangerous” only provides HMAC SHA derivatives and the none algorithm at the moment and does not support the ECC based ones. The algorithm in the header is checked against the one of the serializer and on a mismatch a BadSignatureexception is raised.

 

七、带时间戳的JSON Web签名

from itsdangerous import TimedJSONWebSignatureSerializer as Serializer 
s = Serializer(secret-key, expires_in=60)
s.dumps({id: user.id}) # user为model中封装过的对象

 

八、盐值

这里的盐值和加密算法里的盐值概念不一样,这里的盐值(salt)可以应用到上面所有情形中,不同的盐值,生成的签名或者序列化的数值不一样

 

>>> s1 = URLSafeSerializer(secret-key, salt=activate-salt)
>>> s1.dumps(42)
NDI.kubVFOOugP5PAIfEqLJbXQbfTxs
>>> s2 = URLSafeSerializer(secret-key, salt=upgrade-salt)
>>> s2.dumps(42)
NDI.7lx-N1P-z2veJ7nT1_2bnTkjGTE
>>> s2.loads(s1.dumps(42))
Traceback (most recent call last):
  ...
itsdangerous.BadSignature: Signature "kubVFOOugP5PAIfEqLJbXQbfTxs" does not match
Only the serializer with the same salt can load the value:

>>> s2.loads(s2.dumps(42))
42

 

refer:

1、https://pythonhosted.org/itsdangerous/

2、http://itsdangerous.readthedocs.io/en/latest/

3、http://cxymrzero.github.io/blog/2015/03/18/flask-token/

python的模块itsdangerous

原文:http://www.cnblogs.com/shengulong/p/7475537.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!