pallets
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎.pre-commit-config.yaml
+6-3 b/‎.pre-commit-config.yaml
+6-3
diff --git a/‎.travis.yml
+2 b/‎.travis.yml
+2
diff --git a/‎LICENSE.rst
+1-1 b/‎LICENSE.rst
+1-1
diff --git a/‎setup.cfg
+1-1 b/‎setup.cfg
+1-1
diff --git a/‎src/itsdangerous/_compat.py
+2-2 b/‎src/itsdangerous/_compat.py
+2-2
diff --git a/‎src/itsdangerous/jws.py
+4-4 b/‎src/itsdangerous/jws.py
+4-4
diff --git a/‎tests/__init__.py b/‎tests/__init__.py
diff --git a/‎tests/test_compat.py
+11 b/‎tests/test_compat.py
+11
diff --git a/‎tests/test_encoding.py
+38 b/‎tests/test_encoding.py
+38
@@ -16,3 +16,4 @@ docs/_build/
 .coverage
 .coverage.*
 htmlcov/
+.hypothesis/
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/asottile/reorder_python_imports
-    rev: v1.2.0
+    rev: v1.3.1
     hooks:
       - id: reorder-python-imports
         args: ["--application-directories", "src"]
@@ -9,7 +9,10 @@ repos:
     hooks:
       - id: black
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v1.4.0-1
+    rev: v2.0.0
     hooks:
+      - id: check-byte-order-marker
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
       - id: flake8
-        additional_dependencies: [flake8-bugbear]
+        additional_dependencies: [flake8-bugbear]
@@ -26,6 +26,8 @@ script:
 
 cache:
   - pip
+  directories:
+    - $HOME/.cache/pre-commit
 
 branches:
   only:
 
@@ -44,4 +44,4 @@ The initial implementation of It's Dangerous was inspired by Django's
 signing module.
 
 Copyright © Django Software Foundation and individual contributors.
-All rights reserved.
+All rights reserved.
@@ -33,4 +33,4 @@ ignore = E203, E501, W503
 # up to 88 allowed by bugbear B950
 max-line-length = 80
 # init is used to export public API, ignore import warnings
-exclude = src/itsdangerous/__init__.py
+exclude = src/itsdangerous/__init__.py
@@ -16,7 +16,7 @@
 number_types = (numbers.Real, decimal.Decimal)
 
 
-def constant_time_compare(val1, val2):
+def _constant_time_compare(val1, val2):
     """Return ``True`` if the two strings are equal, ``False``
     otherwise.
 
@@ -43,4 +43,4 @@ def constant_time_compare(val1, val2):
 
 # Starting with 2.7/3.3 the standard library has a c-implementation for
 # constant time string compares.
-constant_time_compare = getattr(hmac, "compare_digest", constant_time_compare)
+constant_time_compare = getattr(hmac, "compare_digest", _constant_time_compare)
@@ -190,13 +190,13 @@ def loads(self, s, salt=None, return_header=False):
         if "exp" not in header:
             raise BadSignature("Missing expiry date", payload=payload)
 
+        int_date_error = BadHeader("Expiry date is not an IntDate", payload=payload)
         try:
             header["exp"] = int(header["exp"])
         except ValueError:
-            raise BadHeader("Expiry date is not valid timestamp", payload=payload)
-
-        if not (isinstance(header["exp"], number_types) and header["exp"] > 0):
-            raise BadSignature("expiry date is not an IntDate", payload=payload)
+            raise int_date_error
+        if header["exp"] < 0:
+            raise int_date_error
 
         if header["exp"] < self.now():
             raise SignatureExpired(
 
@@ -0,0 +1,11 @@
+import pytest
+
+from itsdangerous._compat import _constant_time_compare
+
+
+@pytest.mark.parametrize(
+    ("a", "b", "expect"),
+    ((b"a", b"a", True), (b"a", b"b", False), (b"a", b"aa", False)),
+)
+def test_python_constant_time_compare(a, b, expect):
+    assert _constant_time_compare(a, b) == expect
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+import pytest
+
+from itsdangerous.encoding import base64_decode
+from itsdangerous.encoding import base64_encode
+from itsdangerous.encoding import bytes_to_int
+from itsdangerous.encoding import int_to_bytes
+from itsdangerous.encoding import want_bytes
+from itsdangerous.exc import BadData
+
+
+@pytest.mark.parametrize("value", (u"mañana", b"tomorrow"))
+def test_want_bytes(value):
+    out = want_bytes(value)
+    assert isinstance(out, bytes)
+
+
+@pytest.mark.parametrize("value", (u"無限", b"infinite"))
+def test_base64(value):
+    enc = base64_encode(value)
+    assert isinstance(enc, bytes)
+    dec = base64_decode(enc)
+    assert dec == want_bytes(value)
+
+
+def test_base64_bad():
+    with pytest.raises(BadData):
+        base64_decode("12345")
+
+
+@pytest.mark.parametrize(
+    ("value", "expect"), ((0, b""), (192, b"\xc0"), (18446744073709551615, b"\xff" * 8))
+)
+def test_int_bytes(value, expect):
+    enc = int_to_bytes(value)
+    assert enc == expect
+    dec = bytes_to_int(enc)
+    assert dec == value