
    zCj                     n    d Z ddlZddlZddlZdededefdZdedededefdZdefd	Z	d
ededefdZ
dS )u  
Crypto helpers for the params server.

Uses Python's stdlib hashlib/hmac (SHA-256), which is byte-for-byte
identical to the hand-rolled SHA-256/HMAC implementation in
LicenseValidator.mqh — MQL5 has no built-in crypto library, which is why
that file reimplements SHA-256 from scratch. Server-side, we just use the
real stdlib; no need to reimplement anything, only to match the exact
message construction so both sides compute the same signature.
    Nsecretmessagereturnc                     t          j        |                     d          |                    d          t          j                                                  S )zHex-encoded HMAC-SHA256, matching _LV_HMAC()'s output format
    (lowercase hex, via StringFormat("%02x", ...) per byte in the MQL5
    version).zutf-8)hmacnewencodehashlibsha256	hexdigest)r   r   s     $/wd/td-params-server/crypto_utils.pyhmac_sha256_hexr      sB     8gw 7 7 ikk    candidate_hexc                 L    t          | |          }t          j        ||          S )u   Constant-time comparison — avoid timing side-channels on signature
    checks. Plain == comparison on the request HMAC would be a real
    (if narrow) vulnerability for an endpoint gating paid trading params.)r   r   compare_digest)r   r   r   expecteds       r   verify_hmac_hexr      s&     vw//Hx777r   c                  B    t          t          j                              S N)inttime r   r   current_unix_tsr   "   s    ty{{r   	client_tsskew_secondsc                 F    t          t                      | z
            |k    S r   )absr   )r   r   s     r   timestamp_in_skewr   &   s       9,--==r   )__doc__r
   r   r   strr   boolr   r   r   r   r   r   r   <module>r#      s   	 	   C # #    8C 8# 8c 8d 8 8 8 8    > >C >D > > > > > >r   