python的模块itsdangerous

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python的模块itsdangerous相关的知识,希望对你有一定的参考价值。

这个模块主要用来签名和序列化

使用场景:

一、给字符串添加签名:

  发送方和接收方拥有相同的密钥--"secret-key",发送方使用密钥对发送内容进行签名,接收方使用相同的密钥对接收到的内容进行验证,看是否是发送方发送的内容

 1 >>> from itsdangerous import Signer
 2 >>> s = Signer(secret-key)
 3 >>> s.sign(my string, ssssssssss,dddddddddddddlsd)
 4 my string, ssssssssss,dddddddddddddlsd.nSXTxgO_UMN4gkLZcFCioa-dZSo
 5 >>>
 6 >>> s.unsign(my string, ssssssssss,dddddddddddddlsd.nSXTxgO_UMN4gkLZcFCioa-dZSo)
 7 my string, ssssssssss,dddddddddddddlsd
 8 >>> s.unsign(my string, ssss.nSXTxgO_UMN4gkLZcFCioa-dZSo)
 9 Traceback (most recent call last):
10   File "<stdin>", line 1, in <module>
11   File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 374, in unsign
12     payload=value)
13 itsdangerous.BadSignature: Signature nSXTxgO_UMN4gkLZcFCioa-dZSo does not match
14 >>> s.unsign(my string, ssssssssss,dddddddddddddlsd.nSXTxgO_UMN4gkLZcFCioa-dZSP)
15 Traceback (most recent call last):
16   File "<stdin>", line 1, in <module>
17   File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 374, in unsign
18     payload=value)
19 itsdangerous.BadSignature: Signature nSXTxgO_UMN4gkLZcFCioa-dZSP does not match
20 >>>

二、带时间戳的签名:

  签名有一定的时效性,发送方发送时,带上时间信息,接收方判断多长时间内是否失效

>>> from itsdangerous import TimestampSigner
>>> s = TimestampSigner(secret-key)
>>> string = s.sign(foo)
>>> s.unsign(string, max_age=5)
foo
>>> s.unsign(string, max_age=5) Traceback (most recent call last): ... itsdangerous.SignatureExpired: Signature age 15 > 5 seconds

三、序列化

>>> from itsdangerous import Serializer
>>> s = Serializer(secret-key)
>>> s.dumps([1, 2, 3, 4])
[1, 2, 3, 4].r7R9RhGgDPvvWl3iNzLuIIfELmo
And it can of course also load:

>>> s.loads([1, 2, 3, 4].r7R9RhGgDPvvWl3iNzLuIIfELmo)
[1, 2, 3, 4]
If you want to have the timestamp attached you can use the TimedSerializer.

四、带时间戳的序列化:

>>> from itsdangerous import TimedSerializer
>>> s=TimedSerializer(secret-key)
>>> s.dumps([1,2,3,4])
[1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc
>>> s.loads([1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc)
[1, 2, 3, 4]
>>> s.loads([1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc,max_age=10)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 643, in loads
    .unsign(s, max_age, return_timestamp=True)
  File "/usr/local/lib/python2.7/site-packages/itsdangerous.py", line 463, in unsign
    date_signed=self.timestamp_to_datetime(timestamp))
itsdangerous.SignatureExpired: Signature age 28 > 10 seconds
>>> s.loads([1, 2, 3, 4].DI7WHQ.yVOjwQWau5mVRGuVkoqa7654VXc,max_age=40)
[1, 2, 3, 4]
>>>

五、URL安全序列化

对于限定字符串的场景,你可以使用URL安全序列化

>>> from itsdangerous import URLSafeSerializer
>>> s = URLSafeSerializer(secret-key)
>>> s.dumps([1, 2, 3, 4])
WzEsMiwzLDRd.wSPHqC0gR7VUqivlSukJ0IeTDgo
>>> s.loads(WzEsMiwzLDRd.wSPHqC0gR7VUqivlSukJ0IeTDgo)
[1, 2, 3, 4]

六、JSON Web签名

JSON Web Signatures

Starting with “itsdangerous” 0.18 JSON Web Signatures are also supported. They generally work very similar to the already existing URL safe serializer but will emit headers according to the current draft (10) of the JSON Web Signature (JWS) [draft-ietf-jose-json-web-signature].

>>> from itsdangerous import JSONWebSignatureSerializer
>>> s = JSONWebSignatureSerializer(secret-key)
>>> s.dumps({x: 42})
eyJhbGciOiJIUzI1NiJ9.eyJ4Ijo0Mn0.ZdTn1YyGz9Yx5B5wNpWRL221G1WpVE5fPCPKNuc6UAo

 

When loading the value back the header will not be returned by default like with the other serializers. However it is possible to also ask for the header by passing return_header=True. Custom header fields can be provided upon serialization:

>>> s.dumps(0, header_fields={‘v‘: 1})
‘eyJhbGciOiJIUzI1NiIsInYiOjF9.MA.wT-RZI9YU06R919VBdAfTLn82_iIQD70J_j-3F4z_aM‘
>>> s.loads(‘eyJhbGciOiJIUzI1NiIsInYiOjF9.MA.wT-RZI9YU06R919VBdAf‘
...         ‘TLn82_iIQD70J_j-3F4z_aM‘, return_header=True)
...
(0, {u‘alg‘: u‘HS256‘, u‘v‘: 1})

“itsdangerous” only provides HMAC SHA derivatives and the none algorithm at the moment and does not support the ECC based ones. The algorithm in the header is checked against the one of the serializer and on a mismatch a BadSignatureexception is raised.

 

七、带时间戳的JSON Web签名

from itsdangerous import TimedJSONWebSignatureSerializer as Serializer 
s = Serializer(secret-key, expires_in=60)
s.dumps({id: user.id}) # user为model中封装过的对象

 

八、盐值

这里的盐值和加密算法里的盐值概念不一样,这里的盐值(salt)可以应用到上面所有情形中,不同的盐值,生成的签名或者序列化的数值不一样

 

>>> s1 = URLSafeSerializer(secret-key, salt=activate-salt)
>>> s1.dumps(42)
NDI.kubVFOOugP5PAIfEqLJbXQbfTxs
>>> s2 = URLSafeSerializer(secret-key, salt=upgrade-salt)
>>> s2.dumps(42)
NDI.7lx-N1P-z2veJ7nT1_2bnTkjGTE
>>> s2.loads(s1.dumps(42))
Traceback (most recent call last):
  ...
itsdangerous.BadSignature: Signature "kubVFOOugP5PAIfEqLJbXQbfTxs" does not match
Only the serializer with the same salt can load the value:

>>> s2.loads(s2.dumps(42))
42

 

refer:

1、https://pythonhosted.org/itsdangerous/

2、http://itsdangerous.readthedocs.io/en/latest/

3、http://cxymrzero.github.io/blog/2015/03/18/flask-token/



以上是关于python的模块itsdangerous的主要内容,如果未能解决你的问题,请参考以下文章

itsdangerous模块

itsdangerous的加密解密原理(易懂版)

08Python itsdangeroussys.argvglob异常处理

常用python日期日志获取内容循环的代码片段

Python - 模块

Python练习册 第 0013 题: 用 Python 写一个爬图片的程序,爬 这个链接里的日本妹子图片 :-),(http://tieba.baidu.com/p/2166231880)(代码片段