12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 |
- """
- """
-
- # Created on 2015.07.16
- #
- # Author: Giovanni Cannata
- #
- # Copyright 2015 - 2018 Giovanni Cannata
- #
- # This file is part of ldap3.
- #
- # ldap3 is free software: you can redistribute it and/or modify
- # it under the terms of the GNU Lesser General Public License as published
- # by the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # ldap3 is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU Lesser General Public License for more details.
- #
- # You should have received a copy of the GNU Lesser General Public License
- # along with ldap3 in the COPYING and COPYING.LESSER files.
- # If not, see <http://www.gnu.org/licenses/>.
-
- from .. import HASHED_NONE, HASHED_MD5, HASHED_SALTED_MD5, HASHED_SALTED_SHA, HASHED_SALTED_SHA256, \
- HASHED_SALTED_SHA384, HASHED_SALTED_SHA512, HASHED_SHA, HASHED_SHA256, HASHED_SHA384, HASHED_SHA512
-
- import hashlib
- from os import urandom
- from base64 import b64encode
-
- from ..core.exceptions import LDAPInvalidHashAlgorithmError
-
- # each tuple: (the string to include between braces in the digest, the name of the algorithm to invoke with the new() function)
-
- algorithms_table = {
- HASHED_MD5: ('md5', 'MD5'),
- HASHED_SHA: ('sha', 'SHA1'),
- HASHED_SHA256: ('sha256', 'SHA256'),
- HASHED_SHA384: ('sha384', 'SHA384'),
- HASHED_SHA512: ('sha512', 'SHA512')
- }
-
-
- salted_table = {
- HASHED_SALTED_MD5: ('smd5', HASHED_MD5),
- HASHED_SALTED_SHA: ('ssha', HASHED_SHA),
- HASHED_SALTED_SHA256: ('ssha256', HASHED_SHA256),
- HASHED_SALTED_SHA384: ('ssha384', HASHED_SHA384),
- HASHED_SALTED_SHA512: ('ssha512', HASHED_SHA512)
- }
-
-
- def hashed(algorithm, value, salt=None, raw=False, encoding='utf-8'):
- if str is not bytes and not isinstance(value, bytes): # Python 3
- value = value.encode(encoding)
-
- if algorithm is None or algorithm == HASHED_NONE:
- return value
-
- # algorithm name can be already coded in the ldap3 constants or can be any value passed in the 'algorithm' parameter
-
- if algorithm in algorithms_table:
- try:
- digest = hashlib.new(algorithms_table[algorithm][1], value).digest()
- except ValueError:
- raise LDAPInvalidHashAlgorithmError('Hash algorithm ' + str(algorithm) + ' not available')
-
- if raw:
- return digest
- return ('{%s}' % algorithms_table[algorithm][0]) + b64encode(digest).decode('ascii')
- elif algorithm in salted_table:
- if not salt:
- salt = urandom(8)
- digest = hashed(salted_table[algorithm][1], value + salt, raw=True) + salt
- if raw:
- return digest
- return ('{%s}' % salted_table[algorithm][0]) + b64encode(digest).decode('ascii')
- else:
- # if an unknown (to the library) algorithm is requested passes the name as the string in braces and as the algorithm name
- # if salt is present uses it to salt the digest
- try:
- if not salt:
- digest = hashlib.new(algorithm, value).digest()
- else:
- digest = hashlib.new(algorithm, value + salt).digest() + salt
- except ValueError:
- raise LDAPInvalidHashAlgorithmError('Hash algorithm ' + str(algorithm) + ' not available')
-
- if raw:
- return digest
- return ('{%s}' % algorithm) + b64encode(digest).decode('ascii')
-
|