from __future__ import absolute_import
"""Secure Authenticator Cookies
Copyright (c) 1999-2002 Ng Pheng Siong. All rights reserved."""
import logging
import re
import time
from M2Crypto import Rand, m2, six, util
from M2Crypto.six.moves.http_cookies import SimpleCookie
from typing import re as type_re, AnyStr, Optional, Union  # noqa
_MIX_FORMAT = 'exp=%f&data=%s&digest='
_MIX_RE = re.compile(r'exp=(\d+\.\d+)&data=(.+)&digest=(\S*)')
log = logging.getLogger(__name__)
[docs]def mix(expiry, data, format=_MIX_FORMAT):
    # type: (float, AnyStr, str) -> AnyStr
    return format % (expiry, data) 
[docs]def unmix(dough, regex=_MIX_RE):
    # type: (AnyStr, type_re) -> object
    mo = regex.match(dough)
    if mo:
        return float(mo.group(1)), mo.group(2)
    else:
        return None 
[docs]def unmix3(dough, regex=_MIX_RE):
    # type: (AnyStr, type_re) -> Optional[tuple[float, AnyStr, AnyStr]]
    mo = regex.match(dough)
    if mo:
        return float(mo.group(1)), mo.group(2), mo.group(3)
    else:
        return None 
_TOKEN = '_M2AUTH_'  # type: str
[docs]class AuthCookieJar(object):
    _keylen = 20  # type: int
    def __init__(self):
        # type: () -> None
        self._key = Rand.rand_bytes(self._keylen)
    def _hmac(self, key, data):
        # type: (bytes, str) -> str
        return util.bin_to_hex(m2.hmac(key, six.ensure_binary(data), m2.sha1()))
[docs]    def makeCookie(self, expiry, data):
        # type: (float, str) -> AuthCookie
        """
        Make a cookie
        :param expiry: expiration time (float in seconds)
        :param data: cookie content
        :return: AuthCookie object
        """
        if not isinstance(expiry, (six.integer_types, float)):
            raise ValueError('Expiration time must be number, not "%s' % expiry)
        dough = mix(expiry, data)
        return AuthCookie(expiry, data, dough, self._hmac(self._key, dough)) 
[docs]    def isGoodCookie(self, cookie):
        # type: (AuthCookie) -> Union[bool, int]
        assert isinstance(cookie, AuthCookie)
        if cookie.isExpired():
            return 0
        c = self.makeCookie(cookie._expiry, cookie._data)
        return (c._expiry == cookie._expiry) \
            
and (c._data == cookie._data) \
            
and (c._mac == cookie._mac) \
            
and (c.output() == cookie.output()) 
[docs]    def isGoodCookieString(self, cookie_str, _debug=False):
        # type: (Union[dict, bytes], bool) -> Union[bool, int]
        c = SimpleCookie()
        c.load(cookie_str)
        if _TOKEN not in c:
            log.debug('_TOKEN not in c (keys = %s)', dir(c))
            return 0
        undough = unmix3(c[_TOKEN].value)
        if undough is None:
            log.debug('undough is None')
            return 0
        exp, data, mac = undough
        c2 = self.makeCookie(exp, data)
        if _debug and (c2._mac == mac):
            log.error('cookie_str = %s', cookie_str)
            log.error('c2.isExpired = %s', c2.isExpired())
            log.error('mac = %s', mac)
            log.error('c2._mac = %s', c2._mac)
            log.error('c2._mac == mac: %s', str(c2._mac == mac))
        return (not c2.isExpired()) and (c2._mac == mac)  
[docs]class AuthCookie(object):
    def __init__(self, expiry, data, dough, mac):
        # type: (float, str, str, str) -> None
        """
        Create new authentication cookie
        :param expiry: expiration time (in seconds)
        :param data: cookie payload (as a string)
        :param dough: expiry & data concatenated to URL compliant
                      string
        :param mac: SHA1-based HMAC of dough and random key
        """
        self._expiry = expiry
        self._data = data
        self._mac = mac
        self._cookie = SimpleCookie()
        self._cookie[_TOKEN] = '%s%s' % (dough, mac)
        self._name = '%s%s' % (dough, mac)  # WebKit only.
[docs]    def expiry(self):
        # type: () -> float
        """Return the cookie's expiry time."""
        return self._expiry 
[docs]    def data(self):
        # type: () -> str
        """Return the data portion of the cookie."""
        return self._data 
[docs]    def mac(self):
        # type: () -> str
        """Return the cookie's MAC."""
        return self._mac 
[docs]    def output(self, header="Set-Cookie:"):
        # type: (Optional[str]) -> str
        """Return the cookie's output in "Set-Cookie" format."""
        return self._cookie.output(header=header) 
[docs]    def value(self):
        # type: () -> str
        """Return the cookie's output minus the "Set-Cookie: " portion.
        """
        return self._cookie[_TOKEN].value 
[docs]    def isExpired(self):
        # type: () -> bool
        """Return 1 if the cookie has expired, 0 otherwise."""
        return isinstance(self._expiry, (float, six.integer_types)) and \
            
(time.time() > self._expiry) 
    # Following two methods are for WebKit only.
    # I may wish to push them to WKAuthCookie, but they are part
    # of the API now. Oh well.
[docs]    def name(self):
        # type: () -> str
        return self._name